pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Submission: On June 30 via api (June 30th 2023, 1:27:28 am UTC) from TR — Scanned from DE

Summary HTTP 452 Redirects Behaviour Indicators

Summary

This website contacted 51 IPs in 4 countries across 55 domains to perform 452 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	2.19.224.115 2.19.224.115	16625 (AKAMAI-AS) (AKAMAI-AS)
12	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
13	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
72	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	18.66.110.17 18.66.110.17	16509 (AMAZON-02) (AMAZON-02)
18	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1	108.138.9.235 108.138.9.235	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
41	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
19 69	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
8 14	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
5 8	185.89.210.20 185.89.210.20	29990 (ASN-APPNEX) (ASN-APPNEX)
6	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 8	2.16.97.41 2.16.97.41	16625 (AKAMAI-AS) (AKAMAI-AS)
42	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
3 6	34.250.56.160 34.250.56.160	() ()
3 3	35.186.193.173 35.186.193.173	() ()
2 2	85.114.159.118 85.114.159.118	() ()
2 2	213.155.156.169 213.155.156.169	() ()
4 4	198.47.127.19 198.47.127.19	() ()
1 1	2600:9000:205... 2600:9000:2057:be00:1b:5138:8a40:93a1	() ()
3 3	54.76.252.247 54.76.252.247	() ()
2	15.197.193.217 15.197.193.217	() ()
3	35.186.253.211 35.186.253.211	() ()
3 3	216.52.2.16 216.52.2.16	() ()
3 3	76.223.111.18 76.223.111.18	() ()
2 3	51.89.9.251 51.89.9.251	() ()
4	2a02:26f0:480... 2a02:26f0:480:9::210:ee04	() ()
3	185.29.134.249 185.29.134.249	() ()
6	2600:9000:223... 2600:9000:223f:9000:8:48e:53c0:93a1	() ()
10	2600:1f18:1ac... 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f	() ()
3 4	185.94.180.125 185.94.180.125	() ()
2	3.75.62.37 3.75.62.37	() ()
1	141.101.90.99 141.101.90.99	() ()
1	144.76.91.199 144.76.91.199	() ()
1	95.101.148.198 95.101.148.198	() ()
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	() ()
2 2	37.157.6.241 37.157.6.241	() ()
2 2	69.173.144.165 69.173.144.165	() ()
2	185.86.139.104 185.86.139.104	() ()
2	138.201.64.38 138.201.64.38	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	() ()
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	() ()
1 1	185.89.210.244 185.89.210.244	() ()
1 1	35.190.0.66 35.190.0.66	() ()
1 1	185.29.132.245 185.29.132.245	() ()
1	145.239.193.130 145.239.193.130	() ()
1	2a0b:4d07:102::1 2a0b:4d07:102::1	() ()
452	51

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.224.115 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-224-115.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

72 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.110.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-110-17.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.9.235 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-9-235.fra56.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

69 142.250.186.66 (United States) 19 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 185.80.39.216 (Canada) 8 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.89.210.20 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.16.97.41 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-97-41.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.250.56.160 (None, ) 3 redirects

ASN- ()

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.193.173 (None, ) 3 redirects

ASN- ()

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.118 (None, ) 2 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.169 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 198.47.127.19 (None, ) 4 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:be00:1b:5138:8a40:93a1 (None, ) 1 redirects

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.76.252.247 (None, ) 3 redirects

ASN- ()

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.253.211 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.52.2.16 (None, ) 3 redirects

ASN- ()

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 76.223.111.18 (None, ) 3 redirects

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.251 (None, ) 2 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:9::210:ee04 (None, )

ASN- ()

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.134.249 (None, )

ASN- ()

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:223f:9000:8:48e:53c0:93a1 (None, )

ASN- ()

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.125 (None, ) 3 redirects

ASN- ()

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (None, )

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.101.90.99 (None, )

ASN- ()

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.91.199 (None, )

ASN- ()

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.148.198 (None, )

ASN- ()

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.241 (None, ) 2 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (None, ) 2 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.104 (None, )

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.201.64.38 (None, )

ASN- ()

hal900011.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (None, )

ASN- ()

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.244 (None, ) 1 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (None, ) 1 redirects

ASN- ()

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.130 (None, )

ASN- ()

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (None, )

ASN- ()

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
123	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	855 KB
100	doubleclick.net 19 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 googleads4.g.doubleclick.net	560 KB
43	ye-mek.net ye-mek.net cdn.ye-mek.net	629 KB
42	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 325	1 MB
22	adsafeprotected.com 3 redirects fw.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	296 KB
14	casalemedia.com 8 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635 ssum-sec.casalemedia.com	10 KB
13	google.com adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	2 KB
12	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com Failed	230 KB
9	openx.net us-u.openx.net — Cisco Umbrella Rank: 496 rtb.openx.net	1 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 257 secure.adnxs.com	10 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	504 KB
8	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1425	1 KB
5	mathtag.com 1 redirects tags.mathtag.com pixel.mathtag.com sync.mathtag.com	4 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com	2 KB
4	doubleverify.com cdn.doubleverify.com tps.doubleverify.com Failed	114 KB
4	pubmatic.com 4 redirects image6.pubmatic.com	2 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	redintelligence.net hal9000.redintelligence.net hal900011.redintelligence.net	5 KB
3	onetag-sys.com 2 redirects onetag-sys.com	824 B
3	3lift.com 3 redirects eb2.3lift.com	1 KB
3	lijit.com 3 redirects ap.lijit.com	2 KB
3	360yield.com 3 redirects match.360yield.com	1 KB
3	ctnsnet.com 3 redirects gcm.ctnsnet.com	2 KB
2	smartadserver.com ssbsync.smartadserver.com	89 B
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	915 B
2	adform.net 2 redirects c1.adform.net	1 KB
2	turn.com 1 redirects ad.turn.com r.turn.com	869 B
2	yahoo.com ups.analytics.yahoo.com	140 B
2	adsrvr.org match.adsrvr.org	529 B
2	de17a.com 2 redirects d5p.de17a.com	645 B
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	131 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com Failed	154 KB
2	cloakan.co www.cloakan.co	1 KB
1	office-partner.de adv.office-partner.de
1	medialead.de pv.medialead.de medialead.de Failed
1	travelaudience.com 1 redirects ads.travelaudience.com	553 B
1	quantserve.com cms.quantserve.com	463 B
1	dotomi.com dclk-match.dotomi.com	104 B
1	o2online.de portal.o2online.de	608 B
1	smaato.net 1 redirects s.ad.smaato.net	440 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	362 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	76 KB
0	blismedia.com Failed tr.blismedia.com Failed
0	webgains.com Failed track.webgains.com Failed
0	futalis.de Failed futalis.de Failed
0	levexis.com Failed pfa.levexis.com Failed
0	demdex.net Failed samsung-germany.demdex.net Failed
0	inmobi.com Failed sync.inmobi.com Failed
0	unrulymedia.com Failed sync.targeting.unrulymedia.com Failed
0	tribalfusion.com Failed a.tribalfusion.com Failed
452	55

	Domain	Requested by
72	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
57	cm.g.doubleclick.net	19 redirects googleads.g.doubleclick.net f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
42	s0.2mdn.net	pcloak.blob.core.windows.net s0.2mdn.net f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
41	tpc.googlesyndication.com	pagead2.googlesyndication.com f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com tpc.googlesyndication.com pcloak.blob.core.windows.net s0.2mdn.net
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com pcloak.blob.core.windows.net
13	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net pcloak.blob.core.windows.net
12	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
10	dt.adsafeprotected.com	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
10	www.google.com	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com tpc.googlesyndication.com
10	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
9	www.googletagservices.com	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
8	sync.teads.tv	1 redirects googleads.g.doubleclick.net f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	static.adsafeprotected.com	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
6	fw.adsafeprotected.com	3 redirects pcloak.blob.core.windows.net
6	us-u.openx.net	googleads.g.doubleclick.net
5	ng.virgul.com	static.virgul.com ye-mek.net
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	cdn.doubleverify.com	s0.2mdn.net pcloak.blob.core.windows.net
4	image6.pubmatic.com	4 redirects
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	tags.mathtag.com	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com tags.mathtag.com
3	onetag-sys.com	2 redirects f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
3	eb2.3lift.com	3 redirects
3	ap.lijit.com	3 redirects
3	ssum-sec.casalemedia.com	3 redirects
3	rtb.openx.net	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
3	match.360yield.com	3 redirects
3	gcm.ctnsnet.com	3 redirects
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	hal900011.redintelligence.net	hal9000.redintelligence.net hal900011.redintelligence.net
2	ssbsync.smartadserver.com	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
2	pixel.rubiconproject.com	2 redirects
2	c1.adform.net	2 redirects
2	ups.analytics.yahoo.com	googleads.g.doubleclick.net f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
2	match.adsrvr.org	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
2	d5p.de17a.com	2 redirects
2	dsp.adfarm1.adition.com	2 redirects
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	adv.office-partner.de	hal900011.redintelligence.net
1	pv.medialead.de	hal900011.redintelligence.net
1	sync.mathtag.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	secure.adnxs.com	1 redirects
1	cms.quantserve.com	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
1	dclk-match.dotomi.com	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
1	r.turn.com	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
1	ad.turn.com	1 redirects
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	pcloak.blob.core.windows.net hal900011.redintelligence.net
1	portal.o2online.de
1	s.ad.smaato.net	1 redirects
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	imasdk.googleapis.com	c1.imgiz.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
0	fonts.googleapis.com Failed	hal900011.redintelligence.net
0	tr.blismedia.com Failed	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
0	medialead.de Failed	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
0	track.webgains.com Failed	pcloak.blob.core.windows.net
0	futalis.de Failed	hal900011.redintelligence.net
0	ng2.virgul.com Failed
0	pfa.levexis.com Failed	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
0	samsung-germany.demdex.net Failed	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
0	sync.inmobi.com Failed	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
0	sync.targeting.unrulymedia.com Failed	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
0	a.tribalfusion.com Failed	f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
0	tps.doubleverify.com Failed	cdn.doubleverify.com
452	79

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-08` - `2023-07-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-30` - `2024-04-29`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
portal.o2online.de E1	`2023-05-25` - `2023-08-23`	3 months	crt.sh
redintelligence.net R3	`2023-06-09` - `2023-09-07`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
pv.medialead.de R3	`2023-06-14` - `2023-09-12`	3 months	crt.sh
adv.office-partner.de R3	`2023-05-01` - `2023-07-30`	3 months	crt.sh

This page contains 58 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Frame ID: BF0907D348529343009EEA82100EFEE5
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: A7B1AF28EDEA086722BA099A8502718F
Requests: 89 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: 40A7C34BAA06D4CC104971787D19B7A2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html
Frame ID: C55019365E165C411A6F52D08A521521
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688088444821&bpp=3&bdt=808&idt=144&shv=r20230627&mjsv=m202306230101&ptt=9&saldr=aa&nras=1&correlator=1561840534599&frm=24&ife=1&pv=2&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C42532279%2C44759927%2C44759842%2C42532277%2C31075664%2C44788442&oid=2&pvsid=1992809445552694&tmod=1235851652&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.g0htxj6el14k&fsb=1&dtd=157
Frame ID: 69222CEA47C33669901178CC8F718DC0
Requests: 1 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: DA269785A23FABB865D47A832616FE26
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: BDC8CA023F7276D6361122E1D5260FD5
Requests: 1 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 26443DD00540DC9F265D83146C44D0B1
Requests: 20 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 7CF9839724F7A9FB97536D9466FDF78D
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjtnrXcATAB&v=APEucNWApwU4eiKCb8YXrSiPxIx68QO04kkbJ8aYM-_Ien8uOV61P0F1ZepRrVumtfojp8zGzusTPvdR088bdRyW1V-KLHCmcmC8qTvzWCVCV0fzAQbm_Q6qkXiGY2lBS_47Wkx7CDJkJrxEbKZpco-YgaoNnVAxOYDYU68A7G0RP9lrX1Bk0Eg
Frame ID: 25C7F6FB14BD974B89CC1206B4E50E23
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW3SVqG_qgwS-AwPEQ6w79qdO9SSZg4KGvNo155gcY_PN6tLih7vezpk340yemrfiIgquBVLJVZ_SXGbO0ycrmwWUX-FSr7IAf6_caEgQSSbwHk84jrf3Kvb25e-huCMRzAXSh5ZoqhoN1X0aNReSxcvKJhM3zKkTRiOsycsDBquUeWAcw
Frame ID: B9D12C8F5C8D7BD5C75C984345120321
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FD0AA175C59AC3A3E03FCC194B0683D0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 12FFC4A473B867CC8A78334B168CEB58
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EEA235A632FB0F68FBF5CD5C21017731
Requests: 9 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 95896951CCC53EC9DCBD64D3881BA1F6
Requests: 27 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 330CCE05CE8022C53C207E9B34B31557
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C5ED9A3D574043911D3F9962427B707A
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVxVpKzKJfUbruxMkDE2JiHDmYDNadyU74NZrDkbnqwK0wCDLOjCmpQCe6r_jt5eyn9-qEZw1rEGz4wI4F9tHuL_Xt6rggBKQJx24gxkpgkJYqt9ZaNc5QejxgnureJtz0oYQvR8qw2ULSPrOyqTI_0PGFsM3MRjlkGSBjJ8wifizlB1eE
Frame ID: BB1A6337C1218A2D9AAA3CFFBE331704
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250
Frame ID: 883D66BD92D9FAC5EB012D41DA456450
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D3FD162E8A262A04CFF58341EC903EAE
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250
Frame ID: 2AE9D242ADADA86D17ECC272C431F631
Requests: 11 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 35ABF99ED44817FB6E6C2F7D06B8C592
Requests: 19 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: DE9C9AFACA55953CA3B1E3EAEF689768
Requests: 17 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 1B29457CCB91C53F37B4B142FFB256DE
Requests: 16 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 302BC63AAB1D04A35A2DCB1A5A744373
Requests: 23 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: CFC34CFBBB7732FADEA308AE3E849E69
Requests: 17 HTTP requests in this frame

Frame: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 8E390555A6D509CD60A57B8B9D681F24
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNyw8QIQm8jZsAIYmrWI7QEwAQ&v=APEucNXNFf1KbqaI5ra2jDmZvb7vTq-GaY9M90m0mP5y0dPMum7N0emJWQUaqFWz18LzhqbhcP2-lgeDzV4IW929lf9zbHHwbPvurBvL9U_k4OTwtn_Qct6k7KwMTWcUh5U9GZIyDu8l1vfBcydkn57jv22utxaV6mYMIj2MNKmdRcmqRO-9giE
Frame ID: 5BC1C294BE94F3D4E8A15EB018511E25
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNVbggKwaTQLHGYcbzwPyxpToMZXdKbvrakZJzZbv8a9VbR9WSyki35snR1r1tuCxMYulSDo2ug_Y6fJh2waoRzgSre-1PKwwAcN-bFu2c_HdzwOwueGHEmspNm9VKPHsmg2wAfhU5Lbzdk2xaBLJ6u_05JO11QhJ2j1LkOcwuwT-5Y7v-I
Frame ID: 6C654F09BCB12ADF9FD18AE6AF3331DB
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNX27Lc4_RarF0SxvLE8pJIbUpumLP94FzcK-4db15aNZ-_R51FdFeZ9DFBQfFcdQVbi1HGUpkqLinkmDixJnk5KDdUJxBi_ks8hVNTn-KvSABqwmQn8fGx3mO3LNV-hTvE8tC4H1gXrouNqWBcMKOtji31Qmc5Vu5fxcRIfl045bRJK-f4
Frame ID: 3617D8F451909134196A0B98F961BC4A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNUOsoQg3uvArW60hbZ1JI9IFQZ-OjhCv92_LLv4T90k9uHaOgClqUPAqlM0NwF9gYwdI9AOoYtFKOJyEbQLB3rYOi72_pqtGi8t4JCzSm57I0fpqz5lor_0q3IvcmpBLX7WWjOoxRncJQb-gPpTdJ-fsia5hZtvoRrF50mkFGaW8WOTPbE
Frame ID: 8CAD47E733C4EFA86A07AB25D0C34A19
Requests: 4 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 779D2EA96428E0768A3399AD81747E97
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D95D33D718B2F6FB08B9FF57A5FE0677
Requests: 9 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements4050.js
Frame ID: BF0743960927A5D4339B29EED02CE22C
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 8D56534269642054D4A426688FC00F7C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7611B150D8BAE1AD05FBA0F7E6410BDE
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=g08B97Pq5C&t=1&renderingType=2&ev=01_250
Frame ID: 54F71DFDD6C9A0886571BA92BBF9FB8F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AD27045A94D487F5A5F27FEFA676E356
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F141844F498E394AF6DD49772F1A4935
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1281888661B50A2EB9F51DD012A7A067
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 71511FFDF92BD917461427A3AE6F03C7
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=1XFLHHulsf&t=1&renderingType=2&ev=01_250
Frame ID: 5FA8302D65DFA2D12D95FFA61B271DE2
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=SaBtOB96NW&t=1&renderingType=2&ev=01_250
Frame ID: 8232B9B34A554458C86F215F22833613
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2599279F19E55E3395D09A6E77C7F3A5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 72A8802F9FC98F9C7DC9836137B863A4
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: E1CA870FD3B2DF27768424CE6A1A3F7F
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8665997961098057607/1685968291221/index.html?e=69&leftOffset=0&topOffset=0&c=JbsmRnnhMj&t=1&renderingType=2&ev=01_250
Frame ID: 61E3B3819F29E71D221ADE148BF9AF66
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js
Frame ID: 8820315803E4DAF6CD25DA5CF42E70E1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 834971EBE109A645D34F2913AE6DFD8D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4CB9FC6856ABA0DA73E3951178F1A99F
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=jTdQRzDdGb&t=1&renderingType=2&ev=01_250
Frame ID: 5E29850E1B93C53CF7502CE20B5005DD
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: EA7A3D5107560D7C6AF73B76E8547BCA
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E72F169FD663524FFB3B41785D79B7C8
Requests: 1 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=44241100007543700951389012371011&t=htlp&gdpr=1&consent=1&gdpr_consent=li
Frame ID: 337ABAA0FEBA39DB4F5B093E19D61E08
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 8A643D91BE5A2AF7EC0A1518867085AA
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2832927057
Frame ID: 2747455C1867EEA7A8B107532A8A8332
Requests: 1 HTTP requests in this frame

Frame: https://hal900011.redintelligence.net/request_content.php?s=44241100007543700951389012371011&a=4a8818e9
Frame ID: 023C6EED70B3E72E01A5E662712BACF2
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: ECFAFE92E746F7E45E449DB5A8615699
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

452
Requests

80 %
HTTPS

35 %
IPv6

55
Domains

79
Subdomains

51
IPs

4
Countries

5244 kB
Transfer

13354 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKOENEDHjQH26ERo2KL_muI&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKOENEDHjQH26ERo2KL_muI&google_cver=1&C=1

Request Chain 111

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ4vfs7-Dx1DDVUtuRPq1AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGRHDlSXpF6TLduZh5GZA2I&google_cver=1

Request Chain 112

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDDwyAPhlpGzbmvIMMfmZKU&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDDwyAPhlpGzbmvIMMfmZKU%26google_cver%3D1

Request Chain 113

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D

Request Chain 117

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMmh4M17G58NxSx7xPIIKfM&google_cver=1

Request Chain 119

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEA5omHAnF_JaE3cwOPVauxw&google_cver=1

Request Chain 147

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEM6avSCpA13YQil22j_DOLY&google_cver=1&google_push=ATf1kGPSj5dHb7SOb450h97uX04bYUm0mbD517ejRJdfaNFLI8tjyn65dcwt9ywlflG3EHYB1FTLz860smhv8YZs2bbzRUJWdlc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPSj5dHb7SOb450h97uX04bYUm0mbD517ejRJdfaNFLI8tjyn65dcwt9ywlflG3EHYB1FTLz860smhv8YZs2bbzRUJWdlc&google_hm=eEdlp9-VRMuD90phgRfRiYM

Request Chain 148

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEE66--JYK3xMcj-xGQeHB8o&google_cver=1&google_push=ATf1kGPSyNy5kcN0b6K_kwqWkugOHcVm7Ao2IhDkeWH7-RErkpEsmZdXp2UqIyrb3W2YqeyYUInWO79AAVi816EAEHZp2Rvmm2Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDI4NDY2ODM0MjEwNjI2NA%3D%3D&google_push=ATf1kGPSyNy5kcN0b6K_kwqWkugOHcVm7Ao2IhDkeWH7-RErkpEsmZdXp2UqIyrb3W2YqeyYUInWO79AAVi816EAEHZp2Rvmm2Y

Request Chain 149

https://d5p.de17a.com/cookies/google?google_gid=CAESEMwtCwQiH7YmnCzOCR8kiDM&google_cver=1&google_push=ATf1kGNlVDJhrieeU1pYapX-P0UrXX4_GpD5wIWV_JTwXYCaZjrzuYaTtb78k8LP_nVakQ8LdSnQZLMeHUTdFptjDq3dkOQj0j8 HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMwtCwQiH7YmnCzOCR8kiDM&google_cver=1&google_push=ATf1kGNlVDJhrieeU1pYapX-P0UrXX4_GpD5wIWV_JTwXYCaZjrzuYaTtb78k8LP_nVakQ8LdSnQZLMeHUTdFptjDq3dkOQj0j8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGNlVDJhrieeU1pYapX-P0UrXX4_GpD5wIWV_JTwXYCaZjrzuYaTtb78k8LP_nVakQ8LdSnQZLMeHUTdFptjDq3dkOQj0j8

Request Chain 150

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELzOXqEpZ1mVaCHwpAYeiwU&google_cver=1&google_push=ATf1kGPI6SiLtzy8YVrMNyqCuCQzvlfxJlASmXF8cX38NsWfT-kgK9F0Rn_ecpwjolJMTgDoofJmiM88igbs8KXVoxw1hk6yYN0 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELzOXqEpZ1mVaCHwpAYeiwU&google_cver=1&google_push=ATf1kGPI6SiLtzy8YVrMNyqCuCQzvlfxJlASmXF8cX38NsWfT-kgK9F0Rn_ecpwjolJMTgDoofJmiM88igbs8KXVoxw1hk6yYN0&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGPI6SiLtzy8YVrMNyqCuCQzvlfxJlASmXF8cX38NsWfT-kgK9F0Rn_ecpwjolJMTgDoofJmiM88igbs8KXVoxw1hk6yYN0

Request Chain 151

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEIU9jGUh9EzIWsXw_uuVQeg&google_cver=1&google_push=ATf1kGP-_U8BUcs7Nv4d0FsH8ZMCMnBzH-p5KKDMn1Xdh9lQAlK7-KV218al_plkwIUq9NMacNdF2912X_8RTd9rFLdTwaE2HTk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGP-_U8BUcs7Nv4d0FsH8ZMCMnBzH-p5KKDMn1Xdh9lQAlK7-KV218al_plkwIUq9NMacNdF2912X_8RTd9rFLdTwaE2HTk

Request Chain 152

https://match.360yield.com/match/ebda?google_gid=CAESEG4b491QdDxlO-puRcCOCgs&google_cver=1&google_push=ATf1kGOXUAu0NUxXmPWh-qeooHhuL0_UwuUsjmPLnsAo9V9iP8CtS2geCmeAlqIHXJQ3142nJRNaksY_OUBjgX-OlocfoPK9VBE HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEG4b491QdDxlO-puRcCOCgs&google_cver=1&google_push=ATf1kGOXUAu0NUxXmPWh-qeooHhuL0_UwuUsjmPLnsAo9V9iP8CtS2geCmeAlqIHXJQ3142nJRNaksY_OUBjgX-OlocfoPK9VBE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=ATf1kGOXUAu0NUxXmPWh-qeooHhuL0_UwuUsjmPLnsAo9V9iP8CtS2geCmeAlqIHXJQ3142nJRNaksY_OUBjgX-OlocfoPK9VBE

Request Chain 153

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJBKseqC6sa16YuUxU99kh8&google_cver=1&google_push=ATf1kGN6QSVNo2nbuxEhaTlEheBcxmlleZdxzT1b9AM2exmgt2xnTi7BuEGQsXM6k5KBxz1wvxZ4LjkRVvZ6XwscbZxrILPHwz3C HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGN6QSVNo2nbuxEhaTlEheBcxmlleZdxzT1b9AM2exmgt2xnTi7BuEGQsXM6k5KBxz1wvxZ4LjkRVvZ6XwscbZxrILPHwz3C HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 166

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECEZUMUqx7UY-u0uqYCSKWw&google_cver=1&google_push=ATf1kGOc41KRY0CFXRDIfCFge09q422sPFEwEFVRNSkhsurConUvodOIH2NYTqtbcsWZKpIRFBbTG4_cYdvRi_bgp5dwi4sYtx-C6w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOc41KRY0CFXRDIfCFge09q422sPFEwEFVRNSkhsurConUvodOIH2NYTqtbcsWZKpIRFBbTG4_cYdvRi_bgp5dwi4sYtx-C6w&google_hm=oCcRmYEGT-iw3uBMQyMuvoM

Request Chain 168

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_cver=1&google_push=ATf1kGPkaL0v0A38EU-fsXDHFu-l544Tk2mkc1_sKGb1bSslyJxfLqFzDbwsKd8PD7-kLioahbq479Bfw5M8h-TlSj1snSq2YgMEzw HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=ATf1kGPkaL0v0A38EU-fsXDHFu-l544Tk2mkc1_sKGb1bSslyJxfLqFzDbwsKd8PD7-kLioahbq479Bfw5M8h-TlSj1snSq2YgMEzw

Request Chain 169

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOsdG3c_UcJpW8TgvC3xU_E&google_cver=1&google_push=ATf1kGP8y5TN_bb4ejaw4u9DcMN3liotBDCwi3u6Wo9niuRlXDvXOiyQzRkDTom8M26BhEJysYmIE85Mq36kzrDe-mZUBvj-XFYr HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOsdG3c_UcJpW8TgvC3xU_E&google_cver=1&google_push=ATf1kGP8y5TN_bb4ejaw4u9DcMN3liotBDCwi3u6Wo9niuRlXDvXOiyQzRkDTom8M26BhEJysYmIE85Mq36kzrDe-mZUBvj-XFYr&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGP8y5TN_bb4ejaw4u9DcMN3liotBDCwi3u6Wo9niuRlXDvXOiyQzRkDTom8M26BhEJysYmIE85Mq36kzrDe-mZUBvj-XFYr&google_hm=G5lXrGZH_7e4ODl9St6gVE8n

Request Chain 170

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED_fH7NGvD5H73ZF-sARbm8&google_cver=1&google_push=ATf1kGNA0iA-QMY1pzKjp8LCWlRowpAs2xCvoV8Z5Ds5gmiDL6dPubU07JxINBa5nyG32CLEe50sx380fawP3_yz4rIDOJYykxCOqQ HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGNA0iA-QMY1pzKjp8LCWlRowpAs2xCvoV8Z5Ds5gmiDL6dPubU07JxINBa5nyG32CLEe50sx380fawP3_yz4rIDOJYykxCOqQ&google_gid=CAESED_fH7NGvD5H73ZF-sARbm8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=ATf1kGNA0iA-QMY1pzKjp8LCWlRowpAs2xCvoV8Z5Ds5gmiDL6dPubU07JxINBa5nyG32CLEe50sx380fawP3_yz4rIDOJYykxCOqQ

Request Chain 171

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJ7YWOs4ZG8BuTe5Pij-oCk&google_cver=1&google_push=ATf1kGPKkKR3AU4TyFW75Mvczb5ybsyCdYoeeDVl9F9tt9WC23Qwd7CvZU67C2TPMiVaIbRRDuWh5Uj5ksQPPfBFcDRvci6Zj0NpWAI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPKkKR3AU4TyFW75Mvczb5ybsyCdYoeeDVl9F9tt9WC23Qwd7CvZU67C2TPMiVaIbRRDuWh5Uj5ksQPPfBFcDRvci6Zj0NpWAI HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGRHDlSXpF6TLduZh5GZA2I&google_cver=1

Request Chain 175

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ4vfs7-Dx1DDVUtuRPq1QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPmkSGs-YwVYzJ2-GDd2imE&google_cver=1

Request Chain 177

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D

Request Chain 245

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/4.js?ias_dspID=64&adContainerId=brand_safety_fi-eZPCjLP-wx_APgZ-usAs&cbFunctionName=goog_wrapCb_fi-eZPCjLP-wx_APgZ-usAs&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:561d10e5-3294-8cc2-4fc0-20c0b8158d58,c:gYQCHq,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-576fbdf94b-qtvf4,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tICH5Gg+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C1163%7C1164%7C117*.1484055-72040524%7C1171%7C1172%7C1173%7C1174%7C118%7C119%7C11a1%7C11b1%7C11c1%7C11d%7C11e1%7C11f1%7C11g,idMap:117*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:37,oid:45d87712-16e5-11ee-bc98-a227104cf84a,v:19.8.422,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 254

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1

Request Chain 255

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ4vfs7-Dx1DDVUtuRPq1QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1

Request Chain 256

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPmkSGs-YwVYzJ2-GDd2imE&google_cver=1

Request Chain 257

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D

Request Chain 280

https://fw.adsafeprotected.com/rfw/st/1484055/72040526/4.js?ias_dspID=64&adContainerId=brand_safety_fy-eZOrJBM2Y-gaf5ZrACA&cbFunctionName=goog_wrapCb_fy-eZOrJBM2Y-gaf5ZrACA&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:927525e0-5f81-ea97-6ed8-778f6354609d,c:gYQCKD,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-576fbdf94b-j4rmz,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tICH5JL+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C11631%7C1164%7C1171%7C1172%7C11731%7C1174%7C1175%7C1176%7C118%7C119%7C11a*.1484055-72040526%7C11a1%7C11a2%7C11b1%7C11c1%7C11d%7C11e1%7C11f1%7C11g,idMap:11a*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:18,oid:45fb68da-16e5-11ee-a465-a6889d8337f0,v:19.8.422,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 283

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH0ew-yEm0f8y8tU9jqOMSA&google_cver=1

Request Chain 285

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEGkX5dM2JRN9k3GpBFHY7Rw&google_cver=1

Request Chain 287

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH0ew-yEm0f8y8tU9jqOMSA&google_cver=1

Request Chain 289

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEGkX5dM2JRN9k3GpBFHY7Rw&google_cver=1

Request Chain 291

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEMGVVF2IPw9eEfeFJE8vzCQ&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEMGVVF2IPw9eEfeFJE8vzCQ&google_cver=1&__user_check__=1&sync_id=464afcd7-16e5-11ee-8be1-192cb16e0406

Request Chain 292

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=46477be2-16e5-11ee-bad6-1348667f0106 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDY0YWZjOTQtMTZlNS0xMWVlLThiZTEtMTkyY2IxNmUwNDA2

Request Chain 337

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEF0tLMhWt5lqL9QfLSljn5I&google_cver=1&google_push=ATf1kGMFH7-fsuDzSRGpyeJ8FMyA1nKSi8iLi72km0unqUfSasBr4x7WJ7If29p0Hmil-E5lcgGEdr1JJa-aBNLdsJja77BQkHPU_w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzEyMzIzNzE0MzczOTg0MjY2Ng==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKpEHKAqhBtaHcJrMvt4Kbk&google_cver=1

Request Chain 338

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFJ4kuWboT2tvSEcLvLKWQw&google_cver=1&google_push=ATf1kGNACq5ax7dzHytATZFuZiBMasZFeGawDYjAaUyRRQD9PhvAK_BVIzdy6pivNcOnuWkwiHZspYzTBGVVjxCMK2XP1N9sq0-HRA HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFJ4kuWboT2tvSEcLvLKWQw&google_cver=1&google_push=ATf1kGNACq5ax7dzHytATZFuZiBMasZFeGawDYjAaUyRRQD9PhvAK_BVIzdy6pivNcOnuWkwiHZspYzTBGVVjxCMK2XP1N9sq0-HRA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzOTU3MjQwNTI5NTI4NDY4Nw&google_push=ATf1kGNACq5ax7dzHytATZFuZiBMasZFeGawDYjAaUyRRQD9PhvAK_BVIzdy6pivNcOnuWkwiHZspYzTBGVVjxCMK2XP1N9sq0-HRA

Request Chain 340

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF8Wa52p1erYkmSjZJsphsA&google_cver=1&google_push=ATf1kGNPn-IampZY2pHIRFfMtbHiWpIRkZjRwe1sNfMTWx7bsM8laNgs-2wXbQTe-FC8bbiDbliY1aMQKBA7PRzZ875iJrBgNZvoOA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpIVzlZS1UtNS0yUjI0&google_push=ATf1kGNPn-IampZY2pHIRFfMtbHiWpIRkZjRwe1sNfMTWx7bsM8laNgs-2wXbQTe-FC8bbiDbliY1aMQKBA7PRzZ875iJrBgNZvoOA

Request Chain 341

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELoD1nWQ1MOIi_BwUMSk52I&google_cver=1&google_push=ATf1kGOLt3CFEUQIUlPmDOy2QWXeu9o1-_urhTFTQ2HQBKuQXvsD4ef8xOX3lz3Nky_Dfd0fUgDFu_QBUbnPmLcfTsJdgIf4kTMk HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELoD1nWQ1MOIi_BwUMSk52I&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=ATf1kGOLt3CFEUQIUlPmDOy2QWXeu9o1-_urhTFTQ2HQBKuQXvsD4ef8xOX3lz3Nky_Dfd0fUgDFu_QBUbnPmLcfTsJdgIf4kTMk

Request Chain 369

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/4.js?ias_dspID=64&adContainerId=brand_safety_fy-eZOOgG6e7x_AP5cOPqAU&cbFunctionName=goog_wrapCb_fy-eZOOgG6e7x_AP5cOPqAU&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:43f9eb36-421a-70e5-7900-11b45dbb91a2,c:gYQCVO,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-576fbdf94b-t82sr,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tICH5UK+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C11631%7C1164%7C1171%7C1172%7C11731%7C1174%7C1175%7C1176%7C1177%7C1178%7C1179%7C117a%7C117b%7C117c%7C117d%7C117e%7C117f%7C117g%7C117h%7C117i%7C118%7C119%7C11a1%7C11a2%7C11a3%7C11a4%7C11b1%7C11b2%7C11c1%7C11c2%7C11c3%7C11d%7C11e*.1484055-72040524%7C11e1%7C11e2%7C11f1%7C11f2%7C11f3%7C11g1%7C11g2,idMap:11e*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:31,oid:463738a3-16e5-11ee-be94-527618901cf1,v:19.8.422,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 374

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEH1vPb_r8HR1BjW3gXQ5CRQ&google_cver=1&google_push=AaAOQGHTDruMNoL0azSL4zLlbb4zSnOnUt9GQfOZzPYtTRT3a-1hOnDJJF11xOYa9uGleCrv1xLNvQybsJqnScYbbK1ShwBTjX4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpIVzlZVlYtMy0yTkRQ&google_push=AaAOQGHTDruMNoL0azSL4zLlbb4zSnOnUt9GQfOZzPYtTRT3a-1hOnDJJF11xOYa9uGleCrv1xLNvQybsJqnScYbbK1ShwBTjX4

Request Chain 375

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOsdG3c_UcJpW8TgvC3xU_E&google_cver=1&google_push=AaAOQGG0oM3g2J39rtCl7l6dmHLaIZ8mKhFrEzfCsDLXYE7H-1K2VnQWaBW7AjzOcAdEEzCjgmmmjRgRWQpYOgCzV-0F-Vc-hRs HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGG0oM3g2J39rtCl7l6dmHLaIZ8mKhFrEzfCsDLXYE7H-1K2VnQWaBW7AjzOcAdEEzCjgmmmjRgRWQpYOgCzV-0F-Vc-hRs&google_hm=G5lXrGZH_7e4ODl9St6gVE8n

Request Chain 376

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJ7YWOs4ZG8BuTe5Pij-oCk&google_cver=1&google_push=AaAOQGHg8-xwUCeSQKFyWgSFpldTkxDyxC6ZqtZwWfJnAw1IMVRV1eCpoK-qh6hoiW4KRwyXkw7OCeLsQXsyBnaQfjngHRxrRlA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGHg8-xwUCeSQKFyWgSFpldTkxDyxC6ZqtZwWfJnAw1IMVRV1eCpoK-qh6hoiW4KRwyXkw7OCeLsQXsyBnaQfjngHRxrRlA

Request Chain 377

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEC6mMx_MDJi3WcTWif0zKRA&google_cver=1&google_push=AaAOQGHjCUkemd9sMcgJVup0JnnC5uLDJ2Y2cfDYGjybo69ZcAWHz_Qgpwk2MyaUBTaWk5kkV4k8cevoq-8bHCAMFWFPdsukBFg HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGHjCUkemd9sMcgJVup0JnnC5uLDJ2Y2cfDYGjybo69ZcAWHz_Qgpwk2MyaUBTaWk5kkV4k8cevoq-8bHCAMFWFPdsukBFg&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1688088448407 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-fe70c67b-cc49-4510-b52b-8ba5f8343fe4-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHjCUkemd9sMcgJVup0JnnC5uLDJ2Y2cfDYGjybo69ZcAWHz_Qgpwk2MyaUBTaWk5kkV4k8cevoq-8bHCAMFWFPdsukBFg%26google_hm%3DA_5wxnvMSUUQtSuLpfg0P-Q

Request Chain 386

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENcCSHhNzlWUKJhMWz4bEUQ&google_cver=1&google_push=AaAOQGF1Y6VXvtSX4G8LHagjgzzUMtqL2829GabCYEp6JE1Kq8kS6UKGnCD7-lbIlDA20hfFJW3Wa2DfjUq5thzk1qK6lTqsgtU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzEyMzIzNzE0MzczOTg0MjY2Ng==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKpEHKAqhBtaHcJrMvt4Kbk&google_cver=1

Request Chain 388

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECysHqRUoo5ZyCuR7sPMQNo&google_cver=1&google_push=AaAOQGHMv2hUjCQJTqOVl1Bu5nubuTDgRJ68aJZKZfZjEV8c8zqTNGcAVo2j__rJ7LwZ06Gi5HNl_HuvKL7OvOD_K3TtgE4Zr6E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHMv2hUjCQJTqOVl1Bu5nubuTDgRJ68aJZKZfZjEV8c8zqTNGcAVo2j__rJ7LwZ06Gi5HNl_HuvKL7OvOD_K3TtgE4Zr6E

Request Chain 389

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_cver=1&google_push=AaAOQGH3LvoMScyGC9f76TEdMxmYu8x6yD5NLtNVWVCNVIH9aUcFrqcQ6LewwBC8SZ9FxJb2257CG91ejxHfIiMP20DfHbv7wNg HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=AaAOQGH3LvoMScyGC9f76TEdMxmYu8x6yD5NLtNVWVCNVIH9aUcFrqcQ6LewwBC8SZ9FxJb2257CG91ejxHfIiMP20DfHbv7wNg

Request Chain 390

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED_fH7NGvD5H73ZF-sARbm8&google_cver=1&google_push=AaAOQGEiOa0hMUVh7vLWvJZvRQ-seQADTnqdiRJDlyGJ_GaEGa3EDCndx9FnXom0jwyiX5YYIw_5NhKdif5HIp_KF-Ejgd_o9A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=AaAOQGEiOa0hMUVh7vLWvJZvRQ-seQADTnqdiRJDlyGJ_GaEGa3EDCndx9FnXom0jwyiX5YYIw_5NhKdif5HIp_KF-Ejgd_o9A

Request Chain 391

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEDbQpFM5uSfJXOjrqYyX0PI&google_cver=1&google_push=AaAOQGEeMrNoRZmvgwrr-GVidQ7ByTT1OChs5h-455UQxbn-iWqHDUoVDM_COIMI-4E1_0NOEgPgoajBKAY8n-yik4ftoGTkLPLy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D&google_gid=CAESEDbQpFM5uSfJXOjrqYyX0PI&google_cver=1&google_push=AaAOQGEeMrNoRZmvgwrr-GVidQ7ByTT1OChs5h-455UQxbn-iWqHDUoVDM_COIMI-4E1_0NOEgPgoajBKAY8n-yik4ftoGTkLPLy

Request Chain 392

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEJ_YNTLbrJfCbvvt0K2E-fA&google_cver=1&google_push=AaAOQGGdr6pY5YMcgazP9CM_ggYpMWXA1metQTx1_7MPSMPvS4kY6v8RqURDkrNjCEqHkv_7_2asC7j2LBkBc654-GLLa20AWYo HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEJ_YNTLbrJfCbvvt0K2E-fA&google_cver=1&google_push=AaAOQGGdr6pY5YMcgazP9CM_ggYpMWXA1metQTx1_7MPSMPvS4kY6v8RqURDkrNjCEqHkv_7_2asC7j2LBkBc654-GLLa20AWYo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=0d4bd23a-4883-46f1-906b-67c8ec2a4ffe&%%GOOGLE_PUSH_PAIR%%

Request Chain 396

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEKz8_-yMRrvWQX2XWDjhRTE&google_cver=1&google_push=AaAOQGEaHclfVvgQN24D_nRM-4O0VxKKmxtkjTGP2YPTzSCmXoI1dgBCZJglVebl_Pt9mzc_3qK5kz6L137Gwf6ia_BpZSPKc8v7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEKz8_-yMRrvWQX2XWDjhRTE&google_push=AaAOQGEaHclfVvgQN24D_nRM-4O0VxKKmxtkjTGP2YPTzSCmXoI1dgBCZJglVebl_Pt9mzc_3qK5kz6L137Gwf6ia_BpZSPKc8v7

Request Chain 397

https://ads.travelaudience.com/google_pixel?google_gid=CAESENS4bvpiPjcVhXR_nq-ieQ0&google_cver=1&google_push=AaAOQGEYiZXdCfQwGpL3eG8DI4jnuSjEu0q3Iv488V8r_Bx4Gjg5DeLV9GwJvphP9pILgKOtBwYtXV8s62Mwdy4kfEEjCybg9hS5 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=MxolpnslRNOgpcyTMzBxrg2&google_push=AaAOQGEYiZXdCfQwGpL3eG8DI4jnuSjEu0q3Iv488V8r_Bx4Gjg5DeLV9GwJvphP9pILgKOtBwYtXV8s62Mwdy4kfEEjCybg9hS5

Request Chain 398

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESENWtTNNmy9KB5FcLLAJ7R_I&google_cver=1&google_push=AaAOQGHylWy9H_0XW5xYNdiNiye_uJQV6fyXYLEaXxpB7kgzwXfWwDVWBDCT3nJDL47NvZhkTf5bUEtTMQhnKZUJjR9YyYsaBaU HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESENWtTNNmy9KB5FcLLAJ7R_I&google_cver=1&google_push=AaAOQGHylWy9H_0XW5xYNdiNiye_uJQV6fyXYLEaXxpB7kgzwXfWwDVWBDCT3nJDL47NvZhkTf5bUEtTMQhnKZUJjR9YyYsaBaU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHylWy9H_0XW5xYNdiNiye_uJQV6fyXYLEaXxpB7kgzwXfWwDVWBDCT3nJDL47NvZhkTf5bUEtTMQhnKZUJjR9YyYsaBaU&google_hm=DUvSOkiDRvGQa2fI7CpP_g==

Request Chain 400

https://match.360yield.com/match/ebda?google_gid=CAESEEwryK86CySvt-Zaefj7iE0&google_cver=1&google_push=AaAOQGGWEq8BGPhau7mARtxaFgE9wxLiQ9m1bFuEumwRmeNS4k0JnX0Ds-ZCsuHbR7tVy7Ys8vLvrmOExiTE0n48u8RhcKfbluD_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=AaAOQGGWEq8BGPhau7mARtxaFgE9wxLiQ9m1bFuEumwRmeNS4k0JnX0Ds-ZCsuHbR7tVy7Ys8vLvrmOExiTE0n48u8RhcKfbluD_

Request Chain 402

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJ7YWOs4ZG8BuTe5Pij-oCk&google_cver=1&google_push=AaAOQGEaYWkvri--beDe3D_ft-mpvz--9ifwQDYmmCXf1XV_c0FrPUx91c53n4T1PKazzT2DPYgOvHw9dMiAUGRjhOhtvM9tTUQljg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEaYWkvri--beDe3D_ft-mpvz--9ifwQDYmmCXf1XV_c0FrPUx91c53n4T1PKazzT2DPYgOvHw9dMiAUGRjhOhtvM9tTUQljg HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 406

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECXwmY5AslvAyEHTwq41ndI&google_cver=1&google_push=AaAOQGEgT8KXGcw21zgg5WSX0jMSa1cIGwt_Rhb4izoL78s0IRCoOT6v5SRVdRbULOh1r7jJ7JTe2yBpeNewLExwoqnY8gwDgQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=3S5kni9_QQGpByMmBBY_bA&google_push=AaAOQGEgT8KXGcw21zgg5WSX0jMSa1cIGwt_Rhb4izoL78s0IRCoOT6v5SRVdRbULOh1r7jJ7JTe2yBpeNewLExwoqnY8gwDgQ

Request Chain 407

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEPp5S_kt0g7QZskbqbZ3WCw&google_cver=1&google_push=AaAOQGGeGMkaaZUVl99hUKO95ATNi7D7UOmJslgzMQ-iQ6uHug-ukeWZu2LI_G0TbJ_B88iQyBj13lg_32JAZQc2lK_2i3SWmwA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEPp5S_kt0g7QZskbqbZ3WCw&google_push=AaAOQGGeGMkaaZUVl99hUKO95ATNi7D7UOmJslgzMQ-iQ6uHug-ukeWZu2LI_G0TbJ_B88iQyBj13lg_32JAZQc2lK_2i3SWmwA

Request Chain 409

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEB_0z0AWVIE3chlzAKPdfcU&google_cver=1&google_push=AaAOQGHyjOgXoPNrReQFDbCueelPuINq92y8vj4ocwGsVNVeSG0Lp1e_59KLZpg9DFXb9Fsy5q7fahmAWxrd1ziX-8hzb5oLwnQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHyjOgXoPNrReQFDbCueelPuINq92y8vj4ocwGsVNVeSG0Lp1e_59KLZpg9DFXb9Fsy5q7fahmAWxrd1ziX-8hzb5oLwnQ&google_hm=eEdlp9-VRMuD90phgRfRiYM

Request Chain 410

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEOwfU3jwdp3G8FpNz1O8Op0&google_cver=1&google_push=AaAOQGGGzY9TBjIGM7upZwHYXwlpm5s3s_Gn36BBYQyVhKzjLEPTE38r5NXZQAnIT5_f_QSUfvjYpz9wNwHH09shL-t3l8Kg4gk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDI4NDY2ODM0MjEwNjI2NA%3D%3D&google_push=AaAOQGGGzY9TBjIGM7upZwHYXwlpm5s3s_Gn36BBYQyVhKzjLEPTE38r5NXZQAnIT5_f_QSUfvjYpz9wNwHH09shL-t3l8Kg4gk

Request Chain 411

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMShtB1xp26BFS3AcHjJaPk&google_cver=1&google_push=AaAOQGGIcTOFsRzOjNcancDuM6cQIZ73b6AiM0E9aQDBlSeWI2fw1j3oA-Rn8mX-NSMQDFQeUl4yQAhXFii7aLSgheAmvS1hB-M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGIcTOFsRzOjNcancDuM6cQIZ73b6AiM0E9aQDBlSeWI2fw1j3oA-Rn8mX-NSMQDFQeUl4yQAhXFii7aLSgheAmvS1hB-M

Request Chain 433

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=44241100007543700951389012371011&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2832927057

Request Chain 438

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESENWtTNNmy9KB5FcLLAJ7R_I&google_cver=1&google_push=AaAOQGEjEEh1PrGkQy-wcQ7vfO3uOaTV4-C_SlgTygVNG4x3Pang5Zcqkl_tOjQu0oX1z57aBy3uNo4eeWgVnjN6unqrwUTcepw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEjEEh1PrGkQy-wcQ7vfO3uOaTV4-C_SlgTygVNG4x3Pang5Zcqkl_tOjQu0oX1z57aBy3uNo4eeWgVnjN6unqrwUTcepw&google_hm=DUvSOkiDRvGQa2fI7CpP_g==

Request Chain 439

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJwjz6RCHJlPfuZnrTcQ4Wo&google_cver=1&google_push=AaAOQGGhVd52GPD7wi1gL_2TarJW_vM-0FkHvf2quX_6SVZ1K-Xw5YrqXtJQCTCoCyKehX-ZdIiiX5JcCg1YrlZdFbWJMrNuRKM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzOTU3MjQwNTI5NTI4NDY4Nw&google_push=AaAOQGGhVd52GPD7wi1gL_2TarJW_vM-0FkHvf2quX_6SVZ1K-Xw5YrqXtJQCTCoCyKehX-ZdIiiX5JcCg1YrlZdFbWJMrNuRKM

Request Chain 440

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECysHqRUoo5ZyCuR7sPMQNo&google_cver=1&google_push=AaAOQGHZmhboq8ehPX04x7TLP6JUZdh4TyDHGkpFuGUDOFWcLN2QiFmvIldbx2-1408qdHlg-WhSj-rOinam5QNpEwk83lfTCDy- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHZmhboq8ehPX04x7TLP6JUZdh4TyDHGkpFuGUDOFWcLN2QiFmvIldbx2-1408qdHlg-WhSj-rOinam5QNpEwk83lfTCDy-

Request Chain 441

https://match.360yield.com/match/ebda?google_gid=CAESEEwryK86CySvt-Zaefj7iE0&google_cver=1&google_push=AaAOQGGfTDobYYCiQfaixB9MzrUIMg2VzUKBbSUZ2dY3KIJoHqCN156JNORENAX5k99gj5hXHoqE3Ld-n3ntyaHqtYLw2TsesqwK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=AaAOQGGfTDobYYCiQfaixB9MzrUIMg2VzUKBbSUZ2dY3KIJoHqCN156JNORENAX5k99gj5hXHoqE3Ld-n3ntyaHqtYLw2TsesqwK

Request Chain 442

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED_fH7NGvD5H73ZF-sARbm8&google_cver=1&google_push=AaAOQGFBmFV3U1rffXKb0XbtaoK_fQeF7bywPZ6fel4pcN44EOPl_6gxYfWNinqudtVy6XHSbprNexUTaZbRPJmRmOjFr3xW5vCE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=AaAOQGFBmFV3U1rffXKb0XbtaoK_fQeF7bywPZ6fel4pcN44EOPl_6gxYfWNinqudtVy6XHSbprNexUTaZbRPJmRmOjFr3xW5vCE

Request Chain 455

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

452 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x69807j0b5.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 489ms
115ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1318
Content-MD5: +Dz/d7Mp2GQfilgWrAkqiw==
Content-Type: text/html
Date: Fri, 30 Jun 2023 01:27:22 GMT
ETag: 0x8DB5ED0599CC10C
Last-Modified: Sat, 27 May 2023 16:35:15 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 84d84730-c01e-006c-3bf2-aaa99a000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 109ms
109ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: 84d847b1-c01e-006c-31f2-aaa99a000000
Date: Fri, 30 Jun 2023 01:27:22 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 327ms
108ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 30 Jun 2023 01:27:22 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 84d8487d-c01e-006c-73f2-aaa99a000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 218ms
108ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 30 Jun 2023 01:27:22 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 84d8481c-c01e-006c-18f2-aaa99a000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 402ms
218ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x69807j0b5
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:23 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 440ms
299ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:23 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame A7B1 77 KB
77 KB 244ms
67ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 502f09b7adc6f1ff2c01cba95a7a9384a1ae0a5ae7fa370e858fd25bd8678ea5

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79086
content-type: text/html; charset=utf-8
date: Fri, 30 Jun 2023 01:27:23 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame A7B1 90 KB
33 KB 75ms
24ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 116460
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 17:06:24 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame A7B1 10 KB
2 KB 112ms
112ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: gzip
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2352

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame A7B1 40 KB
12 KB 223ms
34ms Stylesheet
text/css 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 6279002
x-accel-date: 1681809442
x-77-nzt: AZySIYgMxM3/Ws9fAA
x-accel-expires: @1713345442
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6477a7490c
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame A7B1 211 KB
76 KB 90ms
37ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6B70JBQEWN

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

592d455c34eb7f4d5e8c96676b8113fa85b64dc95c6b326fdaa8e77cbaa1de22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77574
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 30 Jun 2023 01:27:24 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame A7B1 23 KB
23 KB 59ms
59ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 30 Jun 2023 01:27:24 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Fri, 28 Jun 2024 21:32:10 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame A7B1 542 B
895 B 29ms
29ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6279054
x-accel-date: 1681809390
content-length: 542
x-77-nzt: AZySIYi1KkT/js9fAA
x-accel-expires: @1713345390
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64843e640e
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame A7B1 2 KB
2 KB 33ms
27ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6279002
x-accel-date: 1681809442
content-length: 1651
x-77-nzt: AZySIYiogbX/Ws9fAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6415a7ec0e
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soguk-kahve-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame A7B1 10 KB
10 KB 40ms
33ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/soguk-kahve-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 66f57830eba3793b6d407a90dc0636b5e5e028f466bec6045ebc0813acaf7afa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 14137
x-accel-date: 1688074307
content-length: 9818
x-77-nzt: AZySIYjLB1f/OTcAAA
x-accel-expires: @1719610307
last-modified: Thu, 29 Jun 2023 21:14:19 GMT
server: CDN77-Turbo
etag: "649df42b-265a"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64b1b5f20e
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mangal-icin-et-marinesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame A7B1 14 KB
15 KB 51ms
44ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/mangal-icin-et-marinesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6501e50ffffdc89ec56c93111f32c70f697610d4af971fb38ae964b5824c7eb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 97489
x-accel-date: 1687990955
content-length: 14815
x-77-nzt: AZySIYigTdT/0XwBAA
x-accel-expires: @1719526955
last-modified: Wed, 28 Jun 2023 22:12:14 GMT
server: CDN77-Turbo
etag: "649cb03e-39df"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64ed32fc0e
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame A7B1 15 KB
16 KB 64ms
58ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 185870
x-accel-date: 1687902574
content-length: 15738
x-77-nzt: AZySIYgbeab/DtYCAA
x-accel-expires: @1719438574
last-modified: Tue, 27 Jun 2023 21:35:10 GMT
server: CDN77-Turbo
etag: "649b560e-3d7a"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6494c8020f
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame A7B1 13 KB
14 KB 77ms
70ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 273823
x-accel-date: 1687814621
content-length: 13665
x-77-nzt: AZySIYiXDbr/ny0EAA
x-accel-expires: @1719350621
last-modified: Mon, 26 Jun 2023 15:19:38 GMT
server: CDN77-Turbo
etag: "6499ac8a-3561"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e646a20090f
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame A7B1 15 KB
16 KB 78ms
72ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 2432888
x-accel-date: 1685655556
content-length: 15552
x-77-nzt: AZySIYj6hWD/eB8lAA
x-accel-expires: @1717191556
last-modified: Thu, 01 Jun 2023 21:24:53 GMT
server: CDN77-Turbo
etag: "64790ca5-3cc0"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6467ed0e0f
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hunkar-begendi-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/03/ Frame A7B1 12 KB
13 KB 79ms
72ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/03/hunkar-begendi-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ca52a0eec13c48696bf05cbe5e76a0b67c73967c1f8825cfe4b733e24a775580

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278644
x-accel-date: 1681809800
content-length: 12532
x-77-nzt: AZySIYhsNg7/9M1fAA
x-accel-expires: @1713345800
last-modified: Wed, 01 May 2019 23:32:05 GMT
server: CDN77-Turbo
etag: "5cca2c75-30f4"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e647fed160f
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 macar-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame A7B1 14 KB
15 KB 79ms
72ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/macar-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 68bbcab002cfe978fe70454b240f442046de6170bdef247b98f4819f1e7f2417

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278858
x-accel-date: 1681809586
content-length: 14810
x-77-nzt: AZySIYgdUDv/ys5fAA
x-accel-expires: @1713345586
last-modified: Fri, 24 Apr 2020 23:44:43 GMT
server: CDN77-Turbo
etag: "5ea379eb-39da"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64181b1e0f
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame A7B1 16 KB
16 KB 79ms
73ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278266
x-accel-date: 1681810178
content-length: 16490
x-77-nzt: AZySIYi2Udz/esxfAA
x-accel-expires: @1713346178
last-modified: Thu, 29 Apr 2021 23:52:25 GMT
server: CDN77-Turbo
etag: "608b46b9-406a"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6401e11910
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 toyga-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/03/ Frame A7B1 13 KB
13 KB 79ms
73ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/03/toyga-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 147c0a445950fa29f9fc3784910f112bdc6dc232412915e1162da9e7ea36ad51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278916
x-accel-date: 1681809528
content-length: 13360
x-77-nzt: AZySIYjABC3/BM9fAA
x-accel-expires: @1713345528
last-modified: Wed, 01 May 2019 23:45:46 GMT
server: CDN77-Turbo
etag: "5cca2faa-3430"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e647ed62610
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 samsira-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/10/ Frame A7B1 13 KB
13 KB 79ms
73ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/10/samsira-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8206b7cb4977df1646b35835886cc5ad752365263197f15f0581d41c3751aa0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6272525
x-accel-date: 1681815919
content-length: 13330
x-77-nzt: AZySIYg0XV3/DbZfAA
x-accel-expires: @1713351919
last-modified: Mon, 28 Oct 2019 22:24:00 GMT
server: CDN77-Turbo
etag: "5db76a80-3412"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64e02c2f10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karmaca-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame A7B1 15 KB
16 KB 88ms
82ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/karmaca-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278524
x-accel-date: 1681809920
content-length: 15740
x-77-nzt: AZySIYjXj6L/fM1fAA
x-accel-expires: @1713345920
last-modified: Mon, 15 Nov 2021 22:38:31 GMT
server: CDN77-Turbo
etag: "6192e167-3d7c"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64ed603a10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cerkez-pilavi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame A7B1 16 KB
16 KB 88ms
82ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/cerkez-pilavi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6279020
x-accel-date: 1681809424
content-length: 16373
x-77-nzt: AZySIYjOQpL/bM9fAA
x-accel-expires: @1713345424
last-modified: Tue, 11 Apr 2023 16:32:39 GMT
server: CDN77-Turbo
etag: "64358ba7-3ff5"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64e87c4310
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-orman-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/05/ Frame A7B1 12 KB
12 KB 88ms
83ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/05/firinda-orman-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5544013c9c882cd032a4ed06f6f8338f6fce934e82311a1267f59b5e717c4c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6276594
x-accel-date: 1681811850
content-length: 12058
x-77-nzt: AZySIYhqlVT/8sVfAA
x-accel-expires: @1713347850
last-modified: Wed, 01 May 2019 23:34:49 GMT
server: CDN77-Turbo
etag: "5cca2d19-2f1a"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6443444810
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 isvec-koftesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame A7B1 12 KB
12 KB 88ms
83ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/isvec-koftesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 64af7a328ead4e6e3e77587ae81c88a4156eea6f476df565496f8f46d89d255f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278433
x-accel-date: 1681810011
content-length: 12325
x-77-nzt: AZySIYgpDiH/Ic1fAA
x-accel-expires: @1713346011
last-modified: Fri, 09 Oct 2020 23:18:38 GMT
server: CDN77-Turbo
etag: "5f80efce-3025"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6417005110
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sultan-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/08/ Frame A7B1 13 KB
14 KB 89ms
83ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/08/sultan-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278690
x-accel-date: 1681809754
content-length: 13608
x-77-nzt: AZySIYgwHLj/Is5fAA
x-accel-expires: @1713345754
last-modified: Wed, 01 May 2019 22:27:29 GMT
server: CDN77-Turbo
etag: "5cca1d51-3528"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e648ca75810
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kofteli-sehzade-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/05/ Frame A7B1 15 KB
15 KB 89ms
83ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/05/kofteli-sehzade-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 93877a4648f07d0a209913c6a05dcdc1810fe91fb41c96320aea06de80b708c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278558
x-accel-date: 1681809886
content-length: 15437
x-77-nzt: AZySIYh2ng//ns1fAA
x-accel-expires: @1713345886
last-modified: Fri, 30 Apr 2021 23:49:24 GMT
server: CDN77-Turbo
etag: "608c9784-3c4d"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6443266110
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantar-soslu-tavuk-bonfile-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame A7B1 12 KB
13 KB 89ms
83ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/mantar-soslu-tavuk-bonfile-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e47fe684eeb5978f6c7437edacdbe8f33a60d89a68403c3e58c0128bfe36a52d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 202151
x-accel-date: 1687886293
content-length: 12780
x-77-nzt: AZySIYgEXmb/pxUDAA
x-accel-expires: @1719422293
last-modified: Mon, 27 Dec 2021 23:35:26 GMT
server: CDN77-Turbo
etag: "61ca4dbe-31ec"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e640c996c10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-but-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame A7B1 17 KB
17 KB 89ms
83ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/firinda-tavuk-but-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 96aa3667db041dd0f9351d85ca19b7485bf1dad1832ae2099c65cd5a11841275

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278462
x-accel-date: 1681809982
content-length: 17402
x-77-nzt: AZySIYhhIdL/Ps1fAA
x-accel-expires: @1713345982
last-modified: Tue, 09 Nov 2021 21:00:38 GMT
server: CDN77-Turbo
etag: "618ae176-43fa"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e649ed37310
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-fajita-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/04/ Frame A7B1 12 KB
12 KB 89ms
84ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/04/tavuk-fajita-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d966ecd46380ed5fdc36aadcd4b5a4bbd65ba852833ce5e834a4e37380ac9535

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6275456
x-accel-date: 1681812988
content-length: 12005
x-77-nzt: AZySIYhn60H/gMFfAA
x-accel-expires: @1713348988
last-modified: Wed, 01 May 2019 23:32:42 GMT
server: CDN77-Turbo
etag: "5cca2c9a-2ee5"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e648ebb7d10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soya-soslu-tavuk-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame A7B1 14 KB
15 KB 89ms
84ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/soya-soslu-tavuk-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5061ede8e14dd075136fdcf6a3879f4b42a692eeaa605e2c5aa5f354e753fa61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6276768
x-accel-date: 1681811676
content-length: 14545
x-77-nzt: AZySIYiZ6Lr/oMZfAA
x-accel-expires: @1713347676
last-modified: Wed, 16 Feb 2022 22:31:56 GMT
server: CDN77-Turbo
etag: "620d7b5c-38d1"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6455148710
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 zeytinyagli-havuclu-taze-fasulye-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/09/ Frame A7B1 14 KB
14 KB 89ms
84ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/09/zeytinyagli-havuclu-taze-fasulye-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 372e646203759b4bf2ddab1f01469d03dd8bc920f187a3a09bb316f4edf6d604

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6276181
x-accel-date: 1681812263
content-length: 14135
x-77-nzt: AZySIYg5war/VcRfAA
x-accel-expires: @1713348263
last-modified: Sat, 11 Sep 2021 20:22:26 GMT
server: CDN77-Turbo
etag: "613d1002-3737"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e644c2e9210
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-misir-unlu-patates-kizartmasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/12/ Frame A7B1 13 KB
13 KB 89ms
84ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/12/firinda-misir-unlu-patates-kizartmasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3be63679d6ca5fd205bdbc6dc4e6caf8d376a09decaea16226da1bae6d24fad6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6277051
x-accel-date: 1681811393
content-length: 12804
x-77-nzt: AZySIYiwym7/u8dfAA
x-accel-expires: @1713347393
last-modified: Wed, 01 May 2019 23:43:18 GMT
server: CDN77-Turbo
etag: "5cca2f16-3204"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6423799d10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kasarli-karnabahar-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame A7B1 15 KB
15 KB 89ms
84ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/kasarli-karnabahar-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a9e0c3f2f8aa72179351f0b5edcde6cfcf708285785c4a358331e05da8bff5a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278558
x-accel-date: 1681809886
content-length: 14949
x-77-nzt: AZySIYheiVbvns1fAA
x-accel-expires: @1713345886
last-modified: Wed, 09 Dec 2020 00:07:17 GMT
server: CDN77-Turbo
etag: "5fd01535-3a65"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e642d4da610
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-besamel-soslu-kiymali-karnabahar-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/01/ Frame A7B1 13 KB
13 KB 89ms
84ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/01/firinda-besamel-soslu-kiymali-karnabahar-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 385b19d8c7f7bedac5169d996fa57206b3a35b608518dfd0aa4669f7d3a7b7de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278842
x-accel-date: 1681809602
content-length: 12867
x-77-nzt: AZySIYjRA2P/us5fAA
x-accel-expires: @1713345602
last-modified: Wed, 01 May 2019 22:53:33 GMT
server: CDN77-Turbo
etag: "5cca236d-3243"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6441b1b110
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-ezogelin-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/05/ Frame A7B1 12 KB
12 KB 89ms
85ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/05/lokanta-usulu-ezogelin-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1a6d6ecc5afe8b370681181e0077b6c838310f74f8473a1f36527577d5a1fab7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278916
x-accel-date: 1681809528
content-length: 11911
x-77-nzt: AZySIYjVIHX/BM9fAA
x-accel-expires: @1713345528
last-modified: Wed, 01 May 2019 22:58:45 GMT
server: CDN77-Turbo
etag: "5cca24a5-2e87"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e641419bc10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 muradiye-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/04/ Frame A7B1 11 KB
11 KB 89ms
85ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/04/muradiye-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 43204d58f6a24cdd36d594f28e4dc0f9ab0f5ad29b4a166bb6d5f3c16756636f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278617
x-accel-date: 1681809827
content-length: 11241
x-77-nzt: AZySIYjLWmP/2c1fAA
x-accel-expires: @1713345827
last-modified: Wed, 01 May 2019 23:47:00 GMT
server: CDN77-Turbo
etag: "5cca2ff4-2be9"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e644844d610
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 korili-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame A7B1 11 KB
11 KB 89ms
85ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/korili-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 51571e6e49d9d1243db244dd3bb1790047c7b566dabc9400564dd7f74432ffc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 4368349
x-accel-date: 1683720095
content-length: 11094
x-77-nzt: AZySIYigJTj/3adCAA
x-accel-expires: @1715256095
last-modified: Sun, 19 Dec 2021 23:06:47 GMT
server: CDN77-Turbo
etag: "61bfbb07-2b56"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e646104de10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hidiv-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame A7B1 11 KB
12 KB 89ms
85ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/hidiv-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 842c88bbde71118e56fc313dbe3ad3d9e5dd9b3b9913960838734a29e5982b7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278315
x-accel-date: 1681810129
content-length: 11592
x-77-nzt: AZySIYg0geT/q8xfAA
x-accel-expires: @1713346129
last-modified: Wed, 22 Feb 2023 19:26:52 GMT
server: CDN77-Turbo
etag: "63f66c7c-2d48"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64243ee810
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sade-un-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame A7B1 9 KB
10 KB 89ms
85ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/sade-un-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cb70a0b5ac2b1a8d8e5f0e0b91b99d95723392847800eb91f42673794ce38e5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6277237
x-accel-date: 1681811207
content-length: 9502
x-77-nzt: AZySIYjyeFn/dchfAA
x-accel-expires: @1713347207
last-modified: Wed, 12 Feb 2020 21:37:39 GMT
server: CDN77-Turbo
etag: "5e447023-251e"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6485b1ef10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanakli-kek-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ Frame A7B1 14 KB
15 KB 90ms
85ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ispanakli-kek-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c25e33aaf9d908bb036672ed26b9af74032d7cb464d5e3f3b9b67e868798290a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6276181
x-accel-date: 1681812263
content-length: 14836
x-77-nzt: AZySIYgISGz/VcRfAA
x-accel-expires: @1713348263
last-modified: Wed, 01 May 2019 22:56:15 GMT
server: CDN77-Turbo
etag: "5cca240f-39f4"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64f7b4f610
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soguk-serbetli-irmik-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/01/ Frame A7B1 12 KB
12 KB 90ms
86ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/01/soguk-serbetli-irmik-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ec88c9de3a44165db5e410d072fee68874d371d17eeac4ea36c5325d485b3f7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 310823
x-accel-date: 1687777621
content-length: 12086
x-77-nzt: AZySIYjq5uH/J74EAA
x-accel-expires: @1719313621
last-modified: Thu, 02 Jan 2020 19:20:42 GMT
server: CDN77-Turbo
etag: "5e0e428a-2f36"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e643d9bfe10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 keskul-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame A7B1 14 KB
14 KB 90ms
86ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/keskul-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5907d04f8aa7cc029868fb441fd2a02dce10b72e3a68d6294aa7a2debf90440

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6278138
x-accel-date: 1681810306
content-length: 14166
x-77-nzt: AZySIYiiG4b/+stfAA
x-accel-expires: @1713346306
last-modified: Sat, 03 Oct 2020 18:58:33 GMT
server: CDN77-Turbo
etag: "5f78c9d9-3756"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e649f8c0511
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-somun-ekmek-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/03/ Frame A7B1 11 KB
11 KB 90ms
86ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/03/firinda-somun-ekmek-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 58fa8288d109b6525ab6ced54d659e79cc4e2a925f61d6c76da140f0a689ef59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 289615
x-accel-date: 1687798829
content-length: 11344
x-77-nzt: AZySIYhr3CP/T2sEAA
x-accel-expires: @1719334829
last-modified: Mon, 23 Mar 2020 22:17:36 GMT
server: CDN77-Turbo
etag: "5e793580-2c50"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e64a7190911
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ev-yapimi-seftali-receli-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/06/ Frame A7B1 14 KB
14 KB 90ms
86ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/06/ev-yapimi-seftali-receli-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5af02ce6b5997fabe156a5cf9e0dfdf4901a0552a78732b587d1ca38ffc2e4f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6277378
x-accel-date: 1681811066
content-length: 14292
x-77-nzt: AZySIYhgkhD/AslfAA
x-accel-expires: @1713347066
last-modified: Wed, 01 May 2019 22:44:02 GMT
server: CDN77-Turbo
etag: "5cca2132-37d4"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e643dd00f11
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cokelek-salatasi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame A7B1 14 KB
15 KB 90ms
86ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/cokelek-salatasi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1bd2603da78c0513ae07dff23bf8925d95683b782d9eaabc18e003d3167b8dc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 4355837
x-accel-date: 1683732607
content-length: 14757
x-77-nzt: AZySIYisc2r//XZCAA
x-accel-expires: @1715268607
last-modified: Fri, 14 Feb 2020 22:35:21 GMT
server: CDN77-Turbo
etag: "5e4720a9-39a5"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6473aa1711
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pizza-pogaca-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/08/ Frame A7B1 15 KB
15 KB 90ms
86ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/08/pizza-pogaca-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d41d07189295595e39267e87a880138ce04d72fe0ba272a91c07c735db7d2092

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6276430
x-accel-date: 1681812014
content-length: 15270
x-77-nzt: AZySIYhXJeb/TsVfAA
x-accel-expires: @1713348014
last-modified: Wed, 01 May 2019 23:21:59 GMT
server: CDN77-Turbo
etag: "5cca2a17-3ba6"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e6419c91e11
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame A7B1 5 KB
6 KB 79ms
24ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1688088444.cds332.fr8.hn,1688088444.cds153.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame A7B1 56 B
362 B 2055ms
25ms Script
text/javascript 2.19.224.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.224.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-19-224-115.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 01:27:26 GMT
server: Oracle API Gateway
opc-request-id: /C105D9AF0ABABB4CA7F8D7F3EB116C1A/FD7FF27E18148D7D733E3FBFBE951FEF
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame A7B1 465 B
585 B 81ms
27ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1688088444.cds332.fr8.hn,1688088444.cds057.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame A7B1 75 KB
26 KB 360ms
64ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame A7B1 3 KB
2 KB 70ms
22ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

00a91cbdff0ef1201b1dc6b365b2109bd2547814b9ec13d2b6d0760c6016b4ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 01:27:24 GMT
content-md5: cs+9Zav68etKf8uYnlEi1Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-debug: B5IswzY+08ahUaJE6E3oQKBPj3mIzM0IpuxdQdC80+fakQlT9txeZ7yr4zJIjIVxz+bcFxfYgKSQte9bm1gEtw==
x-fb-content-md5: 2c893b8ee84d51b42c25daf2efe5d9d6
cross-origin-opener-policy: same-origin-allow-popups
etag: "8c642545e4502421c4f4677d2b235581"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:37:10 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame A7B1 21 KB
21 KB 86ms
86ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 01:27:24 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6279002
x-accel-date: 1681809442
content-length: 21525
x-77-nzt: AZySIYiG0ur/Ws9fAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: f6587a1db56dd5ab7c2f9e640bde2611
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame A7B1 307 KB
87 KB 44ms
22ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=1aaba481ebf81e1c2d195bc49b2e4d2b

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1190eb867c4df128fe0de77914a76244b3a08687a194d017624b6b42d6522468

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 01:27:24 GMT
content-md5: 2ENNn9FCOwgY2tw+ANbtbg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88850
x-fb-debug: eVNXMEmMf6anOayAbuGGME92i9fHUewEhRQXcfs6jwV6h4/iDuY1bkM7gHVGJqgR5D8shwcFh252ndRAMyHk1w==
x-fb-content-md5: 5fac747c691f3a7ae922e6804ac013fd
cross-origin-opener-policy: same-origin-allow-popups
etag: "bf3e06e090b6da3440f44aab425fd23c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 29 Jun 2024 00:13:35 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame A7B1 76 KB
26 KB 101ms
49ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7cbd870232b0a7b2bf23084e1aa673608ecc20407149ed25e727bf4d91fa5bf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26089
x-xss-protection: 0
server: cafe
etag: 962 / 19538 / m202306270101 / config-hash: 327100832698525116
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:24 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame A7B1 120 B
306 B 58ms
57ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame 40A7 891 B
1 KB 58ms
57ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Fri, 30 Jun 2023 01:27:24 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A7B1 139 KB
48 KB 105ms
38ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9078ad6549c699b59cfbec37ee95adb562803eba1546222a730f8b5d87316492

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48870
x-xss-protection: 0
server: cafe
etag: 15939717213762790270
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:24 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame A7B1 489 KB
182 KB 63ms
63ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame A7B1 236 KB
58 KB 97ms
25ms Script
application/javascript 18.66.110.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-17.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:25:18 GMT
content-encoding: gzip
via: 1.1 5743d3ff81b625f69ad8b8e32fc9c412.cloudfront.net (CloudFront), 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P5
age: 127
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: uvYsZagSc-ukKEj1oiNjd2sQPX-mwiHgy_POCRSDxZJv53g62x7j-g==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame A7B1 32 KB
5 KB 1524ms
1288ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1688088444674&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.24230659105812302
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 702a8f4501821b3190d291065e31d4763083e4f43194a7f20fc0458829066a77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame A7B1 12 KB
2 KB 58ms
57ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19538
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame A7B1 50 KB
5 KB 303ms
70ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468913
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e0332198df71b4738488edc775d650d6a2e417aab4d04050251415317fac69ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/ Frame A7B1 392 KB
125 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6df7c73fa12d8261f09a11faff5c77f91f912362a9fdc15c46c3b949b188717b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 20:54:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16404
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127740
x-xss-protection: 0
server: cafe
etag: 1744020965594933375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 28 Jun 2024 20:54:00 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame A7B1 0
307 B 23ms
22ms XHR
text/plain 18.66.110.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-17.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 22:01:47 GMT
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P5
age: 12336
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: dUuX18k-rtiYHFGKVwY_urAxJi-NL1JeL1yzTd9hm9vuX0aAYpLHCg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame A7B1 6 KB
3 KB 61ms
20ms XHR
application/javascript 18.66.110.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-17.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 fc562aab29280948aa0691960bee3d6a.cloudfront.net (CloudFront)
date: Fri, 30 Jun 2023 00:06:27 GMT
x-amz-cf-pop: FRA56-P5
age: 71896
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: iCCUj7JgBI4VKtKlRZae3WzGgNHDDkSAzYkPZxy8afIOSeW8-IjJ3Q==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306230101/ Frame A7B1 344 KB
118 KB 93ms
51ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075664

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9830db003a000e65633dd45a93cdebb064f8522d1c2ad55d18cc50e1ba421033

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120897
x-xss-protection: 0
server: cafe
etag: 196122652647888486
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:24 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/ Frame C550 10 KB
5 KB 72ms
21ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64386
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 07:34:18 GMT
etag: 12368291122986407432
expires: Thu, 13 Jul 2023 07:34:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame A7B1 107 B
456 B 82ms
31ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075664

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6922 603 B
218 B 69ms
68ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688088444821&bpp=3&bdt=808&idt=144&shv=r20230627&mjsv=m202306230101&ptt=9&saldr=aa&nras=1&correlator=1561840534599&frm=24&ife=1&pv=2&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C42532279%2C44759927%2C44759842%2C42532277%2C31075664%2C44788442&oid=2&pvsid=1992809445552694&tmod=1235851652&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.g0htxj6el14k&fsb=1&dtd=157

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame A7B1 10 KB
3 KB 58ms
58ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:25 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame A7B1 7 KB
3 KB 392ms
58ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:25 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 07 Jul 2023 01:27:25 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame A7B1 361 KB
121 KB 89ms
29ms Script
text/javascript 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Fri, 30 Jun 2023 01:27:25 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame A7B1 398 KB
128 KB 65ms
65ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/30/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:25 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 07 Jul 2023 01:27:25 GMT

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame A7B1 23 B
458 B 450ms
354ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=z848dkIRtBRXW&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 2B674C78HVH0H81TPB9W
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: zcZ6mhg48f_yy9TmeLkVGlvzVSETnQLJUTzIXvwneYBOWd9wjJQm9g==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame A7B1 11 KB
5 KB 58ms
58ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468913
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame A7B1 17 KB
5 KB 86ms
23ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:09:58 GMT
content-encoding: gzip
age: 1048
x-guploader-uploadid: ADPycdusILK5JKw9Ku4LyXoS41bbodLjADk_0p55Qh2qL2JrHlzFD8x1zxrmVJTBJBW4hSY0tBgSpB14iWCFniYmxTNq6Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame A7B1 0
209 B 58ms
58ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688088446244&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.10719189118561623
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 01:27:26 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame A7B1 107 B
165 B 31ms
31ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A7B1 23 KB
11 KB 532ms
532ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1992809445552694&correlator=669864001747061&eid=31074947%2C31075484%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=2&adks=3116655499&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688088444674%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&sc=1&cdm=ye-mek.net&abxe=1&dt=1688088446279&lmt=1688088446&dlt=1688088444012&idt=864&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=8di525qxgcbs&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8b4d526d4d0cb39090c0def50a1bb5dadce76c9133f2a6d965c85c6f731b0b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10876
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A7B1 23 KB
11 KB 693ms
693ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1992809445552694&correlator=669864001747061&eid=31074947%2C31075484%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=3&adks=870206901&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688088444674%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&sc=1&cdm=ye-mek.net&abxe=1&dt=1688088446286&lmt=1688088446&dlt=1688088444012&idt=864&adxs=349&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ha98k1dr5bpv&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41c1fbb9c844da7fceb130144cdbf8e33c6222e76169344822da8a9c4db2bc06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11131
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A7B1 24 KB
11 KB 245ms
245ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1992809445552694&correlator=669864001747061&eid=31074947%2C31075484%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=4&adks=3413524557&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688088444674%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&sc=1&cdm=ye-mek.net&abxe=1&dt=1688088446289&lmt=1688088446&dlt=1688088444012&idt=864&adxs=985&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=jfz5a8g2eg25&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb06e978921c555bd9771e8e389d545487b87d94b5b2443c39cf77ecb04b24d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11419
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A7B1 23 KB
11 KB 250ms
249ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1992809445552694&correlator=331451583779978&eid=31074947%2C31075484%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=5&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688088444674%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&sc=1&cdm=ye-mek.net&abxe=1&dt=1688088446291&lmt=1688088446&dlt=1688088444012&idt=864&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=n62bezecq09z&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4689c7a0aa9ec698a7ea4deddc9a20dee679635ec1a0797485070b3ed6651f56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10827
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DA26 6 KB
3 KB 115ms
30ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zoneview
ng.virgul.com/ Frame A7B1 0
209 B 58ms
58ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688088446328&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.6803056586318146
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 01:27:26 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame BDC8 13 B
257 B 115ms
32ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Fri, 30 Jun 2023 01:27:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A7B1 14 KB
11 KB 36ms
35ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230627&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dff391a6b143e97e7a2694765c7855e5c33bed3cac080d39530ed5557a1ccfb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11100
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A7B1 17 KB
7 KB 103ms
34ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H2 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2644 6 KB
3 KB 22ms
22ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7CF9 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 25C7 624 B
242 B 34ms
33ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjtnrXcATAB&v=APEucNWApwU4eiKCb8YXrSiPxIx68QO04kkbJ8aYM-_Ien8uOV61P0F1ZepRrVumtfojp8zGzusTPvdR088bdRyW1V-KLHCmcmC8qTvzWCVCV0fzAQbm_Q6qkXiGY2lBS_47Wkx7CDJkJrxEbKZpco-YgaoNnVAxOYDYU68A7G0RP9lrX1Bk0Eg

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2644 78 KB
27 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2644 42 B
63 B 55ms
54ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BsSdX3jkLT_SkgFeBkPzKqD8VeG0Kfde-JMc8xVbFT9CYZ8eQX0fdlWbXIamGO0MeL-0ZnvNlMt59fnRoEqEg0niCmjw3csfH-xBnw6juh8uU_tRU

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2644 0
20 B 55ms
54ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12600362156233832160&x=1&ct=76

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 2644 3 KB
1 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27418
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:28 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 2644 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2644 0
0 85ms
30ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSqvQIxsA98RJOuXu04B2ows-FS_jOsG7xNPAxQqwvoDohCO55y7vnW146w_rXQZS1dYdyKLii3hW2NrsnkK_LQF-T-Bw
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2644 179 KB
57 KB 93ms
37ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B9D1 640 B
262 B 66ms
65ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW3SVqG_qgwS-AwPEQ6w79qdO9SSZg4KGvNo155gcY_PN6tLih7vezpk340yemrfiIgquBVLJVZ_SXGbO0ycrmwWUX-FSr7IAf6_caEgQSSbwHk84jrf3Kvb25e-huCMRzAXSh5ZoqhoN1X0aNReSxcvKJhM3zKkTRiOsycsDBquUeWAcw

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7CF9 78 KB
27 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CF9 42 B
63 B 55ms
54ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C2rH811veVrMK82QS-JZ1KvOjZ8YltIcyWikDkLmGk5yvKvKjqjWlS94q88Sj59Tz3YsqCmubtpRbd4vDBpe-eI7JgHZL-1PkHs5Uf_2TkxDJUb9M

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CF9 0
20 B 56ms
54ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10761180261705788204&x=1&ct=76

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 7CF9 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27418
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:28 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 7CF9 20 KB
8 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7CF9 0
0 81ms
29ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQKjlckEiFICu1545znS9s94Qlo5cpboVWDmer_BHuFXNwEAd5enwIPsJTf7pDYoFIS7vodrT67zwVwyOQa9qOCQ5Itbg
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7CF9 179 KB
56 KB 123ms
72ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FD0A 13 KB
5 KB 23ms
21ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 64261
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 07:36:25 GMT
expires: Fri, 28 Jun 2024 07:36:25 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 12FF 783 B
1000 B 58ms
31ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3ce23e46909581b70d68506a6358a982f310ebf4f6414b397d76409ede79bd4b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5-Y9jxr03KDlG3G_cIoccg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-5-Y9jxr03KDlG3G_cIoccg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Fri, 30 Jun 2023 01:27:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 25C7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKOENEDHjQH26ERo2KL_muI&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKOENEDHjQH26ERo2KL_muI&google_cver=1&C=1

43 B
632 B

24ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKOENEDHjQH26ERo2KL_muI&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjtnrXcATAB&v=APEucNWApwU4eiKCb8YXrSiPxIx68QO04kkbJ8aYM-_Ien8uOV61P0F1ZepRrVumtfojp8zGzusTPvdR088bdRyW1V-KLHCmcmC8qTvzWCVCV0fzAQbm_Q6qkXiGY2lBS_47Wkx7CDJkJrxEbKZpco-YgaoNnVAxOYDYU68A7G0RP9lrX1Bk0Eg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEKOENEDHjQH26ERo2KL_muI&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 25C7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ4vfs7-Dx1DDVUtuRPq1AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGRHDlSXpF6TLduZh5GZA2I&google_cver=1

43 B
632 B

24ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGRHDlSXpF6TLduZh5GZA2I&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjtnrXcATAB&v=APEucNWApwU4eiKCb8YXrSiPxIx68QO04kkbJ8aYM-_Ien8uOV61P0F1ZepRrVumtfojp8zGzusTPvdR088bdRyW1V-KLHCmcmC8qTvzWCVCV0fzAQbm_Q6qkXiGY2lBS_47Wkx7CDJkJrxEbKZpco-YgaoNnVAxOYDYU68A7G0RP9lrX1Bk0Eg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGRHDlSXpF6TLduZh5GZA2I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 25C7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDDwyAPhlpGzbmvIMMfmZKU&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDDwyAPhlpGzbmvIMMfmZKU%26google_cver%3D1

43 B
1 KB

37ms
28ms

Image
image/gif

185.89.210.20
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDDwyAPhlpGzbmvIMMfmZKU%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjtnrXcATAB&v=APEucNWApwU4eiKCb8YXrSiPxIx68QO04kkbJ8aYM-_Ien8uOV61P0F1ZepRrVumtfojp8zGzusTPvdR088bdRyW1V-KLHCmcmC8qTvzWCVCV0fzAQbm_Q6qkXiGY2lBS_47Wkx7CDJkJrxEbKZpco-YgaoNnVAxOYDYU68A7G0RP9lrX1Bk0Eg

Protocol

HTTP/1.1

Server

185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:26 GMT
AN-X-Request-Uuid: c55094db-24c4-49c1-aa64-01529d4c8592
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.215.131; 217.114.215.131; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:26 GMT
AN-X-Request-Uuid: aac81534-46fb-4c12-aaad-92b1051e7cd2
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDDwyAPhlpGzbmvIMMfmZKU%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.215.131; 217.114.215.131; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 25C7
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D

170 B
243 B

35ms
32ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 01:27:26 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.215.131; 217.114.215.131; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 31c0db84-df87-457e-9249-0aa388ed86db
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2644 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7073790728773&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2644 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7073790728773&version=m202301230201&ct=76&x=1&cor=12600362156233832000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2644 92 KB
37 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CzV3MTcY5Bonjf7XXTnaB_R9auJr0WVIKjO3iwnZGF0mgfeR0bbM1NFHKEuSKzqvZ0g6QKozXE7VXed8ppY4oxcXSGEXRPTJRN22hX77RH6s53eWQ&cry=1&dbm_d=AKAmf-CA8IucVpc1Q5CQ1P87g_dl6WWPs2P-NnVElwZ3tTqcL8GpnZdh2xhTtbMFVOLv0sLo4u443-6J1GjVvT7xoVVzsrkAVy2Gidwvx_M2k9jc_R7q-JcFLX6lqoja2yZty235TuJiRIvaDXr3ZdGRPWoF5OnOEIedloH4KSHH97iA33lunUe7ZeMo8acRwES_-KzY3GbjDfm42zhKbqREBKLWqi9GgWRDc4ZRgfKLg74KTsTkfR1IsPTxuF6294jwJiL9V2rdeQB2gSU-UNa1XVoySHcamQzdoumHrmaRm4iIJiyHuE2ASPuGhhqCIb9ICyF-5ws4A7JVMvHtCSRYKeQvLDWepHk4Q2hTu6ghDAx2y0VQHKuXs0106YLJMjbnKYONFwD7m9tTF8Uu8GTZ7wSOxG1JEnI00m5pRkBI21wMdJD2r_6d5YCTDxnXy0Z9OKF1FEEacDEXtDBZMBFioueEG9OcYDQKErbSHkp6Y0gUkItoSRz1EyMLu-uZAszjQjvujDCAlrJiNBzwUbqQt0S3yDgqE8gB3iITkM0wtbJ__FvobXm7J1Zcn60h_Ul1utWU7U9QWow7047eNxx4pCNCzMw7fFohDC4SNBIDAcMjpdWSMneN8HLMuwGz6H4BWWnCgXmAQbCiOHs_sqrpCSNhbnpqJwjPlxm4rUcES35RPq-d4QszeS7A9fVIzl4bAp9EV_8dp5KXimP490rn3PN1MarNgsneSayNGQODREWS9IP3GWyjz2T1JJLTiwWr_ylvdwaQpd3-yz0jG3hbkjjdhrBFYHSjejjazA_vFDNqSPzlGinRFHdSLT4tvxQZs1wweXrNnMX2mIk5B9nYh3JqboiGXN5OuyNX6YhmE3ETxREAijtiCVLNrlwdIpfFSgJOLJYVB3tfdoFkaUKfgGHY4KfEpX7X8Nq3WdVi81PyygoCKTZ-TW5RHg0Ft3EwJYPT7SKvK7A7WtQbun1vsrGVZtzJKf-2ZmxRExJljd_eVrpFUkqRFE6zLY6__8PjBFXKE251MPVGmqdgVc3n9X-b2vhYwFNMhO4Fc7w-rcMxJE-oMt0uipvGMcSadvtzbE-OP1Mwd65mptzwqNbLQ5K2fZbMPKIR3jKll-PfkZ4mkPXFhUxW7SpUNZEjVhHZ2pDyQWgi9JRj3xl9bS_Bwio75F4hyOCMUY_Iz9ehsn56JOwy178lUqG_ZWOvvnXQTZBz7z6r3ebY_bRGy2bFZJLz5VXtByXshv_tsbYL5EyJ-Z1VBQCoxOGiY_UGD9U6hJzoGukKDOp7pbWT-k4_VYpf3UJrXThLTN0BRTV9CilWeo_xKVEdhwi-qHYYxcPMwX7bDQR27hRZmtlhJrPNrM_GoF1DHMLoaiWUf4RmLrf4c1NPM8zj5Utoe4-eefKePMsb2NIIxx63WMf_m7-8g5qKzT1iXUUr18NN1GsgtpkOwtsYhdwIi3UcoAkfLzwTZK8XeQW3X6vFnFVntZM3uYvDh75JMFy1Vm9GOLfj35-EiEL199mNzg-6wKTodk9gEETTimrSGA0nSCKONJc3V9PKC7oIi7jAS5_h-6ctXDhRZwMFm0uRPyyMM_W7vPtHrq83TOliewegj6wEcSnQjaWHcyncdE0k_SnqDqwk8IQj1yhAkIo2DIc_K8b_NYsub9WsFbG9FXA66m36XjVTLafdr0wgr89HI6zakno8GDo-QNvRA1JC5gXZLM6aW_vTbxWNPxjnUuuBSds4Adk9wpzNX3HlkSskPYrdRntP_xAddsib7ugV0V9E2KUSbcCZOCdEBKpwEgLNqhlHS7RztnrMttekb-btyEnN0gdXqheyqeJR_x_tPKosNP2bsZbWy_zv42umXjMS3r88NX7VLKph_qNQ_HNqBEpStIXaLrkQoO3FOf_JFC579Rt2w_5glsUeycRMcaNWTOP8d2MDFS2zssSSXS0zb4Uocayff6ouLs3OWEg3ws1lk0_D_okH7bMiWB3YGDvp72BM1WOfF2iy4QgPtRvEryBX5zMsIoIju4qhCvXCgChr-cHNbOSTJ2SRLDUUWFITE92kn5HqV00W7QiiqAs5sKfRaMDOGgoNOrHq_HoSCEUfhlPe4YOMOHXs_kbQb3k4My_hcQ5VssgJb-YrN6wts-ZUVyUBcDbrvA6u2qAN15Ge7IJ7orFoaNtW8SYRggwM48WtLp2j-4ZF01uqGu1Kgmx4rMVWV7qA8NZhUA34pxztjYkKl6SLIr2BpfvNqcn4Zf0rDw_WD0adTIAdO0p6Wzr_g0TDNvb77VWWDXiLR7oHSN3ZBdK2_8yI7fdV96gw6UOhP4O5d2jF8SX7VNP0Gt4UB20njhvkvL1wSB8bXOplwhvLSUTEzlcVJ19C7CcjEMHpE3zvCpzVBbRe3M_qBHrMHjHbQBUrBbQ3-EqlEQ-Cy3-q6q_-QdvcRVNJT0rXgmnKZqlH84zT7qcvQrtxDt9JtHpA5OdHk5a-5iD5LhqJWK8ACRJzyDcmX3azep7u85o0_4Ma3GQy3WbB9LwU_5YOofTpFVJULz9eXROyR_wQlmdPQvJ5f6P6019IDzzwKvfe9FeT4wxsd4ulzEW2xwZRNf3OMfu_6kiRhSSb-Jbj72mSnzmHXYH5IEXt3HWyxQfO96Yhz5ceYqX7QFZIRX8DvRCD6WUDHhWRi-NZ9rLUul5WTVbbQShdbKHFbJk1xOlXVzr_Jer3nCH5itMBZ-hSzOgW7MYlziJ2H4ReOGx4ozRI-VeTQeA11PkLysly8DwpeZtikn3DeULNfqTSAgAL_66XZ5wIelMV85s8gGItkBh5I6qZcjJ9cVQFT0pjzXdctUQWrjHMc6NpRmZAs37UBVyfTYhvK2jCZwhvaKy6UbmFl2YXL2EWQ1cxBzWsd569vuhEDi4bj1e0iQHPBtXnSVdV0J-q-OoJodxc_bIFABCRYwbTlWlOLi_yU0ZB6gceGhP7fTs7XSodzTEvGTZiKRnTkcc2Rjkg5pwSl1gtHHfqwAhg_aSvm4GpLuTnYxn0ZAuEC5Es9YO7eAIvtvXxLoTLugOL__ItqazMOZpIcSXs3Hver_k45jbts3PCEWfgR9V5k6YBcpmISk_-2mx4cjDQkPJkH9m-GBTgJVXwFHQZrzwPD6w4j1ylENXDpnOIZTxutxXgt7caRdvFuwNbRq4v-fHydoPGNrX5X-eJIo6-W8TcAOj7t2GFdZRvcPYFtfhnv3TtGCoJcMxMxI8bBiqDVmP-3hrHqp_o6P8nKDs5o9QdQ8J-ecEbxgoyH3KFYp6MUDXeRlYB1uw7c73W1N-4Yt_0x356Ig3Jf8uBoFi5QfY9b6gGyXOQX_s1WIVNfZqCgZ32391doSOUnZMuSlqBCcXapG8GxiDZpqVVdi002Kusag0rqxycST0S17AfvBu5YYrUhhfcCKYv6X2ubv1TSb3B0ZLRr6Wy9-5AT_AuBgzu-4u4QECBQ8YiO7lMndySJZg5Fs1IBofc5FEAVqJboEdF4Rj3oCAl4xeQHUjrh6z5qWnp1Me_w2LFsL9tRUJQwjxsMpWCueWZdNBz9kl-5iAt7aIZQhxDAnfI4xJ8tv1Baaj3WFOtIURKaQPmaAXYJ9xkJE_mQdsbY3KT9B3TNOY6TbJmIzKVYCtz-VR1mOr-Cn6mPvGfZK3fDay9TmixNwWi4iXQ33flGvEmRBDCRI6koiS4BS2DQ2Is00wxJtg8S5kMcVWeDZdTOOWzm27u6jN8Xbez8g&cid=CAQSKQBygQiDOm0MmhTnFYddoFB9xMGYLRUnr9NogLboylQQBmGZJYgtoFFeGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=12600362156233832000&adk=3468572599&idt=40&cac=0&dtd=29

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1a1f5bc34d81d22211a1921177d006232b2e93966ca58c67c4b3c1154ba1028

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37776
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B9D1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMmh4M17G58NxSx7xPIIKfM&google_cver=1

43 B
114 B

39ms
29ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMmh4M17G58NxSx7xPIIKfM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW3SVqG_qgwS-AwPEQ6w79qdO9SSZg4KGvNo155gcY_PN6tLih7vezpk340yemrfiIgquBVLJVZ_SXGbO0ycrmwWUX-FSr7IAf6_caEgQSSbwHk84jrf3Kvb25e-huCMRzAXSh5ZoqhoN1X0aNReSxcvKJhM3zKkTRiOsycsDBquUeWAcw
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMmh4M17G58NxSx7xPIIKfM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame B9D1 43 B
304 B 91ms
29ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW3SVqG_qgwS-AwPEQ6w79qdO9SSZg4KGvNo155gcY_PN6tLih7vezpk340yemrfiIgquBVLJVZ_SXGbO0ycrmwWUX-FSr7IAf6_caEgQSSbwHk84jrf3Kvb25e-huCMRzAXSh5ZoqhoN1X0aNReSxcvKJhM3zKkTRiOsycsDBquUeWAcw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame B9D1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEA5omHAnF_JaE3cwOPVauxw&google_cver=1

23 B
163 B

68ms
45ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEA5omHAnF_JaE3cwOPVauxw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW3SVqG_qgwS-AwPEQ6w79qdO9SSZg4KGvNo155gcY_PN6tLih7vezpk340yemrfiIgquBVLJVZ_SXGbO0ycrmwWUX-FSr7IAf6_caEgQSSbwHk84jrf3Kvb25e-huCMRzAXSh5ZoqhoN1X0aNReSxcvKJhM3zKkTRiOsycsDBquUeWAcw
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 01:27:26 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEA5omHAnF_JaE3cwOPVauxw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame B9D1 23 B
163 B 114ms
45ms Image
image/gif 2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW3SVqG_qgwS-AwPEQ6w79qdO9SSZg4KGvNo155gcY_PN6tLih7vezpk340yemrfiIgquBVLJVZ_SXGbO0ycrmwWUX-FSr7IAf6_caEgQSSbwHk84jrf3Kvb25e-huCMRzAXSh5ZoqhoN1X0aNReSxcvKJhM3zKkTRiOsycsDBquUeWAcw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 01:27:26 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CF9 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3237567965086&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CF9 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3237567965086&version=m202301230201&ct=76&x=1&cor=10761180261705787000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7CF9 103 KB
39 KB 95ms
95ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AQgJutclimmDQpdYeONKMzPidaj0ZBY3SX0iTi4HE2bYHPtymmie9Jp1VfqF5SxH2TIT2inmCgRJYt-rvh_ZFwAD6VLjaRYPRrOirqivwiQO4huE00JrcAjpAThREsYsofG1zIJsoCdyhP_opSzI9SiZ57pnvfM_P_JFAWePVt1OwoRWw&dbm_d=AKAmf-AzWBe84pCjkoW2y9A36lddJWg07_bnxDgUzTPDBaAeBrvE8UIKmkoPQ7RMnQ4CsCABLUXsd9d9RGdvrWqtMs5yeMAcUOGu85QpNBQnWv0ni18qQDIU4NIZQ1Q99URBV7fAmBbCUg_9jBh-2R7sGUSlUR_Xli67yPAPXF4P7DY2w2vujt0f_aPV0RQKk_6fhYxoBf2-4sJg0BNh4P7eI1qps0i4c1Vfqp89jx-U3MepSsbst8ItCaWPWODl8XLXZSbjjf9WW8VrJ79xmQjHR-76ibHKescRyLauW4q9vh5C-PJoY0WvHZXeqVNGO0wYfLHeXoqhoUUlOsQfH-iGfgLxrgoklWnSNViVMrVMaLd9kUknUcnfCHySyIgwxE27uMru2JUhSv-nTXsb64Vt4Yb-_xv17aRpmcxOLxpQsQd4OMiy-Xw0gPJMc7VfD-WMjLzcB-L7KEHCuLydy8Uyhpy2Pehg1g9lb4VAu5zkOl3pykW0m3Hd4sOUS1Gc1QVWThVsufk9ejRqFDi03dclLBScJdRjsc3XR7jn_o8EeWXAytX2zqtxRnHeuevLBx9R2xAB6ioeq5aSLfflO_Wq3VaMl1SKWiTRjvKlsTFsbvooFl044GGE12yCOMRCmhKlYT593d454QvueRsJS3sHDI_JmjBji_so2d_xfwANAs32nNa2-ZZ1vuIUIl3SmJGVumPyNWJlqARzPtolMHLFbCrz7kMjGsfeouXkIvie2n39qxm8BfaN_0blasJjhjJZFOdsIHA7MtESgsPd1yEDuVewxPp9sq6TiDVknP6RFNpiP3TSSKFckHNXToR37rad4zuZ35NHqh22jac6OTT4IwvtvNX2bx1g0WJb4MIiFNbcvo3jVyvCob8KsnKHYSVkjk-ovRZUp4vlaOrzP4bG3-jG9HNQulAGfVfeck9LizgPZqEs9ubfH_kjFJNTwJETTZtPrky8EVN5w2R8iPZAERTlaCMH6QsZAP0XXNQCI42mInA1CaK5dr3PUug0VM8SGOu2mrfFKgv9YuggaWQNENn8Y2S4zs80tiozFaaXOfweVZiKJVUFNDWLszlIYTBWpVFv2CfT__881MVPHgNjNyErwDctX6myHdQK5f3GHMHZhSY-YLh1ZEGAZTmenD2oEv2_4DlEHNpwHxUyuqNsNwSHzR_RIsusIYJ2Ev5o9SoAjb2mX_A3BJ659l_0Qg-_1vCBTvsAzwZ6KZe-DkJWS9rs5jK3rWNkWGLhsWntGTNrPXEGuepYD1y9O-l-f48vU22LP7YH1-XIat2sH1Z6cZNFjAdpZdqzrmjVsnvKdbSbzkqPLNHfF5a9SY4lkoWEuNeXtH_zEXnyc6CKMhrAeY0Z6XqdDWGoQ2N00t0f0rrZGNeoVkCE2IDV-R41Rtafx1ar_IbO2upxgl0VCVHEjg9xSKm6JncMc0iFWrum7hT9F59mBluku274upXHsFg6RInGzxvsjbmcfgMkWLb7tZ3Kk2g9q0HCja62EaAUJq0AoA2kGJpMUFkJc4fP8L9jT2WbyAgVeLPiAs5UldU3UXmWKT9EU2fPMMywlit9Gw8AapFobnxFgFpxzXN_swtXOKlO0oZFN9HgWi05qcwy1LA5tZsCYFgOX30l4EfAYxC5Jv6WlcNtgVN4ooChHl6OHDJNKVAl4ijHUpCQW04-lHl0W-uEaIjWRWwuiXC7TGUYANhNJ8ug8i7WBG_vWUeU-IEp6kO8VWHkrH3C29-y43bOfnGyuebRUHTdN6Kr_5_P_97bOEGLZDe4IJslGVfyLsm58xPmOQzdB-B6Lp28GTpz97QRZg8NE38KLTUMBo3IyCqHhd3DHyNG3AsgzeSqAtaSKOHwqX0z8s5_5K4cavoP120tKRaC0t1DURRCeLynePqFJNKv_ZygmMiR96BQ09xuF77BBUpHf8k0rNewMVhDOZALI9zvQ1kP5sr3Hl0GeqF_GM2dcBB3ioRfTl4q2EtQ4qbimBq8cqMl3vDWHBytLcXLKP3E3ubC3Wv7eY6qpM8DYVsK4OcGOIvtDp1v_lJiZxDT8vmoU-QjuYu_6k1Rpz-NZaJTflY_QzvHtmHkN8khmbuKcKlh7NHiEGcv5eYFHWt4u1u_kEUlf04aKeWhyDbYRJQfvNX_E7s66HJihfgKp3DkqMwTR8OlpLcuyLYM-iQcDoxDNsKJIQFnogB64XEIlkRLmY73zCSWqO-aeJJoba0YT5dbvOKpitOX51Xld3PCyDiHmMJvXOHuf5eDPOh5Q9xNeiKudqX1rdovGHq1wCIbb_GF73CtC_YY-UvWW-C7j4Dn_inbvJ_cLsQ4Q6H5rKK00SVQY8GrJWtUpEbiu_UXOMIKPECwibAp6hS1KYBkWvrSM4Bl34QtYsbaPRTR9nxrScM98E8mfQoB5driYRtU37BiE9QoIOmyUfQSH4v_GGNCTprZ9zx0HQpVsLPwsLS_w0v3alpGnmH990tFhMd4ljtt1B4H56Tzn7nADnx3hSRG2jYkzHxRTeNHU5IZhejaVHUFGlpARhSuqIemkuO1QkTAc9Yo_T4ts9ZQ78B8QTrO-RWfaF1qORUkQXn22y_Dqf_yArQovwdmf5Q4kqfY2YQjD4aan-ChQ9kOnCIXRN9wd_o3Fyh8j2MWbl637ldG1QP342QsuaY_hK2_rxP92A85gjs6g6QBdC23E7hUUZHjDYc6DJfmTUpwmaBMxSeXy-l2tFk6ZxbFpbC_7yZQaBA2KhEJbqZH40EcXq4utlB6JykUYQ-eBDdTFYhB4eqlRXuBJk4AnRNlEPt1jo9Z6VucJfa8r2s58uGfTglVCMjGrBXCeChhfHTsNO2Wkqqzds5RkSIjOugBWJzknMl2xGYqNDOGC2ZSjxtLNpEGFh6D0lZ3Llq7_I-ZXKmzesHAzWp1ZD9FuPa4OKeHRCLgiq1JtXd8iuvrnq2Xb-btLnmT6c1pC1Q87dOM-t3K4h0iiKZWygzOwZAblWkPHg5vyFR2bsgAE0_DW5FmFcsIbz1bkLUOYiv9_YCKrJmjaWHnn9GhX2pNb5Kp0aICFzywFRXkjZTZS6u7g2PRnlKbKpoY3sMa2_h2i06ahKQRM2InacvE9Rn9rO7ECLr_bfxLH_wsAh2jEzmomVzZfR381iO9LdzpI0KRx4erbpiOHDZYzuqyrCdGtWKpi_usq7l8936kfyaCyXKLAX0MIsM-7u93gRfcDB1F0Cj42BAb_zhmpuUepHk4WJJtaGE5UzGYfYLt6R1kYycop0zMH-5Azn2LAMCPyQyMbsuWzv5Masrmkdx2gIwK75tbVRhd04Uw449NmVEVxyiN_aJ-ZReMnKYT6YzvsLhds_L6pAeDTQ&cid=CAQSKQBygQiDwdiuwYtQM2E9G5ga3TniPbErysel6BVRyKDrQWFlF2EBHhoFGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10761180261705787000&adk=3887872403&idt=52&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95ff99f853b8eb8296a5c0f066d547a7bf9eff3e04437262190edc80d4c4b292

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39930
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame A7B1 107 B
122 B 30ms
29ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A7B1 23 KB
11 KB 276ms
276ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1992809445552694&correlator=2283349438415779&eid=31074947%2C31075484%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=6&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688088444674%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&sc=1&cdm=ye-mek.net&abxe=1&dt=1688088446731&lmt=1688088446&dlt=1688088444012&idt=864&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=9fbulv59g1vy&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b205c033f2ca9d62a83796a7a23ae86b88809a6bd4620c8cfca2d755c76617cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10982
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A7B1 34 KB
14 KB 264ms
263ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1992809445552694&correlator=2414434600631318&eid=31074947%2C31075484%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688088444674%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&sc=1&cdm=ye-mek.net&abxe=1&dt=1688088446734&lmt=1688088446&dlt=1688088444012&idt=864&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=y6ttvnk37i30&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7acea77597a54fecfac92b34d1684d076085f07ec0435c9f712f3aaf6f40a7a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14788
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A7B1 23 KB
11 KB 243ms
242ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1992809445552694&correlator=2995007201564074&eid=31074947%2C31075484%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=8&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688088444674%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&sc=1&cdm=ye-mek.net&abxe=1&dt=1688088446737&lmt=1688088446&dlt=1688088444012&idt=864&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=7hw4ebr0rss6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

170e5eee89592cad0fe09f8adb7ce590e4af0f8733be52d0df67b5af0f094d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11107
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A7B1 112 KB
40 KB 297ms
296ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1992809445552694&correlator=2945300944473285&eid=31074947%2C31075484%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=9&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688088444674%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&sc=1&cdm=ye-mek.net&abxe=1&dt=1688088446740&lmt=1688088446&dlt=1688088444012&idt=864&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=h2kvx8foom3g&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24959a4e5b72bc5745e1d2cddb34e3e7db3d16782406514a2f19ff0293d1fa10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41402
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A7B1 24 KB
11 KB 269ms
268ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1992809445552694&correlator=1564266997479436&eid=31074947%2C31075484%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=10&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688088444674%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&sc=1&cdm=ye-mek.net&abxe=1&dt=1688088446744&lmt=1688088446&dlt=1688088444012&idt=864&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=rmn17ii0bdbi&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5a117cb6007e2642cb7f1b8d55a66a518d07a6d331b72b3640015ffe1f1d453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11235
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 12FF 0
0 55ms
54ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230627&jk=1992809445552694&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js Show response
pagead2.googlesyndication.com/bg/ Frame FD0A 37 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6c4f7a3d487b7ff022968992263a5783a6373fac408f2185053c4937fbb4fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:22:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 198277
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:22:49 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 2644 172 KB
61 KB 77ms
21ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Origin: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 2644 11 KB
4 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CzV3MTcY5Bonjf7XXTnaB_R9auJr0WVIKjO3iwnZGF0mgfeR0bbM1NFHKEuSKzqvZ0g6QKozXE7VXed8ppY4oxcXSGEXRPTJRN22hX77RH6s53eWQ&cry=1&dbm_d=AKAmf-CA8IucVpc1Q5CQ1P87g_dl6WWPs2P-NnVElwZ3tTqcL8GpnZdh2xhTtbMFVOLv0sLo4u443-6J1GjVvT7xoVVzsrkAVy2Gidwvx_M2k9jc_R7q-JcFLX6lqoja2yZty235TuJiRIvaDXr3ZdGRPWoF5OnOEIedloH4KSHH97iA33lunUe7ZeMo8acRwES_-KzY3GbjDfm42zhKbqREBKLWqi9GgWRDc4ZRgfKLg74KTsTkfR1IsPTxuF6294jwJiL9V2rdeQB2gSU-UNa1XVoySHcamQzdoumHrmaRm4iIJiyHuE2ASPuGhhqCIb9ICyF-5ws4A7JVMvHtCSRYKeQvLDWepHk4Q2hTu6ghDAx2y0VQHKuXs0106YLJMjbnKYONFwD7m9tTF8Uu8GTZ7wSOxG1JEnI00m5pRkBI21wMdJD2r_6d5YCTDxnXy0Z9OKF1FEEacDEXtDBZMBFioueEG9OcYDQKErbSHkp6Y0gUkItoSRz1EyMLu-uZAszjQjvujDCAlrJiNBzwUbqQt0S3yDgqE8gB3iITkM0wtbJ__FvobXm7J1Zcn60h_Ul1utWU7U9QWow7047eNxx4pCNCzMw7fFohDC4SNBIDAcMjpdWSMneN8HLMuwGz6H4BWWnCgXmAQbCiOHs_sqrpCSNhbnpqJwjPlxm4rUcES35RPq-d4QszeS7A9fVIzl4bAp9EV_8dp5KXimP490rn3PN1MarNgsneSayNGQODREWS9IP3GWyjz2T1JJLTiwWr_ylvdwaQpd3-yz0jG3hbkjjdhrBFYHSjejjazA_vFDNqSPzlGinRFHdSLT4tvxQZs1wweXrNnMX2mIk5B9nYh3JqboiGXN5OuyNX6YhmE3ETxREAijtiCVLNrlwdIpfFSgJOLJYVB3tfdoFkaUKfgGHY4KfEpX7X8Nq3WdVi81PyygoCKTZ-TW5RHg0Ft3EwJYPT7SKvK7A7WtQbun1vsrGVZtzJKf-2ZmxRExJljd_eVrpFUkqRFE6zLY6__8PjBFXKE251MPVGmqdgVc3n9X-b2vhYwFNMhO4Fc7w-rcMxJE-oMt0uipvGMcSadvtzbE-OP1Mwd65mptzwqNbLQ5K2fZbMPKIR3jKll-PfkZ4mkPXFhUxW7SpUNZEjVhHZ2pDyQWgi9JRj3xl9bS_Bwio75F4hyOCMUY_Iz9ehsn56JOwy178lUqG_ZWOvvnXQTZBz7z6r3ebY_bRGy2bFZJLz5VXtByXshv_tsbYL5EyJ-Z1VBQCoxOGiY_UGD9U6hJzoGukKDOp7pbWT-k4_VYpf3UJrXThLTN0BRTV9CilWeo_xKVEdhwi-qHYYxcPMwX7bDQR27hRZmtlhJrPNrM_GoF1DHMLoaiWUf4RmLrf4c1NPM8zj5Utoe4-eefKePMsb2NIIxx63WMf_m7-8g5qKzT1iXUUr18NN1GsgtpkOwtsYhdwIi3UcoAkfLzwTZK8XeQW3X6vFnFVntZM3uYvDh75JMFy1Vm9GOLfj35-EiEL199mNzg-6wKTodk9gEETTimrSGA0nSCKONJc3V9PKC7oIi7jAS5_h-6ctXDhRZwMFm0uRPyyMM_W7vPtHrq83TOliewegj6wEcSnQjaWHcyncdE0k_SnqDqwk8IQj1yhAkIo2DIc_K8b_NYsub9WsFbG9FXA66m36XjVTLafdr0wgr89HI6zakno8GDo-QNvRA1JC5gXZLM6aW_vTbxWNPxjnUuuBSds4Adk9wpzNX3HlkSskPYrdRntP_xAddsib7ugV0V9E2KUSbcCZOCdEBKpwEgLNqhlHS7RztnrMttekb-btyEnN0gdXqheyqeJR_x_tPKosNP2bsZbWy_zv42umXjMS3r88NX7VLKph_qNQ_HNqBEpStIXaLrkQoO3FOf_JFC579Rt2w_5glsUeycRMcaNWTOP8d2MDFS2zssSSXS0zb4Uocayff6ouLs3OWEg3ws1lk0_D_okH7bMiWB3YGDvp72BM1WOfF2iy4QgPtRvEryBX5zMsIoIju4qhCvXCgChr-cHNbOSTJ2SRLDUUWFITE92kn5HqV00W7QiiqAs5sKfRaMDOGgoNOrHq_HoSCEUfhlPe4YOMOHXs_kbQb3k4My_hcQ5VssgJb-YrN6wts-ZUVyUBcDbrvA6u2qAN15Ge7IJ7orFoaNtW8SYRggwM48WtLp2j-4ZF01uqGu1Kgmx4rMVWV7qA8NZhUA34pxztjYkKl6SLIr2BpfvNqcn4Zf0rDw_WD0adTIAdO0p6Wzr_g0TDNvb77VWWDXiLR7oHSN3ZBdK2_8yI7fdV96gw6UOhP4O5d2jF8SX7VNP0Gt4UB20njhvkvL1wSB8bXOplwhvLSUTEzlcVJ19C7CcjEMHpE3zvCpzVBbRe3M_qBHrMHjHbQBUrBbQ3-EqlEQ-Cy3-q6q_-QdvcRVNJT0rXgmnKZqlH84zT7qcvQrtxDt9JtHpA5OdHk5a-5iD5LhqJWK8ACRJzyDcmX3azep7u85o0_4Ma3GQy3WbB9LwU_5YOofTpFVJULz9eXROyR_wQlmdPQvJ5f6P6019IDzzwKvfe9FeT4wxsd4ulzEW2xwZRNf3OMfu_6kiRhSSb-Jbj72mSnzmHXYH5IEXt3HWyxQfO96Yhz5ceYqX7QFZIRX8DvRCD6WUDHhWRi-NZ9rLUul5WTVbbQShdbKHFbJk1xOlXVzr_Jer3nCH5itMBZ-hSzOgW7MYlziJ2H4ReOGx4ozRI-VeTQeA11PkLysly8DwpeZtikn3DeULNfqTSAgAL_66XZ5wIelMV85s8gGItkBh5I6qZcjJ9cVQFT0pjzXdctUQWrjHMc6NpRmZAs37UBVyfTYhvK2jCZwhvaKy6UbmFl2YXL2EWQ1cxBzWsd569vuhEDi4bj1e0iQHPBtXnSVdV0J-q-OoJodxc_bIFABCRYwbTlWlOLi_yU0ZB6gceGhP7fTs7XSodzTEvGTZiKRnTkcc2Rjkg5pwSl1gtHHfqwAhg_aSvm4GpLuTnYxn0ZAuEC5Es9YO7eAIvtvXxLoTLugOL__ItqazMOZpIcSXs3Hver_k45jbts3PCEWfgR9V5k6YBcpmISk_-2mx4cjDQkPJkH9m-GBTgJVXwFHQZrzwPD6w4j1ylENXDpnOIZTxutxXgt7caRdvFuwNbRq4v-fHydoPGNrX5X-eJIo6-W8TcAOj7t2GFdZRvcPYFtfhnv3TtGCoJcMxMxI8bBiqDVmP-3hrHqp_o6P8nKDs5o9QdQ8J-ecEbxgoyH3KFYp6MUDXeRlYB1uw7c73W1N-4Yt_0x356Ig3Jf8uBoFi5QfY9b6gGyXOQX_s1WIVNfZqCgZ32391doSOUnZMuSlqBCcXapG8GxiDZpqVVdi002Kusag0rqxycST0S17AfvBu5YYrUhhfcCKYv6X2ubv1TSb3B0ZLRr6Wy9-5AT_AuBgzu-4u4QECBQ8YiO7lMndySJZg5Fs1IBofc5FEAVqJboEdF4Rj3oCAl4xeQHUjrh6z5qWnp1Me_w2LFsL9tRUJQwjxsMpWCueWZdNBz9kl-5iAt7aIZQhxDAnfI4xJ8tv1Baaj3WFOtIURKaQPmaAXYJ9xkJE_mQdsbY3KT9B3TNOY6TbJmIzKVYCtz-VR1mOr-Cn6mPvGfZK3fDay9TmixNwWi4iXQ33flGvEmRBDCRI6koiS4BS2DQ2Is00wxJtg8S5kMcVWeDZdTOOWzm27u6jN8Xbez8g&cid=CAQSKQBygQiDOm0MmhTnFYddoFB9xMGYLRUnr9NogLboylQQBmGZJYgtoFFeGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=12600362156233832000&adk=3468572599&idt=40&cac=0&dtd=29

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27048
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 2644 30 KB
11 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27048
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2644 41 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214491
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EEA2 1 KB
643 B 21ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37384
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Fri, 30 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2644 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 188d877d31031b40a373936e2fd37b05cdfe0580f9fcc926adbe64237a03a4da

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9589 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1484055/72040524/ Frame 7CF9 244 KB
74 KB 178ms
50ms Script
application/javascript 34.250.56.160

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040524/skeleton.js?ias_dspID=64
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.56.160 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3a33ac3568a1da234fcefa866780b66e4a325c49e24aba1c56a2e6966214129

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 7CF9 172 KB
60 KB 34ms
31ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Origin: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54602
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 7CF9 11 KB
4 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AQgJutclimmDQpdYeONKMzPidaj0ZBY3SX0iTi4HE2bYHPtymmie9Jp1VfqF5SxH2TIT2inmCgRJYt-rvh_ZFwAD6VLjaRYPRrOirqivwiQO4huE00JrcAjpAThREsYsofG1zIJsoCdyhP_opSzI9SiZ57pnvfM_P_JFAWePVt1OwoRWw&dbm_d=AKAmf-AzWBe84pCjkoW2y9A36lddJWg07_bnxDgUzTPDBaAeBrvE8UIKmkoPQ7RMnQ4CsCABLUXsd9d9RGdvrWqtMs5yeMAcUOGu85QpNBQnWv0ni18qQDIU4NIZQ1Q99URBV7fAmBbCUg_9jBh-2R7sGUSlUR_Xli67yPAPXF4P7DY2w2vujt0f_aPV0RQKk_6fhYxoBf2-4sJg0BNh4P7eI1qps0i4c1Vfqp89jx-U3MepSsbst8ItCaWPWODl8XLXZSbjjf9WW8VrJ79xmQjHR-76ibHKescRyLauW4q9vh5C-PJoY0WvHZXeqVNGO0wYfLHeXoqhoUUlOsQfH-iGfgLxrgoklWnSNViVMrVMaLd9kUknUcnfCHySyIgwxE27uMru2JUhSv-nTXsb64Vt4Yb-_xv17aRpmcxOLxpQsQd4OMiy-Xw0gPJMc7VfD-WMjLzcB-L7KEHCuLydy8Uyhpy2Pehg1g9lb4VAu5zkOl3pykW0m3Hd4sOUS1Gc1QVWThVsufk9ejRqFDi03dclLBScJdRjsc3XR7jn_o8EeWXAytX2zqtxRnHeuevLBx9R2xAB6ioeq5aSLfflO_Wq3VaMl1SKWiTRjvKlsTFsbvooFl044GGE12yCOMRCmhKlYT593d454QvueRsJS3sHDI_JmjBji_so2d_xfwANAs32nNa2-ZZ1vuIUIl3SmJGVumPyNWJlqARzPtolMHLFbCrz7kMjGsfeouXkIvie2n39qxm8BfaN_0blasJjhjJZFOdsIHA7MtESgsPd1yEDuVewxPp9sq6TiDVknP6RFNpiP3TSSKFckHNXToR37rad4zuZ35NHqh22jac6OTT4IwvtvNX2bx1g0WJb4MIiFNbcvo3jVyvCob8KsnKHYSVkjk-ovRZUp4vlaOrzP4bG3-jG9HNQulAGfVfeck9LizgPZqEs9ubfH_kjFJNTwJETTZtPrky8EVN5w2R8iPZAERTlaCMH6QsZAP0XXNQCI42mInA1CaK5dr3PUug0VM8SGOu2mrfFKgv9YuggaWQNENn8Y2S4zs80tiozFaaXOfweVZiKJVUFNDWLszlIYTBWpVFv2CfT__881MVPHgNjNyErwDctX6myHdQK5f3GHMHZhSY-YLh1ZEGAZTmenD2oEv2_4DlEHNpwHxUyuqNsNwSHzR_RIsusIYJ2Ev5o9SoAjb2mX_A3BJ659l_0Qg-_1vCBTvsAzwZ6KZe-DkJWS9rs5jK3rWNkWGLhsWntGTNrPXEGuepYD1y9O-l-f48vU22LP7YH1-XIat2sH1Z6cZNFjAdpZdqzrmjVsnvKdbSbzkqPLNHfF5a9SY4lkoWEuNeXtH_zEXnyc6CKMhrAeY0Z6XqdDWGoQ2N00t0f0rrZGNeoVkCE2IDV-R41Rtafx1ar_IbO2upxgl0VCVHEjg9xSKm6JncMc0iFWrum7hT9F59mBluku274upXHsFg6RInGzxvsjbmcfgMkWLb7tZ3Kk2g9q0HCja62EaAUJq0AoA2kGJpMUFkJc4fP8L9jT2WbyAgVeLPiAs5UldU3UXmWKT9EU2fPMMywlit9Gw8AapFobnxFgFpxzXN_swtXOKlO0oZFN9HgWi05qcwy1LA5tZsCYFgOX30l4EfAYxC5Jv6WlcNtgVN4ooChHl6OHDJNKVAl4ijHUpCQW04-lHl0W-uEaIjWRWwuiXC7TGUYANhNJ8ug8i7WBG_vWUeU-IEp6kO8VWHkrH3C29-y43bOfnGyuebRUHTdN6Kr_5_P_97bOEGLZDe4IJslGVfyLsm58xPmOQzdB-B6Lp28GTpz97QRZg8NE38KLTUMBo3IyCqHhd3DHyNG3AsgzeSqAtaSKOHwqX0z8s5_5K4cavoP120tKRaC0t1DURRCeLynePqFJNKv_ZygmMiR96BQ09xuF77BBUpHf8k0rNewMVhDOZALI9zvQ1kP5sr3Hl0GeqF_GM2dcBB3ioRfTl4q2EtQ4qbimBq8cqMl3vDWHBytLcXLKP3E3ubC3Wv7eY6qpM8DYVsK4OcGOIvtDp1v_lJiZxDT8vmoU-QjuYu_6k1Rpz-NZaJTflY_QzvHtmHkN8khmbuKcKlh7NHiEGcv5eYFHWt4u1u_kEUlf04aKeWhyDbYRJQfvNX_E7s66HJihfgKp3DkqMwTR8OlpLcuyLYM-iQcDoxDNsKJIQFnogB64XEIlkRLmY73zCSWqO-aeJJoba0YT5dbvOKpitOX51Xld3PCyDiHmMJvXOHuf5eDPOh5Q9xNeiKudqX1rdovGHq1wCIbb_GF73CtC_YY-UvWW-C7j4Dn_inbvJ_cLsQ4Q6H5rKK00SVQY8GrJWtUpEbiu_UXOMIKPECwibAp6hS1KYBkWvrSM4Bl34QtYsbaPRTR9nxrScM98E8mfQoB5driYRtU37BiE9QoIOmyUfQSH4v_GGNCTprZ9zx0HQpVsLPwsLS_w0v3alpGnmH990tFhMd4ljtt1B4H56Tzn7nADnx3hSRG2jYkzHxRTeNHU5IZhejaVHUFGlpARhSuqIemkuO1QkTAc9Yo_T4ts9ZQ78B8QTrO-RWfaF1qORUkQXn22y_Dqf_yArQovwdmf5Q4kqfY2YQjD4aan-ChQ9kOnCIXRN9wd_o3Fyh8j2MWbl637ldG1QP342QsuaY_hK2_rxP92A85gjs6g6QBdC23E7hUUZHjDYc6DJfmTUpwmaBMxSeXy-l2tFk6ZxbFpbC_7yZQaBA2KhEJbqZH40EcXq4utlB6JykUYQ-eBDdTFYhB4eqlRXuBJk4AnRNlEPt1jo9Z6VucJfa8r2s58uGfTglVCMjGrBXCeChhfHTsNO2Wkqqzds5RkSIjOugBWJzknMl2xGYqNDOGC2ZSjxtLNpEGFh6D0lZ3Llq7_I-ZXKmzesHAzWp1ZD9FuPa4OKeHRCLgiq1JtXd8iuvrnq2Xb-btLnmT6c1pC1Q87dOM-t3K4h0iiKZWygzOwZAblWkPHg5vyFR2bsgAE0_DW5FmFcsIbz1bkLUOYiv9_YCKrJmjaWHnn9GhX2pNb5Kp0aICFzywFRXkjZTZS6u7g2PRnlKbKpoY3sMa2_h2i06ahKQRM2InacvE9Rn9rO7ECLr_bfxLH_wsAh2jEzmomVzZfR381iO9LdzpI0KRx4erbpiOHDZYzuqyrCdGtWKpi_usq7l8936kfyaCyXKLAX0MIsM-7u93gRfcDB1F0Cj42BAb_zhmpuUepHk4WJJtaGE5UzGYfYLt6R1kYycop0zMH-5Azn2LAMCPyQyMbsuWzv5Masrmkdx2gIwK75tbVRhd04Uw449NmVEVxyiN_aJ-ZReMnKYT6YzvsLhds_L6pAeDTQ&cid=CAQSKQBygQiDwdiuwYtQM2E9G5ga3TniPbErysel6BVRyKDrQWFlF2EBHhoFGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10761180261705787000&adk=3887872403&idt=52&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27048
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 7CF9 30 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27048
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7CF9 41 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214491
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 330C 1 KB
643 B 21ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37384
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Fri, 30 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7CF9 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d4f6fbb124a841f96eea0f14a51f711f80d333a954250fc4c63e7f158109f019

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C5ED 22 KB
8 KB 21ms
21ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 214185
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EEA2
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEM6avSCpA13YQil22j_DOLY&google_cver=1&google_push=ATf1kGPSj5dHb7SOb450h97uX04bYUm0mbD517ejRJdfaNFLI8tjyn65dcwt9ywlflG3EHYB1FTLz860smh...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPSj5dHb7SOb450h97uX04bYUm0mbD517ejRJdfaNFLI8tjyn65dcwt9ywlflG3EHYB1FTLz860smhv8YZs2bbzRUJWdlc&google_hm=eEdlp9-VRMuD90phgRfRiYM

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPSj5dHb7SOb450h97uX04bYUm0mbD517ejRJdfaNFLI8tjyn65dcwt9ywlflG3EHYB1FTLz860smhv8YZs2bbzRUJWdlc&google_hm=eEdlp9-VRMuD90phgRfRiYM

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPSj5dHb7SOb450h97uX04bYUm0mbD517ejRJdfaNFLI8tjyn65dcwt9ywlflG3EHYB1FTLz860smhv8YZs2bbzRUJWdlc&google_hm=eEdlp9-VRMuD90phgRfRiYM
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EEA2
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEE66--JYK3xMcj-xGQeHB8o&google_cver=1&google_push=ATf1kGPSyNy5kcN0b6K_kwqWkugOHcVm7Ao2IhDkeWH7-RErkpEsmZdXp2UqIyrb3W2YqeyYUInWO79AAVi816...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDI4NDY2ODM0MjEwNjI2NA%3D%3D&google_push=ATf1kGPSyNy5kcN0b6K_kwqWkugOHcVm7Ao2IhDkeWH7-RErkpEsmZdXp2UqIyrb3W2YqeyYUInWO79AAVi816EAEH...

170 B
188 B

34ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDI4NDY2ODM0MjEwNjI2NA%3D%3D&google_push=ATf1kGPSyNy5kcN0b6K_kwqWkugOHcVm7Ao2IhDkeWH7-RErkpEsmZdXp2UqIyrb3W2YqeyYUInWO79AAVi816EAEHZp2Rvmm2Y

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDI4NDY2ODM0MjEwNjI2NA%3D%3D&google_push=ATf1kGPSyNy5kcN0b6K_kwqWkugOHcVm7Ao2IhDkeWH7-RErkpEsmZdXp2UqIyrb3W2YqeyYUInWO79AAVi816EAEHZp2Rvmm2Y
Date: Fri, 30 Jun 2023 01:27:26 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EEA2
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEMwtCwQiH7YmnCzOCR8kiDM&google_cver=1&google_push=ATf1kGNlVDJhrieeU1pYapX-P0UrXX4_GpD5wIWV_JTwXYCaZjrzuYaTtb78k8LP_nVakQ8LdSnQZLMeHUTdFptjDq3dkOQ...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMwtCwQiH7YmnCzOCR8kiDM&google_cver=1&google_push=ATf1kGNlVDJhrieeU1pYapX-P0UrXX4_GpD5wIWV_JTwXYCaZjrzuYaTtb78k8LP_nVakQ8LdSnQZLMeHUTdFptjDq3dk...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGNlVDJhrieeU1pYapX-P0UrXX4_GpD5wIWV_JTwXYCaZjrzuYaTtb78k8LP_nVakQ8LdSnQZLMeHUTdFptjDq3dkOQj0j8

170 B
188 B

34ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGNlVDJhrieeU1pYapX-P0UrXX4_GpD5wIWV_JTwXYCaZjrzuYaTtb78k8LP_nVakQ8LdSnQZLMeHUTdFptjDq3dkOQj0j8

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGNlVDJhrieeU1pYapX-P0UrXX4_GpD5wIWV_JTwXYCaZjrzuYaTtb78k8LP_nVakQ8LdSnQZLMeHUTdFptjDq3dkOQj0j8
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EEA2
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

34ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGPI6SiLtzy8YVrMNyqCuCQzvlfxJlASmXF8cX38NsWfT-kgK9F0Rn_ecpwjolJMTgDoofJmiM88igbs8KXVoxw1hk6yYN0

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGPI6SiLtzy8YVrMNyqCuCQzvlfxJlASmXF8cX38NsWfT-kgK9F0Rn_ecpwjolJMTgDoofJmiM88igbs8KXVoxw1hk6yYN0
date: Fri, 30 Jun 2023 01:27:25 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EEA2
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEIU9jGUh9EzIWsXw_uuVQeg&google_cver=1&google_push=ATf1kGP-_U8BUcs7Nv4d0FsH8ZMCMnBzH-p5KKDMn1Xdh9lQAlK7-KV218al_plkwIUq9NMacNdF2912X_8RTd9r...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGP-_U8BUcs7Nv4d0FsH8ZMCMnBzH-p5KKDMn1Xdh9lQAlK7-KV218al_plkwIUq9NMacNdF2912X_8RTd9rFLdTwaE2HTk

170 B
188 B

33ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGP-_U8BUcs7Nv4d0FsH8ZMCMnBzH-p5KKDMn1Xdh9lQAlK7-KV218al_plkwIUq9NMacNdF2912X_8RTd9rFLdTwaE2HTk

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 01:27:26 GMT
via: 1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA6-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGP-_U8BUcs7Nv4d0FsH8ZMCMnBzH-p5KKDMn1Xdh9lQAlK7-KV218al_plkwIUq9NMacNdF2912X_8RTd9rFLdTwaE2HTk
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: T2V03mqi1DCswVYIxDbNwDalDb56CzRdRKFeG-UI7-uQ6CBXd5NyXw==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EEA2
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEG4b491QdDxlO-puRcCOCgs&google_cver=1&google_push=ATf1kGOXUAu0NUxXmPWh-qeooHhuL0_UwuUsjmPLnsAo9V9iP8CtS2geCmeAlqIHXJQ3142nJRNaksY_OUBjgX-OlocfoP...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEG4b491QdDxlO-puRcCOCgs&google_cver=1&google_push=ATf1kGOXUAu0NUxXmPWh-qeooHhuL0_UwuUsjmPLnsAo9V9iP8CtS2geCmeAlqIHXJQ3142nJRNaksY_OUBjgX-O...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=ATf1kGOXUAu0NUxXmPWh-qeooHhuL0_UwuUsjmPLnsAo9V9iP8CtS2geCmeAlqIHXJQ3142nJRNaksY_OUBjgX-...

170 B
188 B

34ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=ATf1kGOXUAu0NUxXmPWh-qeooHhuL0_UwuUsjmPLnsAo9V9iP8CtS2geCmeAlqIHXJQ3142nJRNaksY_OUBjgX-OlocfoPK9VBE

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=ATf1kGOXUAu0NUxXmPWh-qeooHhuL0_UwuUsjmPLnsAo9V9iP8CtS2geCmeAlqIHXJQ3142nJRNaksY_OUBjgX-OlocfoPK9VBE
access-control-allow-origin: *
date: Fri, 30 Jun 2023 01:27:27 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

report
sync.teads.tv/um/ Frame EEA2
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJBKseqC6sa1...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGN6QSVNo2nbuxEhaTlEheBcxmlleZdxzT1b9AM2exmgt2xnTi7BuEGQsXM6k5KBxz1wvxZ4LjkRVvZ6XwscbZxrILPHwz3C
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

44ms
43ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 01:27:27 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EEA2 0
12 B 31ms
30ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LMudf8V1ZXPnaLMy0x-j0X6Grl5dzJVnwuNiAL4gJahK_Ms-9umLJaHAUbNSHX47swIGKOJg

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BB1A 624 B
242 B 35ms
33ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVxVpKzKJfUbruxMkDE2JiHDmYDNadyU74NZrDkbnqwK0wCDLOjCmpQCe6r_jt5eyn9-qEZw1rEGz4wI4F9tHuL_Xt6rggBKQJx24gxkpgkJYqt9ZaNc5QejxgnureJtz0oYQvR8qw2ULSPrOyqTI_0PGFsM3MRjlkGSBjJ8wifizlB1eE

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9589 78 KB
27 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9589 42 B
63 B 56ms
54ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DO8E49v7kLoePaDA4VrOWuJ_fOafCuxXF8QgkPa1Kgv8A3uliUOEJes14OgUvIePrQVIOf5xMi8zph5vTTN4Lwa_qg-NsAiAMPttnbe_5ai80MIck

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9589 0
20 B 57ms
55ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14497135435575532012&x=1&ct=76

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 9589 3 KB
1 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27418
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 9589 20 KB
8 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9589 0
0 31ms
29ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSJ48Ogj6Pd3_f2gk253ZlE21VnkkA6ldmd3j3Ze0GzY4xpR8ZO5nMizZrpiO6PvPL9ihJUApV_GgD51Mbv_mStReUNSw
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9589 179 KB
56 KB 37ms
34ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H3 200 300x250.html Show response
s0.2mdn.net/sadbundle/11065803848835661824/ Frame 883D 47 KB
12 KB 76ms
32ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8c779f4fa5bf396269317b6ccc5bd0259ff6b28d9dc40eb75cf47aa245b0bde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:27 GMT
expires: Sat, 29 Jun 2024 01:27:27 GMT
last-modified: Wed, 15 Feb 2023 15:30:17 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2644 0
0 142ms
72ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssOOI3VebrQvc8nx7hKkFGaUsgJtwVY-U5fKr2eHrbCr5KlIPxWYOinuafe00yZG4l55I3osxa-GVR1vz82VXnhQMC6s0WDt1vCp_BuKZie5OLnHG6vLyTHS3gKqZ0IyyVMlykAIE9ug9aEREK2hsY8z0KbTcLICW7YQ37TbybdPFNejy90tMafmJrNUZoRgK2cYAFPctiEA0StenFcywFcKjJRTgba-xzqMOuGAn0RLIL7j66kn5NfcpoEOE7xo7ocXen_ODPO3yrArTGUXV3oljNT7m0dwU__4KNU2e701jMX-PO8in29S8eWfCazGPHid57LiLcU_wB2qejO01O_pZZoTaiLoffDkDWqw9QtdziOrgV_Ake-zPxDb2Xxb7gGEedy59DPbPK66Okn1Y7eVvRhA8WuWKnpGYEedRNkYNyHripS5Lzeu-tDzxh8nyH_FdduSgqleNIXllXhCpso196KJpY3IpwF_FyAbyL6kSMF5fRZRrctTCh8FaiTmxQUV0CC1MMWZHFb6banywNPMYDXK3jr2xDP3azK1XH07bRCRxoOlWiqsEHaM2zkV3ld8t5laLIDom_d0RPKUF3U0gn7-IVJy182vpUyU6VWEJ_8t-kFTLDZ9q6pitWyk0zrmOWrv6wFoA8P5x2n7UPXB1EfkuEuVMmn7cZKpqN5HEk5U1geQgniAQBXbi6eO08afNNdkaUP8mX7ZvbZ_M68LbZ9zzEwAKBRyxe6npPtyX819A7_m4rB5t-TjxaE-DzVtWfvbZ2tOYoe_SBh2cH9OFOuOKNlhrqaUpfDyVZAK0H9HFHzo1LoPTuHPlT7g3t9jH_KgRV4gbm1TF05NzklLF9ent77Gs2XHeJaQTATrZ_hL5_lYtCSEUI4kjC4RadIPKaZJbIfMm7tdonjYhHfFbH_wvB-nJV2cXrb_CIkvrDP9ac2poptywpp_86DTJhgE8HjrNRcfLwnVisWhd7dMN9_h-PwZmyTmCkQMzvSR8aWu7k3jvS0NhwPAQ7YBcYHPR580skPDBnjaNEPd_emI82saDOf26_2Dsecb1u1J4bCWBVrlP2jLEda5nc4Qd7_9c2N3zmLOSfr02dJQnhycdczf5HMGJtdEy9xgbHguLAYzWdDmwIEHd2tLxQWt7dKyf1AR7SRZg45JVo3PVZOrkYUH4KMRwUHn4ktEuAeQiroxrsIWRq1a27wuXrADXOyjsy0GEeO9TyiPl-vc3bc-CIipAZ45Y3ki6OMEplFy-1FIzCIKBPJb2gdhNoerKPuYI1FfEDXDlN848JO2xaUKZOQr_J_iBQtYrd7DXvWoUXURH7a7JwrX8_WJ0065GSct_Yy&sai=AMfl-YQDhYz1V5VImkRsdh5YPTRfc3ZA-j0KZOMzlZDMxP0yFbh4oPY-c1eiyEmj-qmMncAnnczt-Vb2vZJdr-fLRkS6o3GA2kTFPMTqf2B-9pdihDv5DWlf2Jrd7nlGXFUQZ4_rb8BlLJI7EDNDxh6dixtsV1hiEF0Qci5Wx4ckZ6t0lyCmpglfxZG_B5-Q6_CMRFinDmKhhXV7lCTMrK5HH80JUgtg-WwO_VdW&sig=Cg0ArKJSzLL6EqwBZcX2EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=159&cbvp=1&cstd=149&cisv=r20230627.05004&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 330C 70 B
265 B 153ms
47ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEJocopiRUPOCd5KXOSXOQYs&google_cver=1&google_push=ATf1kGP1ulW4jvLojw-CK-cwcZZ3j0LipAUyolAcFFWNKvTr0dqti14TeSzIZ89Kiy3ACdcRjI5z-SvODihUjRIql1Lm8_THCElE3Q
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 330C
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECEZUMUqx7UY-u0uqYCSKWw&google_cver=1&google_push=ATf1kGOc41KRY0CFXRDIfCFge09q422sPFEwEFVRNSkhsurConUvodOIH2NYTqtbcsWZKpIRFBbTG4_cYdv...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOc41KRY0CFXRDIfCFge09q422sPFEwEFVRNSkhsurConUvodOIH2NYTqtbcsWZKpIRFBbTG4_cYdvRi_bgp5dwi4sYtx-C6w&google_hm=oCcRmYEGT-iw3uBMQy...

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOc41KRY0CFXRDIfCFge09q422sPFEwEFVRNSkhsurConUvodOIH2NYTqtbcsWZKpIRFBbTG4_cYdvRi_bgp5dwi4sYtx-C6w&google_hm=oCcRmYEGT-iw3uBMQyMuvoM

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOc41KRY0CFXRDIfCFge09q422sPFEwEFVRNSkhsurConUvodOIH2NYTqtbcsWZKpIRFBbTG4_cYdvRi_bgp5dwi4sYtx-C6w&google_hm=oCcRmYEGT-iw3uBMQyMuvoM
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 330C 43 B
245 B 82ms
29ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEPd2xJ2EJNoLxIkpUgyQOok&google_cver=1&google_push=ATf1kGOTLuOHVXrvsF7qRNPlfQ4rYVsl8mFT8bvh6tCuVWqzExTkJdZNj1mJfSIMYBsx0Im1JRkFiHA-MQPzYSgpxJiodbEcegcXpA
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 330C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=ATf1kGPkaL0v0A38EU-fsXDHFu-l544Tk2mkc...

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=ATf1kGPkaL0v0A38EU-fsXDHFu-l544Tk2mkc1_sKGb1bSslyJxfLqFzDbwsKd8PD7-kLioahbq479Bfw5M8h-TlSj1snSq2YgMEzw

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=ATf1kGPkaL0v0A38EU-fsXDHFu-l544Tk2mkc1_sKGb1bSslyJxfLqFzDbwsKd8PD7-kLioahbq479Bfw5M8h-TlSj1snSq2YgMEzw
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 330C
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOsdG3c_UcJpW8TgvC3xU_E&google_cver=1&google_push=ATf1kGP8y5TN_bb4ejaw4u9DcMN3liotBDCwi3u6Wo9niuRlXDvXOiyQzRkDTom8M26BhEJysYmIE85Mq36kzrDe-...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOsdG3c_UcJpW8TgvC3xU_E&google_cver=1&google_push=ATf1kGP8y5TN_bb4ejaw4u9DcMN3liotBDCwi3u6Wo9niuRlXDvXOiyQzRkDTom8M26BhEJysYmIE85Mq36kzrDe-...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGP8y5TN_bb4ejaw4u9DcMN3liotBDCwi3u6Wo9niuRlXDvXOiyQzRkDTom8M26BhEJysYmIE85Mq36kzrDe-mZUBvj-XFYr&google_hm=G5lXrGZH_7e4ODl9St6gVE8n

170 B
188 B

36ms
36ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGP8y5TN_bb4ejaw4u9DcMN3liotBDCwi3u6Wo9niuRlXDvXOiyQzRkDTom8M26BhEJysYmIE85Mq36kzrDe-mZUBvj-XFYr&google_hm=G5lXrGZH_7e4ODl9St6gVE8n

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGP8y5TN_bb4ejaw4u9DcMN3liotBDCwi3u6Wo9niuRlXDvXOiyQzRkDTom8M26BhEJysYmIE85Mq36kzrDe-mZUBvj-XFYr&google_hm=G5lXrGZH_7e4ODl9St6gVE8n
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 330C
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED_fH7NGvD5H73ZF-sARbm8&google_cver=1&google_push=ATf1kGNA0iA-QMY1pzKjp8LCWlRowpAs2xCvoV8Z5Ds5gmiDL6dPubU07JxINBa5nyG32CLEe50sx380fawP3_yz4rIDOJYykx...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGNA0iA-QMY1pzKjp8LCWlRowpAs2xCvoV8Z5Ds5gmiDL6dPubU07JxINBa5nyG32CLEe50sx380fawP3_yz4rIDOJYykxC...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=ATf1kGNA0iA-QMY1pzKjp8LCWlRowpAs2xCvoV8Z5Ds5gmiDL6dPubU07JxINBa5...

170 B
188 B

38ms
36ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=ATf1kGNA0iA-QMY1pzKjp8LCWlRowpAs2xCvoV8Z5Ds5gmiDL6dPubU07JxINBa5nyG32CLEe50sx380fawP3_yz4rIDOJYykxCOqQ

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=ATf1kGNA0iA-QMY1pzKjp8LCWlRowpAs2xCvoV8Z5Ds5gmiDL6dPubU07JxINBa5nyG32CLEe50sx380fawP3_yz4rIDOJYykxCOqQ
date: Fri, 30 Jun 2023 01:27:27 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
onetag-sys.com/match/ Frame 330C
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJ7YWOs4ZG8BuTe5Pij-oCk&google_cver=1&google_push=ATf1kGPKkKR3AU4TyFW75Mvczb5ybsyCdYoeeDVl9F9tt9WC23Qwd7CvZU67C2TPMiVaIbRRDuWh5Uj5ksQ...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPKkKR3AU4TyFW75Mvczb5ybsyCdYoeeDVl9F9tt9WC23Qwd7CvZU67C2TPMiVaIbRRDuWh5Uj5ksQPPfBFcDRvci6Zj0NpWAI
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

21ms
21ms

Image
text/plain

51.89.9.251

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.251 -, , ASN (),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 330C 0
12 B 34ms
32ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IFde67-IC3N6_D3V7A0qK49H_2ZbQ2vABD67R0LMiEwS7siEBOzFWQcFidp0U0SQpG5WPbNA

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D3FD 22 KB
8 KB 22ms
21ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 214185
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BB1A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGRHDlSXpF6TLduZh5GZA2I&google_cver=1

43 B
632 B

23ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGRHDlSXpF6TLduZh5GZA2I&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVxVpKzKJfUbruxMkDE2JiHDmYDNadyU74NZrDkbnqwK0wCDLOjCmpQCe6r_jt5eyn9-qEZw1rEGz4wI4F9tHuL_Xt6rggBKQJx24gxkpgkJYqt9ZaNc5QejxgnureJtz0oYQvR8qw2ULSPrOyqTI_0PGFsM3MRjlkGSBjJ8wifizlB1eE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGRHDlSXpF6TLduZh5GZA2I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BB1A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ4vfs7-Dx1DDVUtuRPq1QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1

43 B
632 B

23ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVxVpKzKJfUbruxMkDE2JiHDmYDNadyU74NZrDkbnqwK0wCDLOjCmpQCe6r_jt5eyn9-qEZw1rEGz4wI4F9tHuL_Xt6rggBKQJx24gxkpgkJYqt9ZaNc5QejxgnureJtz0oYQvR8qw2ULSPrOyqTI_0PGFsM3MRjlkGSBjJ8wifizlB1eE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame BB1A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPmkSGs-YwVYzJ2-GDd2imE&google_cver=1

43 B
1 KB

28ms
28ms

Image
image/gif

185.89.210.20
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPmkSGs-YwVYzJ2-GDd2imE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVxVpKzKJfUbruxMkDE2JiHDmYDNadyU74NZrDkbnqwK0wCDLOjCmpQCe6r_jt5eyn9-qEZw1rEGz4wI4F9tHuL_Xt6rggBKQJx24gxkpgkJYqt9ZaNc5QejxgnureJtz0oYQvR8qw2ULSPrOyqTI_0PGFsM3MRjlkGSBjJ8wifizlB1eE

Protocol

HTTP/1.1

Server

185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:27 GMT
AN-X-Request-Uuid: 89f80311-ed30-463c-954c-0e35b8622383
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.215.131; 217.114.215.131; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPmkSGs-YwVYzJ2-GDd2imE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BB1A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D

170 B
188 B

33ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.215.131; 217.114.215.131; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7c8f3df9-dd57-4cdf-912d-d29e7b549487
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 7CF9 8 KB
4 KB 179ms
35ms Script
application/javascript 2a02:26f0:480:9::210:ee04

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&num=&adid=&advid=4309118&adsrv=1&btreg=558488166&btadsrv=doubleclick&crt=192207036&gdpr=&gdpr_consent=&tagtype=&dvtagver=6.1.src
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee04 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 104fe1d096865fb450f1d921b99ea70d85d935d9c8a2e88e980de371e03ea9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Jun 2023 12:21:21 GMT
Server: UploadServer
ETag: "4c41482e45017a01683eea2db59c11aa"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3373
Expires: Wed, 28 Jun 2023 12:36:53 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16829948873192997814/ Frame 2AE9 14 KB
3 KB 33ms
30ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8cd9f7f932e502b97e7ebd1194ba28e4b5a441b6100a07a09a6c02f102c8b55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3050
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:27 GMT
expires: Sat, 29 Jun 2024 01:27:27 GMT
last-modified: Fri, 12 May 2023 09:19:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7CF9 0
0 105ms
75ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssVRJQODanb0ICS1hPyiWSQ5uMmgFeXSboBKDy35fntm-n91ColSVFM1lsggGsXWbG7V9GnnZDr1nBtV9ZYj14Q0UhdksT5sOHG7yhGy5o4ySKcABseHzYWw6JGyfBy-ukf3iZM1hrY3GMGhOo8wa5wIKlq2EaSDDoALI0MGhe43r6M-S9tH7D3PAOtxWbzhiAxG45Cl4Vv1uh1A-l_1Nqn4U0hZsD7NOrkJRJUiZIPQF8wKr2lOH9sflsp_OwtCqHj5jEUBzKcf3jqeNgT1wZCKvl809p7rDrp0IbH1vi66ldNOsgrZdl-AB8sXfPgvtCQpkmxaC5gspXnyENOLRuh5UEfMLBtwzLfCFzhSWz0Bumht0bNaLjAsTiV7J391uZHYMcc59j8UcNQSCHh56PR9huLwYOg8fhDrgi5gLZojmKEr-2pUcYO37Kxc7SPdmA8Di1xb2901Otf4XOi3uwczQ-UD4_8WX1j6T1z3mE-91UGbH3FFX1NCDBwDHq4FtnOATJfq8cXxtFqcOFqe1uyhaqgWLB7Nex4xUet4RkPB-RHRbC8FS8qdBmmUlPr1TnKPyDpLm9EN_9AfRsL-HvhFmurwRaHuzv_G3eXOc07lia64exsqxGgFPqCRV_zbnz-RpaRLRa-pYFfp3IeemAuHcC4XeZm0RNqAHbnFPzYOXfRQaYOM4WEKQwWYATN2vzsEmbpDRol9I4xLXDqXBBW-CIpuI0ORv7FTtcxyrbGm7jBHRO3uNsppU5ekT6veZ_IJtj_LUH-vUlzTVx3nruKDSKlAIwuvVT1GkuRQL-JHfJL8UtV5-kqy0gFZ3OG6iXD2_YIoic4dgNsVUcohhvd_vL8MyAqKtzDpyRQYwiKQFG44J7kcu3nYsBhPUoZhEknUpLt7cojHiQ4X6qfr-JNCqhygo168oaLHYHErNy0hwe34PNMAJAsRnY3ppoiDhlWGFEqgGzk-4NbO7zUW5Q0FgsdFVZh2oiReeVsQs4l_n4pUpyYve9k-ntUHNCIpjuYJO0QVMnmyCH3ojzxinJsoVwfir-dZC_dE6xwxCPTaa0i7Z4KtyYVDZlICrWZjo8qUGYhEERcxA0YGs6QJ9CszwVpXHgMP3UK3D3JBb-RvhFDYhwHMkh8m7TewZdzbHe5oG7-mbpqut1sCI-a6NVThXKpx9NQvs-ReaCY0HHcfrVUQq_EuKkunf74x6GTcD4AjvG8KvR1tyxAsQHzZld5mSY0ukoPu_oa3eGpckU-q-t6Vjsv-uez4YxPHYZWxSrbQtn6mwetF8arPsSpQiGLrO-v9gjfMk5Cei5LigL5axh158BXDXXN&sai=AMfl-YTLQTov_eJLVG1tUwkCPsm6FaUHsCSpBBRBZclaiMTzeIwHldiZco86HTYdGV9s-KzaYkJTFaMAAy1O6Xb8POyQlalU5i1eq7pXZI0oBei7OeTOGe86T4gZUtxUxInKPwMrpiUgAKrI__uub6xV8DH_kMulLTQjG-jLgKUEstpBHVHFuwGbTXaZqkkhcIYlECIq-hUl83pduou-cmbS-n-xNjMAE-fEBl1WZg&sig=Cg0ArKJSzHyl-iN32_CMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=120&cbvp=1&cstd=112&cisv=r20230627.45814&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 35AB 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9589 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=227428303147&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9589 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=227428303147&version=m202301230201&ct=76&x=1&cor=14497135435575532000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9589 103 KB
39 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DeRj2gZQvi0gtb6MD7z2b3z3aMutljbtDfOJzzX9qMLPKxx13aFZOb4zcs3I5UI5l_fePlm4iZrR-pJUKfzo-YUn1mHPxYVCuilTq1JiGRmZZhE62qJ1m-eBaZAgLqgFbdieN-s8QZtPddkpXAFqQ6Af8y5t6iSZmu_MVlQpun7z0Qhus&dbm_d=AKAmf-BAUvPrRtsl82cf2oOJi_I-goz3xRNkxNS2C7RkhF79ScMbiO_64Ixe0kDJ80zMIKtRv02hFcMXLyilD3Rv55a6z1SNiWcbACyZYcOjkSYIDPoZIGDttGa_ZD56hE4m5cA3lCL1_eO3TzItRdDrrcgspSOQZBs6BYpJBW1KcOEeY6Vdh9lobS7G5cf3EbV3soway86dULP6PmXcvZPsyB62r2vzCQ7xQK-U3hxqv2zEqMT0m0afaEoihGzTUJJZBwUtDHRpaFKbHPESJ-8-76zV7cA-DYplmCxy88aqoHZD6ncbTDMEdb9J01tnnKnndEQTNEpH9cUXIHQ-T1IoKC7mGNYvN5VempYEkCFX5J8LHSf2bfDRuRB_dR_LMuiIe4kOxcvJRs6KBHozfdi_b-diETujBF6wQzm9RfiSMSAVTM-EpgFScM0tXiykPbZmMG_uPcF1OrS-gnIvzxRvurTELkCFMdOHm1AdaBmXeERHOdjqNmwjGFFrHsLQ4ZYasp7gjTYngdwGuIRJN-sAvJSFcaZQgA8wP53nyB5lyjg6CgzUSkOtwki-dDEGk3EgYa67B4mDEr9qa_1PM7naxE-sMCu0k8ahyKX-Kuyay5Ii6tffZ37LJBMfn4FtBpLB_jueLXD4hwaX1a76k5ou6h7LNPNl91PcyCcybheOcdWgRehdzG4RFQg6XLcTnzXdWryqjY45SRm6bYzqM6MGWfyqz7rtdqlPIpukeM3s0bDEiuCiDJsTYFK47--y_SlPnE_WPvv760gGZTY59mqB2ytkraOhOUG0cnvpFv8qZiAUKuGkAX6H_5irHYWLd4YloXj6BqFOdgO1cM6hT-DVQslWjro6R82O-XNIB56xoHQAsSPx6LnFJn9mERY-7fimDQ2XA45PaWiStlg8HxKJ3kXQv5eESC1s--CsBKF9J4LFI8dtFGQxAeK6sPb09XHTNhwaPJY0TUQ9siy1YIdWjIBbA14GWEFL8IXNENDkmRXvdInifkFUj22CXEd-uGE8HDrZBlSaOHuM7MrNeOw1TQeWgMtrFa0J7EXIuyMPcSJAF-2fs0B2FmDw9POU37n0a8b7rLH9YFaAXgNDsCoiJiW4BKoAiWY0hrEB9-YTIzkUDnQFrDm90A1WwbwUN9ZevnygG52G2KMwqV8-bboAqec9Hp95ukzMUq3UrZmrKC8-D-tSaqJJ6VvWotxQkpVpVMf0s3V4bs-Iuh6TBiONLA_n0QgjjpYvBfRfBtzfEkaavnx054wmvuAdAzybbwi_b_JnL-2snmW9SDGesMZ4ais2xeXmsYbAFCvNtfBHDy8D57EywXxxUeC5wGo_jp5qRdpyaq_3YqtSschhq0wPHVRmiSekYfLhCebFSkyuXBXHUG7LZBfQ80_HbzH_BwnCG2vM0xAN6ePi9UwAosbT-cVRQwR2Dc4TMFK8JDMQmAONkLDv6tcj9Hvtma_92c2r4dKgn3CCV9ieD7XiV5gqxyelm0D86fmdk0IMJ4L5AXcVWljceGahPQWkYhpc92-3sli7SGfCpCoI--tnc3QO61vpWMaWW0Jf-Dbe3a4DKF8Wfo0wqYxZ0yEshFyDdL__wEGTJynCfGwNRAZbtz-_Oh6R23NT6GCkQ7Z2g5D90uIsmKL1l1T0AKZbsVpTTytnH7aFHaIEicJwOEEIZwtL_A0CpWhdmELne3UOTkZZzyvVKkN4VjttC2u33rODNLBCurtwGOoJXabqxz9Yedb0zIRnF495QfcicL3kKbiixnFOORp2kl_-ZJlm9kWH61_mTEV0yHK35QYVFKzzmfKqqtxTSAZmJpZaCkb5TpIIE_H1ZQkDnVnr4lesTChlLpzCwbdM-pyy7QhQACMStCa4Q0e7JVCl16rDVk_2P9tS-JqhU8lIMgI59t0Ro0w8A6dCoD9FXu5sWnrP29ToNyAq8vmr9kG-snIqBj-1p0MJJr624T40JZX4v2Bi7Ts5uJlPcQ1IaCATyoN5VRoCWzMNOzpLaFCq2uxpW09Kz4pOdN1hqYBmT_C3DBa_bcvYG0FJZgcE6lARvc-8jLOmD7Mw66MS6f1HAIifZ8yq_fnme3UitZJR9PXsEqxaEike9_vmgq9OpcLdnxpMFq2nfhJqqNBawCkSTMeJFxVkctSmv3Em6QGUn9a90CbsN5OwbTODTtVqagCcC4z5Q64CJbqn_AyK7ncihox0-6a80y1fvM4fEsMra1ytFffYZdoEip2DM6iYxBM0-fJJcX6sQJzoGzFnrykjEIYaoSTM5nH2ToMAk00bdb0zzysT8vvAzl7YjbRYnoQbbR7M34IU0yb3frSpzo3FzgeEy1ZiUJjeYv35bHtEeCThx9zynN8ft41MMaqYEUpPJo3SJvlk6jGcu8wrlMIpB26Mac4lS3EhL-HU8vetpnfse2j0zrnQ4DxbmY16r54lk5XKsHy35hjrtJlLO8r-eK2U1udNDtOSejuYFV68F-Nun6uGaAoJruh9asqVEtV-y02_1qr5nj7-exxhXH18u6F-DNM9hZZuJd484UUq2wmuBlI5_v4_t4zdryCLmPJrYoLIRI3PKF5da3N-R9-0vD_TajsXrrYPs873q8PQTW-MfH6Y5AejGtqd-hmx2ucNpUCQeJecyX41_82TysBAruaGDFXt9VFGCuu6A02590N6xzgBHpWpHYf96K3jY9st_xk8SFwzIcyahWaUwmzwrXVRodWwi-VV-NB95bwxBBxa_h0lSmQAjEUC79nWM7W5XuStfv7_lRPmakhSVftVMrk2QttMOIWHpI0muKxJfD_m4wjllgm8yRuFheUAYPCSWWGcXgoNZ21DdNyeqyt5QK8XhwkBqzPQAMCGxCroHOXFZ9J1qB5KTUuexYwaY-kBm2KWVqeyZgk5MfZnquBFnC70l2wkNN3xwVEODjK54uQ-I9IHjcIGgTHfGUwLmBS8nLW2p5AfZOXFyH0V5S7ppT2WDnxI8auY7J1BJuZTD0f5ylkzC4wbfNH6eeLn-u7RbQUcL4V24Kc_yiaTfeykYJ7jjJsMH_5rI3MLa6op7e28_XkMX7WOAKaVLMAlSUiWuC9ThPoDPYVh-3-vmFtJgQnzMFxdwDtT7kSp3E9e69Ha65fYlI4gctbH5nkdrmRbWIGm_VUsXtEIfu6nPXt9nhvKjGzWVbTD6caQ4WRAGs9zC78Z08rS5c-XvKp-bGIxuWvEVpdWbYf_WGinQG4ZMvz1R1SQajL9019L2XswuE7Dc3O_UhjNTmvLMC0TMM692bnioh1Ri8P_V0fdmv9BZvCcqR__ldSdVdzLGLeZUL9AH1Vffxmuk2_8HLbKZJI5FoYbDrnLUwH37mlvKW5jMojfno5CrfZSp7-KynGMUijCz0MxW_4V_cMcuj5Cg6Ns&cid=CAQSKQBygQiDMzOuCVcys6A-VWJD5PP0O3J1M_TP5m0q4G6W3lYEOo7GE5GGGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=14497135435575532000&adk=212707235&idt=44&cac=0&dtd=11

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eacf81f2aea7086efad6450a0e9b5d8d9ee63613d45a4520fd14c0d3c633002b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39917
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DE9C 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1B29 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 302B 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CFC3 6 KB
3 KB 22ms
20ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/16829948873192997814/css/ Frame 2AE9 6 KB
2 KB 22ms
22ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280933
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1606
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:14 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 2AE9 120 KB
41 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83862
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 02:09:45 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 2AE9 95 B
122 B 23ms
23ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 14:54:55 GMT
x-content-type-options: nosniff
age: 124352
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 14:54:55 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 2AE9 5 KB
2 KB 22ms
22ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280933
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2339
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:14 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 2AE9 60 KB
24 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=CQmmVoRPws&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 883D 118 KB
40 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53466
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:36:21 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 883D 63 KB
25 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FD0A 0
10 B 20ms
20ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?s-5pJg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 container.html Show response
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8E39 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:26 GMT
expires: Sat, 29 Jun 2024 01:27:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js Show response
pagead2.googlesyndication.com/bg/ Frame C5ED 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6c4f7a3d487b7ff022968992263a5783a6373fac408f2185053c4937fbb4fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:22:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 198278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:22:49 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5BC1 624 B
242 B 36ms
35ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNyw8QIQm8jZsAIYmrWI7QEwAQ&v=APEucNXNFf1KbqaI5ra2jDmZvb7vTq-GaY9M90m0mP5y0dPMum7N0emJWQUaqFWz18LzhqbhcP2-lgeDzV4IW929lf9zbHHwbPvurBvL9U_k4OTwtn_Qct6k7KwMTWcUh5U9GZIyDu8l1vfBcydkn57jv22utxaV6mYMIj2MNKmdRcmqRO-9giE

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 35AB 78 KB
27 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 35AB 42 B
63 B 57ms
57ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CYq3x4rMV7k8Yz9WgfvADGMwI2ALKhD4F2RUi9PQ7u47ckGiytrOXy7w2J4uEXWyO5NH4hCqdGu9yXWnDY2dDgOVZ02JKZw2lr0eCFlRsWDY5BNSs

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 35AB 0
20 B 58ms
57ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11692701704189960992&x=1&ct=76

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 35AB 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 35AB 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27420
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 35AB 0
0 31ms
30ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT2ztn1rCMSBWw7SQtIAURC7AmmC79Ai9kKfbbsTVM83ZHbue9nb54oeK5sVZMxm1xUb9T7dQ1tJujG0k0BpY5h8vnXng
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 35AB 179 KB
56 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6C65 640 B
262 B 56ms
54ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNVbggKwaTQLHGYcbzwPyxpToMZXdKbvrakZJzZbv8a9VbR9WSyki35snR1r1tuCxMYulSDo2ug_Y6fJh2waoRzgSre-1PKwwAcN-bFu2c_HdzwOwueGHEmspNm9VKPHsmg2wAfhU5Lbzdk2xaBLJ6u_05JO11QhJ2j1LkOcwuwT-5Y7v-I

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame DE9C 78 KB
27 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE9C 42 B
63 B 56ms
55ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DKMy-QgJcoXWj1iBHhVrdXvjGLsyxXHxtLgbFciHHAbK0N-OpQGjoWq50l_2TDnsifDckhjRMpB5GIil1NvGLVtBmW6FWEtJGSvlu9qfnD4Aun_R0

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE9C 0
20 B 56ms
54ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3531221117957339172&x=1&ct=76

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame DE9C 3 KB
1 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame DE9C 20 KB
8 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27420
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame DE9C 0
0 31ms
29ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQNuOajEgsvdKbHO85UlcrZ7gOZGObTXNp6ih0w-UCpnWQ9RN-Kc5xSdHVHvXAcQdGgN6azTN7yyXpCx-qBIVmbb1trdg
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DE9C 179 KB
56 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1B29 0
0 70ms
69ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CY-0Vfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT1AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4OxU4BO5C9P7jR6xsRQuQkVq9ar3HH5ZIlWYGQyENxx-Kga-zGYLc4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=kLuLc9LS64w&uach_m=[UACH]&cid=CAQSKQBygQiDEEmQkbq9SnQRoaoQZ5AU7747H1z_DpiBTd28UvnnrxHpc9sdGAE&tpd=AGWhJmsPx9hPIj8KkPXkrJjS57Oygqk5krvPtFXIunDa8C4C9BSgzAkmj3YD9tTB_bI5wZxv7KUtwDZNqENKv9Xhs0iRV70ctgIdJHC8P060CHx8CnaBPko6jSMndjPjfZYhI_t5IYGfXI7JAX0VMW9A8WiSuNGdcwt5i3MNcoEyfd0fs_9ExkCpmhojpcUmp1-ISNYe-jN_rfrt6qWB-ZITLvz37IWsmWEuMnMPkTxYjKAlAjwwocGhdlOt9e3PEiSb27GkC1RBjCJeeEmldxzxQKEf7GVCXPcROJdAH2KpeUBrW_-eHUCCDZp-on1-ICR08us0MLu8wdohHmmnZZNSJNxvNvG6K3_qGoLTwnjcnxpmwfxuoLKPZb0O54CKfTPoh2BRTX-BtuLCmK09fPGMMTn2POAGV3tHsWT6M-Iql6u9tu_lXDogkI-gWRI9K9YBaKW6lsre3ETyzUV4AN8u24G1EtOP5_xrDVSH2UgpqQ__tENwI1hjutKIHCms_unOBWJlSCEc3Bb4efO8ufsDuYsMhmqUXaztD4i83mdKCTgacYTX_t-TdOKMvrjZ6bpGXcbTpsvobq6Pu7XebRBpYEsYaMhoGVtBoIxgeT27duPP0UqixG57ChOvMPXagqzthurL6PNc79xCScgedlf87_7RV7-O2JSW8AWrHHbBSV9TZMfK7UQFX9uL7hgd2ZaWmT1XVBIXVEl7B5MMFBS99VAtuKKVuY3teZA4Vyjl0D2WBoeCHWmB37ndlBI605NiYXO1LhumoazUjf9HfIGpspYLUDyRzHcWTIMGg_l8ehR5IkwkkfV0fivAG2CSmLKrwjSOnM2ueB6fbmmL8k1GshwwHTxQ0YylU-7cdmkMAa_hJsySHyJxa7vAEgbIrqLMXSjzCq6Rp0u40NvAYzSpqwygR4Ycv6Q_EKW6oakhgV-5QSq1mzmShX5xtZa-FOyoaQ0qkAUkAz6jVSC-zweENy4WTaS89mhRq09_4IfTSwQAls4TDD7d1o3PwrNnPvD2Bag-JIXeaTEzp1tmxZkmQyl1Q-BJGkAeVJ1ubpsm7I53p9j2iVwbhaHt8MlICl0lZoY3GQ9KUyehYVr3krWIQa00DedxTL6Xu-M8O__kfVvYcPjDyopoIAJU6w
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 1B29 3 KB
2 KB 297ms
27ms Script
application/x-javascript 185.29.134.249

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzI0LyAvTVRCaVpqTTFZMk10TW1SbVppMDBOR1kxTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzc1OTMzMzc3OTY0NjcyMTY0NTkvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1OUhaakZtZlQwcnd1c0YyX09OUDNoQS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC83NTkzMzM3Nzk2NDY3MjE2NDU5L2Ftcy8wLzg0LzE0Lzk5OS8xNjIvMjAwMToxYjYwOjEwMTA6Oi8wLjAwMC8xNjg4MDg4NDQ2LzE2ODgxMDEwNDYvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8xLw/AYmbI-9lU1IkTYkknfzPI1Z0KCo&nodeid=4046&group=cdg&auctionid=7593337796467216459&pbs_auctionid=7593337796467216459&shardkey=7593337796467216459&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.161&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%26client%3Dca-pub-7983651257838282%26adurl%3D
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 -, , ASN (),
Reverse DNS
Software: MMBD/3.393.0 /
Resource Hash: e1cc41370e1b69755ee36781223eea182d5cf8b551996b83f1b66da60eba0cb0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
x-mm-nodeid: 4046
Content-Encoding: gzip
x-mm-bid-request-time: 1688088446
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Fri, 30 Jun 2023 01:27:26 GMT
Server: MMBD/3.393.0
x-mm-latency: 1 (0)
x-mm-notify-action-done: LD5wfw
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: cdg-router-x28, cdg-bidder-x3
x-mm-lag: 1
Expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 1B29 3 KB
1 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 1B29 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27420
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1B29 0
0 31ms
30ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTITikY7vplyrV9qLctJ6AW6IovoqjbKUnCndJVLlNCA0X3GpxI8-25oN-NfDfvYfciu4sHS38Rc5Mz0Dut5-3sKu2Mmw
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 1B29 24 KB
6 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 134676
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1B29 179 KB
56 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3617 640 B
262 B 47ms
45ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNX27Lc4_RarF0SxvLE8pJIbUpumLP94FzcK-4db15aNZ-_R51FdFeZ9DFBQfFcdQVbi1HGUpkqLinkmDixJnk5KDdUJxBi_ks8hVNTn-KvSABqwmQn8fGx3mO3LNV-hTvE8tC4H1gXrouNqWBcMKOtji31Qmc5Vu5fxcRIfl045bRJK-f4

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 302B 78 KB
27 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 302B 42 B
63 B 57ms
55ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AFN2ATiPvf4KVxaAEcoNJeqxNza8eN5GGfq7PRRYkWNVlxjHsF2e3L57K5aOEXwpZHzjeewb6cmu8NN--ZGD3w7M2jrkWoQa59d9BN_bYjnu86mJA

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 302B 0
20 B 57ms
55ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=8763672624534789791&x=1&ct=76

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 302B 3 KB
1 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 302B 20 KB
8 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27420
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 302B 0
0 34ms
32ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTFahf-JlX6vwoiTEHroFNPbWddlpf9DT6UklXGJsZ3XqQTkZIY6-oOCjpG2-j30eyR_R7SPhr1FHLORx6XG0ikdavN1A
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 302B 179 KB
56 KB 69ms
67ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/imp/ Frame A7B1 0
209 B 61ms
57ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/6363a944e4b0125bde9e6739?g=1&t=cpc_annotation&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688088444674&userId=vnet3efcf331-6724-4a12-907e-5875e1a22e99
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 01:27:27 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8CAD 466 B
235 B 59ms
58ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNUOsoQg3uvArW60hbZ1JI9IFQZ-OjhCv92_LLv4T90k9uHaOgClqUPAqlM0NwF9gYwdI9AOoYtFKOJyEbQLB3rYOi72_pqtGi8t4JCzSm57I0fpqz5lor_0q3IvcmpBLX7WWjOoxRncJQb-gPpTdJ-fsia5hZtvoRrF50mkFGaW8WOTPbE

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CFC3 78 KB
27 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CFC3 42 B
63 B 55ms
54ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AdlQXHRq4MBySpf-olkvyTzfQPggqa0--A8KhnKSvBTgWqJiqU2MOZuG8EIyowNcPZvvLcdejZroJFAsReVmZpVluipRr8ZEAEL_seULnL_bxIp1c

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CFC3 0
20 B 55ms
54ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3661558560668542972&x=1&ct=76

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame CFC3 3 KB
1 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame CFC3 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27420
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CFC3 0
0 33ms
32ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQTJRRTepvDQcPmB9f62JhPILDXGIU9XahW13KSPJPwaJYq_jdFHb0txqFyeZA72b5dTRZ3ykvrfTHM1C3GVEs8WGr7Vw
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CFC3 179 KB
56 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1484055/72040526/ Frame 9589 244 KB
74 KB 50ms
50ms Script
application/javascript 34.250.56.160

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040526/skeleton.js?ias_dspID=64
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.56.160 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e58770c8455c8600881447a5f8153ce2f5d1b5ce1bf335b8cc47a0f613446c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 9589 172 KB
60 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Origin: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 9589 11 KB
4 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DeRj2gZQvi0gtb6MD7z2b3z3aMutljbtDfOJzzX9qMLPKxx13aFZOb4zcs3I5UI5l_fePlm4iZrR-pJUKfzo-YUn1mHPxYVCuilTq1JiGRmZZhE62qJ1m-eBaZAgLqgFbdieN-s8QZtPddkpXAFqQ6Af8y5t6iSZmu_MVlQpun7z0Qhus&dbm_d=AKAmf-BAUvPrRtsl82cf2oOJi_I-goz3xRNkxNS2C7RkhF79ScMbiO_64Ixe0kDJ80zMIKtRv02hFcMXLyilD3Rv55a6z1SNiWcbACyZYcOjkSYIDPoZIGDttGa_ZD56hE4m5cA3lCL1_eO3TzItRdDrrcgspSOQZBs6BYpJBW1KcOEeY6Vdh9lobS7G5cf3EbV3soway86dULP6PmXcvZPsyB62r2vzCQ7xQK-U3hxqv2zEqMT0m0afaEoihGzTUJJZBwUtDHRpaFKbHPESJ-8-76zV7cA-DYplmCxy88aqoHZD6ncbTDMEdb9J01tnnKnndEQTNEpH9cUXIHQ-T1IoKC7mGNYvN5VempYEkCFX5J8LHSf2bfDRuRB_dR_LMuiIe4kOxcvJRs6KBHozfdi_b-diETujBF6wQzm9RfiSMSAVTM-EpgFScM0tXiykPbZmMG_uPcF1OrS-gnIvzxRvurTELkCFMdOHm1AdaBmXeERHOdjqNmwjGFFrHsLQ4ZYasp7gjTYngdwGuIRJN-sAvJSFcaZQgA8wP53nyB5lyjg6CgzUSkOtwki-dDEGk3EgYa67B4mDEr9qa_1PM7naxE-sMCu0k8ahyKX-Kuyay5Ii6tffZ37LJBMfn4FtBpLB_jueLXD4hwaX1a76k5ou6h7LNPNl91PcyCcybheOcdWgRehdzG4RFQg6XLcTnzXdWryqjY45SRm6bYzqM6MGWfyqz7rtdqlPIpukeM3s0bDEiuCiDJsTYFK47--y_SlPnE_WPvv760gGZTY59mqB2ytkraOhOUG0cnvpFv8qZiAUKuGkAX6H_5irHYWLd4YloXj6BqFOdgO1cM6hT-DVQslWjro6R82O-XNIB56xoHQAsSPx6LnFJn9mERY-7fimDQ2XA45PaWiStlg8HxKJ3kXQv5eESC1s--CsBKF9J4LFI8dtFGQxAeK6sPb09XHTNhwaPJY0TUQ9siy1YIdWjIBbA14GWEFL8IXNENDkmRXvdInifkFUj22CXEd-uGE8HDrZBlSaOHuM7MrNeOw1TQeWgMtrFa0J7EXIuyMPcSJAF-2fs0B2FmDw9POU37n0a8b7rLH9YFaAXgNDsCoiJiW4BKoAiWY0hrEB9-YTIzkUDnQFrDm90A1WwbwUN9ZevnygG52G2KMwqV8-bboAqec9Hp95ukzMUq3UrZmrKC8-D-tSaqJJ6VvWotxQkpVpVMf0s3V4bs-Iuh6TBiONLA_n0QgjjpYvBfRfBtzfEkaavnx054wmvuAdAzybbwi_b_JnL-2snmW9SDGesMZ4ais2xeXmsYbAFCvNtfBHDy8D57EywXxxUeC5wGo_jp5qRdpyaq_3YqtSschhq0wPHVRmiSekYfLhCebFSkyuXBXHUG7LZBfQ80_HbzH_BwnCG2vM0xAN6ePi9UwAosbT-cVRQwR2Dc4TMFK8JDMQmAONkLDv6tcj9Hvtma_92c2r4dKgn3CCV9ieD7XiV5gqxyelm0D86fmdk0IMJ4L5AXcVWljceGahPQWkYhpc92-3sli7SGfCpCoI--tnc3QO61vpWMaWW0Jf-Dbe3a4DKF8Wfo0wqYxZ0yEshFyDdL__wEGTJynCfGwNRAZbtz-_Oh6R23NT6GCkQ7Z2g5D90uIsmKL1l1T0AKZbsVpTTytnH7aFHaIEicJwOEEIZwtL_A0CpWhdmELne3UOTkZZzyvVKkN4VjttC2u33rODNLBCurtwGOoJXabqxz9Yedb0zIRnF495QfcicL3kKbiixnFOORp2kl_-ZJlm9kWH61_mTEV0yHK35QYVFKzzmfKqqtxTSAZmJpZaCkb5TpIIE_H1ZQkDnVnr4lesTChlLpzCwbdM-pyy7QhQACMStCa4Q0e7JVCl16rDVk_2P9tS-JqhU8lIMgI59t0Ro0w8A6dCoD9FXu5sWnrP29ToNyAq8vmr9kG-snIqBj-1p0MJJr624T40JZX4v2Bi7Ts5uJlPcQ1IaCATyoN5VRoCWzMNOzpLaFCq2uxpW09Kz4pOdN1hqYBmT_C3DBa_bcvYG0FJZgcE6lARvc-8jLOmD7Mw66MS6f1HAIifZ8yq_fnme3UitZJR9PXsEqxaEike9_vmgq9OpcLdnxpMFq2nfhJqqNBawCkSTMeJFxVkctSmv3Em6QGUn9a90CbsN5OwbTODTtVqagCcC4z5Q64CJbqn_AyK7ncihox0-6a80y1fvM4fEsMra1ytFffYZdoEip2DM6iYxBM0-fJJcX6sQJzoGzFnrykjEIYaoSTM5nH2ToMAk00bdb0zzysT8vvAzl7YjbRYnoQbbR7M34IU0yb3frSpzo3FzgeEy1ZiUJjeYv35bHtEeCThx9zynN8ft41MMaqYEUpPJo3SJvlk6jGcu8wrlMIpB26Mac4lS3EhL-HU8vetpnfse2j0zrnQ4DxbmY16r54lk5XKsHy35hjrtJlLO8r-eK2U1udNDtOSejuYFV68F-Nun6uGaAoJruh9asqVEtV-y02_1qr5nj7-exxhXH18u6F-DNM9hZZuJd484UUq2wmuBlI5_v4_t4zdryCLmPJrYoLIRI3PKF5da3N-R9-0vD_TajsXrrYPs873q8PQTW-MfH6Y5AejGtqd-hmx2ucNpUCQeJecyX41_82TysBAruaGDFXt9VFGCuu6A02590N6xzgBHpWpHYf96K3jY9st_xk8SFwzIcyahWaUwmzwrXVRodWwi-VV-NB95bwxBBxa_h0lSmQAjEUC79nWM7W5XuStfv7_lRPmakhSVftVMrk2QttMOIWHpI0muKxJfD_m4wjllgm8yRuFheUAYPCSWWGcXgoNZ21DdNyeqyt5QK8XhwkBqzPQAMCGxCroHOXFZ9J1qB5KTUuexYwaY-kBm2KWVqeyZgk5MfZnquBFnC70l2wkNN3xwVEODjK54uQ-I9IHjcIGgTHfGUwLmBS8nLW2p5AfZOXFyH0V5S7ppT2WDnxI8auY7J1BJuZTD0f5ylkzC4wbfNH6eeLn-u7RbQUcL4V24Kc_yiaTfeykYJ7jjJsMH_5rI3MLa6op7e28_XkMX7WOAKaVLMAlSUiWuC9ThPoDPYVh-3-vmFtJgQnzMFxdwDtT7kSp3E9e69Ha65fYlI4gctbH5nkdrmRbWIGm_VUsXtEIfu6nPXt9nhvKjGzWVbTD6caQ4WRAGs9zC78Z08rS5c-XvKp-bGIxuWvEVpdWbYf_WGinQG4ZMvz1R1SQajL9019L2XswuE7Dc3O_UhjNTmvLMC0TMM692bnioh1Ri8P_V0fdmv9BZvCcqR__ldSdVdzLGLeZUL9AH1Vffxmuk2_8HLbKZJI5FoYbDrnLUwH37mlvKW5jMojfno5CrfZSp7-KynGMUijCz0MxW_4V_cMcuj5Cg6Ns&cid=CAQSKQBygQiDMzOuCVcys6A-VWJD5PP0O3J1M_TP5m0q4G6W3lYEOo7GE5GGGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=14497135435575532000&adk=212707235&idt=44&cac=0&dtd=11

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 9589 30 KB
11 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9589 41 KB
13 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214492
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js Show response
pagead2.googlesyndication.com/bg/ Frame D3FD 37 KB
14 KB 27ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6c4f7a3d487b7ff022968992263a5783a6373fac408f2185053c4937fbb4fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:22:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 198278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:22:49 GMT

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 7CF9
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/4.js?ias_dspID=64&adContainerId=brand_safety_fi-eZPCjLP-wx_APgZ-usAs&cbFunctionName=goog_wrapCb_fi-eZPCjLP-wx_APgZ-usAs&true_pb=&adsafe_pb=htt...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

22ms
22ms

Script
application/javascript

2600:9000:223f:9000:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:223f:9000:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 17:26:17 GMT
x-amz-version-id: Jti0WeteGIKG9newnPxZCBdJAJGT_BOt
content-encoding: gzip
via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 288071
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 26 Jun 2023 17:26:14 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: or90eHaWoHMxHxzWx6Nd6f3z4saUaTzTN4JWrxER9dB50de8weEgjQ==

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: nginx
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 779D 91 KB
23 KB 203ms
24ms Script
application/javascript 2600:9000:223f:9000:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:9000:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 24313871
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: wOBe7mWYwNkszFN0OBn5z4p9R51iBOzOmePN6M3TbDCE7VTY18_prQ==

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 8E39 34 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 20:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 20:55:03 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8E39 24 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 134676
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8E39 179 KB
56 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 8E39 23 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 18:04:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26584
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 18:04:23 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 8E39 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 8E39 20 KB
8 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27420
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8E39 0
0 29ms
29ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQlRvPyGqevlyTcZgBZOcvxqYNn8GpqFGkS1lrp_LS6rR1KSjwesMn8dxL8xoR1zaFALXuJgxEeg9cvuflimk3EINX-jw
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5BC1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1

43 B
632 B

24ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNyw8QIQm8jZsAIYmrWI7QEwAQ&v=APEucNXNFf1KbqaI5ra2jDmZvb7vTq-GaY9M90m0mP5y0dPMum7N0emJWQUaqFWz18LzhqbhcP2-lgeDzV4IW929lf9zbHHwbPvurBvL9U_k4OTwtn_Qct6k7KwMTWcUh5U9GZIyDu8l1vfBcydkn57jv22utxaV6mYMIj2MNKmdRcmqRO-9giE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5BC1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ4vfs7-Dx1DDVUtuRPq1QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1

43 B
632 B

23ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNyw8QIQm8jZsAIYmrWI7QEwAQ&v=APEucNXNFf1KbqaI5ra2jDmZvb7vTq-GaY9M90m0mP5y0dPMum7N0emJWQUaqFWz18LzhqbhcP2-lgeDzV4IW929lf9zbHHwbPvurBvL9U_k4OTwtn_Qct6k7KwMTWcUh5U9GZIyDu8l1vfBcydkn57jv22utxaV6mYMIj2MNKmdRcmqRO-9giE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=493
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoAdh__acehO9U1BhVJ9Sw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 5BC1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPmkSGs-YwVYzJ2-GDd2imE&google_cver=1

43 B
1 KB

31ms
31ms

Image
image/gif

185.89.210.20
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPmkSGs-YwVYzJ2-GDd2imE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNyw8QIQm8jZsAIYmrWI7QEwAQ&v=APEucNXNFf1KbqaI5ra2jDmZvb7vTq-GaY9M90m0mP5y0dPMum7N0emJWQUaqFWz18LzhqbhcP2-lgeDzV4IW929lf9zbHHwbPvurBvL9U_k4OTwtn_Qct6k7KwMTWcUh5U9GZIyDu8l1vfBcydkn57jv22utxaV6mYMIj2MNKmdRcmqRO-9giE

Protocol

HTTP/1.1

Server

185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:27 GMT
AN-X-Request-Uuid: bdf66064-925b-4ddd-9565-7e75c91da4fe
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.215.131; 217.114.215.131; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPmkSGs-YwVYzJ2-GDd2imE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5BC1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D

170 B
188 B

33ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.215.131; 217.114.215.131; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3198e656-774f-4382-954b-cb6a045405c2
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D95D 1 KB
643 B 27ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37385
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Fri, 30 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9589 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76f1a75d72e11e1336e12470e14e7a35c24e8cdcc8bede6c1d5a328a5fc7093d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7CF9 43 B
215 B 373ms
117ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=561d10e5-3294-8cc2-4fc0-20c0b8158d58&tv=%7Bc:gYQCIA,pingTime:-3,time:108,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:36%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:108,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B101~0%5D,as:%5B101~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tICH5Gg+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C1163%7C1164%7C117*.1484055-72040524%7C1171%7C1172%7C1173%7C1174%7C118%7C119%7C11a1%7C11b1%7C11c1%7C11d%7C11e1%7C11f1%7C11g,idMap:117*,rmeas:1,rend:0,renddet:na,siq:37%7D&br=c
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7CF9 43 B
215 B 367ms
115ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=561d10e5-3294-8cc2-4fc0-20c0b8158d58&tv=%7Bc:gYQCIB,pingTime:-6,time:109,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:109,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B102~0%5D,as:%5B102~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tICH5Gg+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C1163%7C1164%7C117*.1484055-72040524%7C1171%7C1172%7C1173%7C1174%7C118%7C119%7C11a1%7C11b1%7C11c1%7C11d%7C11e1%7C11f1%7C11g,idMap:117*,rmeas:1,rend:0,renddet:na,siq:37%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: nginx
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H/1.1 200
OK dv-measurements4050.js Show response
cdn.doubleverify.com/ Frame BF07 543 KB
103 KB 39ms
39ms Script
application/javascript 2a02:26f0:480:9::210:ee04

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements4050.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee04 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: e1d64dcce03bbb7c2bd033767a73cd36fd3d14f2f9f1424e1a184f37038938b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Jun 2023 08:54:41 GMT
Server: UploadServer
ETag: "5a377c6b590ab29192c9d6aaadc2c413"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 105238
Expires: Thu, 27 Jun 2024 08:54:46 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 35AB 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4990949939947&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 35AB 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4990949939947&version=m202301230201&ct=76&x=1&cor=11692701704189960000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 35AB 89 KB
37 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DJpKarSBjeFIgEVg7kenMqy7JfMngLmaB1xOyKbZfEnXe7F_8Cl3hn3gkORKwzgPFwomXTrlpK3qqQdtOcNvMeDr2yXA&cry=1&dbm_d=AKAmf-DnRk6R6SOkE4ZeF3RWqkHbnt_JoQ0p4gbeTkUrXn2njjXay0hKNuaEaVwqT2_OnR8xAlqw33sQkNkWj2SbmMyimz0BDjX8zNUYX0T2fRT1sVbWSbs-C4W3qDFdlw1B12Ff4wjdfNVupJYk5Muf0BC4d7rxp3rlwlc0dJ_yQIpsishFDlqRb4avPFz7ylWTzfPDbrpxnBcV1sGQxijZqxCG35hw6VXkQZJpvfHfjnfjONzYuohh_W3KFEx9Hx3IsTGen2ImsHwqoXELuTSnQcYzMiJqygIjIIjaync-eCDc55J7oQ7EInxpJ_09Yu3fdSLcmSlDJkCgMlxUOwb4-ONcnQz5sE2V_bxyo0JjmRsPcuIe_EayBs4MK671stj4TQ8k4o_oqj2gZkPSnOfnGxvAW_zm7zpZj7kS3A5KDY3o1LgIoLciPyDC--eC5bqHJpA7NMI_0NAcs3fKs5GghmFom9e7lcma13Yg9SmMP4BQ0pSA7RgFpVhPe4QdwUnR--QpDiVan6Yt4L8YPjmU2dXi_W6vXvpPUHvKtf_d8T55wprvevrI_F67ikMjMobaIF-RYAqCxnkyOA0UryJ4JkYCBlUZ7cgTB469fI_ejLdUjS1tn3PAlY_QMV0aNpW6aHzaAtOracmqPbNLUBawsTFczDV3E-9iW7_OY8G1Jlcllzaxg5wRvhn3DPKpWHO7g0nW-6ZLWCGyA5nL76WQHPZ9sk0sadpvs0VmxmwH97KctUM-OP83TsVFIiBzmrIa_kI4lkdyE6_BjJRJWGhLwEFV2DDgqP8z8Zz-Birn_ugjp5IPfEmxuXX1ZYhFmhFTCSPyv4GX878Sv8WhVWrqaVMXub84-NUWJE3b5ChKTv-V9TWa8MuiAATKVScOe3v-ZW22WJA1p-pmbB1eRiIPvKXKjdhAxg1Ur8JD3R2zdJ-ykGtFrbdj6APUTFq-6aM1_rp9EzkN4Nypze-REjCKxSgHhgzl_Hy_wNtdWGwN8Ko4Uplp9NI4wr9QYmvyxqSCLL4VCYZmOgwIxO1sxM18UGfjUjgtjO-wFmNhTeGL4xl6lf5t_eYf_tkhIWx3ijlCXGMF4SaCfDGgyBuOW-zBagU4vnTZOqRD-QVX6PYsPmcSwfps0eo7_Gwtu3nwszHyRMHAfBCwCrLt_T2wkHGQ64A7-V3wbeo-bWBGLlWUopi934w-i44-_DUuVEGUSZEiyo4KFrTr3RCotg0bve-02WaQ3VyKzWGJjC1NtCMN-XlrhTYHyzxvgRWgkL4gFrApiKJGhgHyxolRWRv5TO40S8kW0m8H3HT9qg5aKXx1HgdulBipvHYCaRhUOk1Y-EmnMMDud3tgU2AV263TJtw3mDRtsXugaRsoLTOYZapLpvV9Qbmwpy64vuFIS5J2M4qF70s-JcBOoQBdjlvJJpLWHEEw9eVFjXcA6pzjsjPROT85pWjINAN7vU6hmdSn52UPVELiE7kSmPH7vE8aanv5lf3pFZAU6rezg3n5hbaKXy8Oh66Smt6LobPxe__flLuKjAmQSiRSLrYJOtGprgc0q2IyqDZtBRB2jm8Y60vTOw1I_s9gpGJ3lPbpdiYmAbc2CMcLAUlNAF3BHNW-pBumWpT3V0ZyMjMcVV57luhKteQNVw2yYWzWstnUlF_1gQpJ5nvxvbt34exVhoUhK1oPwPUQZ0rLhqyoMLfuVT2lMRKZnhYLsEQv0GLneDokx5O3lQQ0xtsJRzXfiaX6CrmQyJoyUy32cdaRPL6IdaidtPa0zLKwNGpR-SVtop3qf00THDzO78YSrSoYLoxfnD73EA-BSs4vtYxza2sJ9VjtTj_rCR3mCt-1hJAWkfWLR_4uxEiTd5RHWOaWA-zsoj_-OmArjJBI-sg9plCpqsFGg3sSlEssdnU1JU4QdHHFSsmPfZtriA18C-UxjPvPYYlcFxjFqSYJYbcEfoupDUpa6CUUH3jPVyXmR19LC88YxxGqFMbZi_SzmzVkZXgIjBaZ38OJZCrKHICW9cUmufHlGDpsqbeyRywwVRoHpQv5yV9eQhnlz_YH5liMhPnXhczdPIsD7wol8NdV3vPcli9sHGGMvGM1FCMUmE0rJ0_9FOJjNy1iPW562CPiVy0brk4xH7TQPOjCSPBeiLUC900pEtYZ6ORIDl-Hf2H7xbJHrT_0XBPXZQPPE4YH6LedheuMOT_to6VRzgPUCMPIEAC_EGRlGPouRqvIbg_B7j_D-1c42h0y05ltxXmlNan-MSkUzGX5Dnw-WhR30_P168TGK_iXh3ggpqJgUQs_ABqAoVomD_LMTAYFGzvz3q2MbdefaN93WV-kg3bsvTVfuKGfn9ysj17kaEC4pdQDaJl_ey1H3a2T0Ye8U_w4ffn4S4frcOiFglXgEBFb8bQLYB5V3tn-7uJWYpi6vnYnWX96FNXMHXyplRZ3B2tmhW5IH7u4e0lL0nOuLurJhkKXbzMJ8rkUrOZEA9u-o-TEZnp8le7bZDxLkruOwV2ik_cY80DrFHT4wgpSGFG51mdHcIVAb3oV_6dssakJgFv5L8GsW7aVuL4KuWArjI4TBoNZcn3pYh3ZLCMtU9X2798_GolsYu8jeuf2FERODbYWWxJlrU5j5yHm7P57wKMOflsSl6rBEde6tpmXz1YZ3DWXEv0dDPkMdQakQdUtR0D4innktaU810DU2EEhWK9CtZlpbllWrg_wubNgwyKwcfXVRHp00p7BDj42-_89AoSMnibuJHyjLqjimefSAdnbYit7R7JrT9NtQY3Kx-BDA_M9xQ4irwK71cxRvHfPo8PqcMslky9E7kse8zplvXFO3F9wdBLBNf_OVRUBv58gxMFRX75U_wkCZChxFe-ZufCy9WiYQq6j4I3VSUZ37BnFd5vk6uLUHBShdESJ8GraGzBzvo3nY7MMeWO2S6l-RtNsVEYRxrnI8d00MJpij-Z-fNNaZbrkiB-La-8LjUOVTb3GBY_M4mmiiiOJite_oMa-E9RA3pbcjhuYaSRioiT_Occi2lSq04x6NsR8-Z8FMj9pkvYXG_Zd8f7_1i5Y-jSwDdbts0IKPfgPl3Fki49e-jQnymHO_H5fb-ORtxlw4ADnRGJ4sQf66qCGo-n47R0sxh3Gs00UjXJnC0gNNzQAkf99qczd2l15ubYB-jpSxmCOvRXTKryoLk_7B2SvXF4mH0G2Jy_jWdRcx7CiscRc03o3flBAvH7qV--Yp69Reg6krBJwJJ3geyXSELVCrU7c2O6z_ME0dKI8CmFk6wl5rtqC9H1WPyOgg29B9LCeo9z6h6nuzgyGrLTj70lYX93T2RdfacKqUEKmIazNu45J1v23oa5F9fn1YS1PAYVZBA8OMHYvMblXmmymeGtXWLFOfbXJd7wKKHQDvDbPTXMN-YmtY0c_YQvI1vd8LKucFheLBCptCBdFSOpwQfovLrVM8wtIa8cKrXoW62jT&cid=CAQSKQBygQiD-EHMGYIciy7DmIsvJRNaT2gOBLbOqud1wFOHOwEt0vCK6WHMGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=11692701704189960000&adk=3587751834&idt=43&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58c3d25fc865c3aaae0922e8ac934df58da2da41fd82774107239becbda5b409

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37404
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 2AE9 13 KB
13 KB 22ms
21ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:14 GMT
x-content-type-options: nosniff
age: 280933
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:14 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 2AE9 12 KB
12 KB 24ms
23ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:14 GMT
x-content-type-options: nosniff
age: 280933
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:14 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 2AE9 14 KB
14 KB 22ms
22ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 14:54:57 GMT
x-content-type-options: nosniff
age: 124350
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 14:54:57 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE9C 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4870383473130&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE9C 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4870383473130&version=m202301230201&ct=76&x=1&cor=3531221117957339000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DE9C 92 KB
37 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0HHK5ZvpWcpbCqWtCsC_F-PZvOkafhQLLSktjfvMCnvQOvgt3j7yEGi4jJF28FmgxaFrAOwtWm_8sxG_S2P4Aznu8wKu9cbxPmKYmPEppbetdT4A&cry=1&dbm_d=AKAmf-DvX_ocpVKOBcZCatEmAoTZUZArYQeD_ObSBi1gpeOVXOWnaoT5tL1EHNYqOi2L47moljLJZDwgMFu8-fGoZZyQk_-17JfAxcjnHl8dEkmEZIXs3CPncVk-B5np0No-GHWS669dSzOIBsgiQh_MJGiN1ZANXFT4xiEgSM1kVcP377qhC4LFwIJ_fNT8kNeCOglTSJc4F9zkIlTM2prc0frMXTQdWk3lnNJAxnNUyxA6sWmjbzEmGpZeFX7AbncjKUgx4-SspXkHqGTv8p4b0djOJ5YXYIn-XOjcifakv3AF2sLMwNoFFvdfbhEmFvlqh2mpWVbQWZEa53soV_HCdadupvvheD3mJeOUN2hW8qdBSoYJjSl04jBPtIdvn8bKHrTwwgk-uMgAvnzruyn5VJfZ1JerQkgCLXIC-KtNy6h-x6mDwebtcx0o4BEu-_X_vvujS7IDXZgLTTkuawtG2wRJEbUi1nucOPcyNu6CaWtfcBmCV9I6xupFuDMBofQM6ZA5qenST9lxQdyYkiqEHNGhrDxZP_t0LLRgNl8aWRl81oAttmMCQ35uD03D77H1YDVUAW7gm9hJTNtfKm4Hzq2gYID99ZvnxedQjckHcMXi25v2SR0TJgHtxH1mvgXuhP5TD1Ts9_g9qGjayluF3580Ns3Mk47goNQ1MBMKCTwtTPMCrNf4gdiMPqx6Wdcnwcf4r5FryGqKggeKQfdevxNqVXS7KxHP-k6_QvQZWbmWENzwvWxraLZguQo-s4Bfmix07EU2QpH9Rl9jmrfJ9Q15c-r-6Wjc6itGgCbfDv_dHf-HEmeceklm-NeVOl02BiGcZFbMQP3pmUlBLnX-jwXJXTAwXPP0uVC670Tkjpl54qA6ilF8kDb7M0cQHdz7f9tL8Df6PxsxSMqd-ldNLVmWkdwX9ghowxx0R5zplPmIgNHu-Cl1zNAkevrJ_0bAIuZXIc7VTbjjRMfQN0FowmKpXZ2jquHmEk99GJXxxENaFFmOeWbsR4R3DHfH426THDB7pC1cc7apD53MN1Z0_KoqeIkPWI4o96qyszBt7u0sgZFX11tkKGFb2yBsQU2yqdrCB9_Mc20K2IZX0ydcsjkSU9Y2J0tcLzxooYqorYj7wDw_nmJMvspnOp6y3E11GXhG0qwev7a_zwUFAHPauy4YD0WyPl44hkvcVc3e8_Bf_esDA2tLa1mxYB85dPYDMMQkSLQdttaiHyCuOCMn48dxB_2NRH-JHT73f5CjOyGqoTunPslxfvwNz8YZvWoOtHYFhteVJxq6OYhTQOdAIkCzvG0AubSJ75x6hkjNUVKj4u_fWRN0Zu3DkogoPKMTcix_pvn0ZZVP22rpJ83g1z81lNcM1Ni2LPR9lYnsa2FdV802982Cc3NaZnccKS0iETPMS6dm8ONIc0JqiTdKKebBHxTShZAU7rMwyWWGJaQZukLWIQYayVMbpf2uwNEszZ9rqaS7m5KltKtTuQKvmaZpC2GGrJE3xBgTedZ_qlzcKtnVUun6-NaagTxMJA3LqJfXkHo8q3T8-vAaIfVi2SSTtx9YEXN8M61kqFSq2mufth4KNKywjiaAxfHOgM0gmjtbnBON5V60Fn_0xihLz8ZTvUXyo5JDo4CdCs-TtWRn19a3Tx33c42vzTBYhPEbIir1PQSX9ifsjyTYqMomAv92aJP_1XIQi9X8GTEsM5Rwwd3GXHtybtXFYwc87DZpAAFUpcIfOw3vLHvvhbDe7f7ygXcBUkJb_hOUV8DH9dGlCH8UdK0COcE25L4ZoOMTDYMnUIUHruI7ltlR8f-hdUvjHn8Iz4KIKzF80klXPh-SDBcgOeb_gLaroa9GuVNjlpKRqgGuqwrbVmbgDCc2M3JiAbOCz1CHJ1X6I73gb4q_E008vsRuf1HIpOSXYaRdIzdzztLRIOF8Hmy-eq0ZeMtCL-aQ9JEk4waD1V0NPPAFZyEBnjaZl7e5PtVN4A-HXUdNW9ZjWxrk1NYVP7S8nHvwGJ5xAHK3ZzWucZOipa15EPT5BDND7ROXA_8V72dOHMnkeKmFHT-arjG8VbpAZicxvmMSdUq7qjAPYG4A836mnZQ89lkRPihYnwtJiCeFmZQF9P3Jl_z8oBgfYg1pcN8pOOgHfDyuWl7vLPVvUzVDuwXbNzT66IUiSIDplX7bXbfXAbI9HOU2Av73RcGXr_UpmRjMPCESx9gWDjQ0W11brJiKK8Lf_ooxYWy-eW_Ip4MOruhpA2wcqk0ESYlZMtWjuekCwpjc8fAHTO7xgcUBbfYbt8tqBecAuwguRCVLqBaV-GM8_6RPIvt3jMJ0WQPBMywa15qo992D9aALjOVB28Z7SFhLdcjpYyGv9o3uw5nwm3tHLTSpjb85RrveWRvHVFtTY9eO6j56Bn1m2zumtIz9u-kLdh3QnvHeLpRu6JF9-lMcqGv9kCmMFnx2a6Y3frQvyq8cK5ZTYmfEt3gbUtLOR7640c8Ulh40NvJPsaBwoio8kiElPo91rtAkmaqunFukC_vsxGZ_7k1zQmezUTV59qsISF7qDZm90n6VlItHxIJbJumAf49MM4JoNZhinIcGj_vSm00mCpZ4AHUyaz02VrnRUH6M3tQZllETXAdx7BDn4jvn4TgX8YM4XSd0k4lX909cMTC4gjEcD4QuQUriKxKz6eH8lPGRZ7O-TGSVYe7g_dK97wqBSwCojs_-9Ks3V-MdNkof7QS1nemRRXnIezrPE766w4H0CJfjfJuMjYSVxYFsEFtY18yH4NaipTJ5slrCtFFEM34v_UEFIBnQ1uGu9ywTo84k1QoP1bISAaEorieffScI_F4PloKKouc2VMEQmh0SRctBlqUkd87Rggq_18yLSFskBsC7hgUVLi-4qpyhIsEXYTycl7Y6tk_qfjRcnX4ZXqabrItH5ctT5ngMJ97JR5l94RhLwZpwC1GQ8js6qzR2Ckw-C5tXM_2v3b1kll6QgqxMAMpee91j3qRtMUk-xLbv8bydYwhDaSUuxt_RwIFvRuEXpzEqNbIXV52VFTt7yoysTdH0xEOz3Yoo7fHhsP01XyCCuZlyYB_ziwFgUfKizTpBztP2ZQx7CgWpRe745zrK10rQ6PwIjONvNIy_FyhVVpqPfGs5uVL2f_RAU5cL_c5ytYQj3cDO-4EagRb0CjAf7OhVM0TEIgnS4DXM-_Qj72TVdkB3esfBNLKQWXbOoW84KHqvO5-spe9hImjBP9j1tB239IIFYuyyhlyHkEkSKjfwExRnrkDO9HM8y8UuohjX0iz2ZSBsIVYFyBHqXN3xBjQpt4UTLKpkSbNIHMiDrXbXZhAJUmCSZ2pPhVaUtcGSyk9WsSshPndrQOq5BFMDBmPyVcbotC2-U-_kW3rNNGQvIKKJrIDfl4V65Cbhh20grgds4lninQs1t7eJGEyyXY_sYzjFfxXBS-gQ-eqyJ_lxLEEp13IOH99OIs01LTatTf_qVJmdb81fT7IVSwwM_-QRwCEX-NFxcHPqKIdBsVfFryIRd5I5&cid=CAQSKQBygQiDwB3moKiESK5PpNvQ8_CnFKRXDDML_mAVzIKcBtp_ImGBh9A7GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=3531221117957339000&adk=578009112&idt=39&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8518ad3fe58d51b97b21810baa2882276c812a226e3c0f780c30b6a701ac4de5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37630
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 302B 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7020296006042&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 302B 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7020296006042&version=m202301230201&ct=76&x=1&cor=8763672624534790000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 302B 103 KB
39 KB 78ms
77ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeLw5vNjXHMeb_Dg0g47xC9Y2M-LNFI7fHtcAoGbZpM0jouQiqsE0thqDBKLGavqMODBWQs_ZGDFylrCfeEgPZK3BW6Ql_fpF5050k4beNkLwx5EJqru-NZapXByQ3SkXOC6BbT-LNUvlhe-97qd6PRn1vzoWPhgt5xWj2PWb4MkZ--gQ&dbm_d=AKAmf-Bg9npkn0GawAR4w_7FwCjNtCYtHBdwvrGuyTzju3Wy_9qGbPiuBm3sOc2PtkM7NGlM-RzSkB-DkVYkXwOuRc05NjAfPwAKANQsJ3ZnW4iRiDV5GcI7V6hAKbWna_HIe3s71Yl3fYT8CsVqm5hnU-pOzhZ7KCh4WcQucmZfQdcN6Tdv6ZmFO7B9nYOly-6DnjOA8708NE0mhute4EWXvjh4gXHnyNTsOXncjRdlG0sWbFDYCa8ykRTZi40Z789ZdqefQA085ocZQJ27ARhsDKKwzMo5lShB--ftTFdpJuoPhdLOMamjC8zaXWo5D_wsvIuMTt7fYOKtSsA39iiO6nRox8611DRPeXOupWTXJaL8hnJwIVvqDfTks-rgDGDKw_7GtiPMoOwpqc34s4B33AoK8Iqe3o3HtzQHYSqJ9AygHRw2tlMpdUxU84F-Xkj_Yjs551nVAoTx4sMV3P97yXuhw6AFQ1HKCf0DQP80GgOSBjzb-TSBuacpfHdBfDGUdBjpjlgTjQqDgeG4t6kidpJCFUVTjLHuDTFC0eW9tmPtUTY8Jlri0yjGgd3fW3pKgHD5Z1xPB5TXom5a7YUlsAEVz8DAU9z-8iEwFP_55rvaBoPZEDfLOMss9Z5Yf5_ba0iXgbImJeardAdGv7Vp1w05M86gO47Lp0vasKVn3ZqhOuTWDoU1nlOqE-AwE2hagXYxieVSJqMS6w6FcSanC4PvvkPvbJQyx1SI4fjYT8iMgeXS5yOBQk2xQT2IJBQyy_iwg0Qko2J_af7Zg3Gg_qiR_xBGPy79YTKmeinTA8DaShy6zKoX7oWQa_R01oPRyq0FJ2hzIHOHiVPQrSti8Umo_q1RH8rYi3YjhXawD1kNTm5PlXWT51EeImb9BdN-uP5jd7eRRGdYlcAX-uYOfpqd9_4Ogxkpi_ZOumCnTbOYIuVluyjGIIQqEH5WBg1zWJ28pQ7B9X0HZsQEznS3RSh_eASEhCyUGKxN3J4H9M6SAzGqqG-V2tmQTCl7kPA7Cs-N9gLAAqin1KaejGh3kjVWBP-eX9K24xZJvSQ6-bfxUOUqmC6naNn5rC1H4VZSG5-g3WruA4_-OjvLkdw4nIEAgMufTQgvP_WyosLGqjCivZGmDeF5yuX2Xl7ZTqc9rabcYe3E_MjC3gCXEdYx3PIsZe7lzy_xAi3J8DI1A24FgyViPOpZe6rXDdOLwGX_6uVAvMxdAf968RBJuxgVEO7Xd9JNml7UNWPBp7uiY3ABWCoEEh2ZKkVyBlEt_Z-IR7NyZ6gpxNbPffDD5rqXGhlRSOOPh1oySYROopydTUXOmsk96RuM9Mh4N7W-V8-SQkouHBJlQr8bMjMHV30ar4DNYgVw5KJo9CvLkeCgjb8Lb7kaWrelT00q_Z97M5RH_LMKxQUrh5zIpELER-AlP49kWE8JltmoCRY--AwFiohBiaeEYqVjEmpbgQ0dUrIHPF-1TB4d0CtvRQfx_dyXJ0zwyOZkFNkx6KY-qlWigc3XEnfHNSxPM5MEy2yI9toHmNM41ZJHFxM3jq884S2CsBV_y-McXqGWqiHqP9USFfGcC7oorY5ea8HiPtN37YwH7jNIs7eUFUt0Fa5eWOqc3NYl06MnANIHaqNMcorCSpOveo_rUaG7i1jhtzbfvJB2V9yrriJCQpW3ijyVFmmKaVsKBDmLGnwz8pIwQBWLfWFBxcRrHmnFtj0PpNGzhXZgkbONlP3_D6VAeCVLpULwXdTavze5eXzdyKF52-rGD403D9X5XI_H_Zl6UqLyRPhhNxnZVJuCcJD8vvilMUKUr5BijeAqk0OggdfJXDVx_4BLskXyBqqB5Qew-1x69SDVxPtuueSmgaOa3TY_lvwuyEsB0hlHyyzqvHUtnv_IpYalThcnuVGmQL7tnohPkxM4Se8vMIntEnaCeXCvc30oQaWHXl9V3PsruvVcFSgzW5NolEv0ewaECYf0QL_fir-cz-ytKpMr3JB7aov6euMz_hhRGxxNNLlPCymhg18MNY9pfTNADE00pZhqySTe0ESNnDJQy6hQsPY8EDqx2dIFqd1GBZbxPPI7S24Zi4c4Fc4O9ca35z_LgSnKiD6huPqNXVdxTfc3ZLxsUFdCERzYcP4mOa5MKFIL20nNIDRfITEElrehToMyKpAdelwidjwsjlcUYztfC-8jkRD8ep3WKDzUC_Yx3Kn8a9UlU-zdxrB1FermlWcFu4j_ynR_GLukP-Zb2aFe9CniufPpG79f6b47V5qF3-l8iW9mpJteo2PU4MZWnVzNbYx4QVtwTvNQ_g0aC_sbXjfpTT2_PjuanlJWVDO9FYJJN0kdHVMzEghgZDY_3kynFZTsn9Oc0Mw_7IuT8VeaT8_dctkJgc8amFDrpH2SvW5lbl_8QdY14Wq2w2JgfHYZFii0VhSTP-56CwtkXF_Ybsmwd737d1tb4s2uaWU1SWQaLiz9CdLGQ3oFJobtIVUsAMrcQPr1vUZbAfNFi5hBK6DxQqA8e8LoZphnt45woVemINdNbXMa7-_KCF4JYBq2r_WXDiMUL44JNW_lYtvfF9HVizEiYuJYX3J2_jdInKcLCB9AocTEjJYA-ETJQZao6BSOC-x61K4enJdPqO4YomlAvJTedsczDkQyhi7ca0-IS4IEyFPAMfDm5gD7PklWOEzZ3-j2dJTCphwiSuJKYDmZaOvHT-88tQXuVH0is5yZ7uoazAvQmrVG5cc0G9lmZ45o-F8Q5WmCij6unSD1G_FnZnGUxqUkHDxSkd1eBf49GtOb0pPwVjvKSBRg67xFNBA0WfGqouwWFvSpI2r1uHDkvKrQ6YB8NJK17onNOoD7iSW5d6riAS0iiTYobp-zWE7vMl0gOHSSNhxkZjdAXjecqha2VYV9pg-AhFNyrVpSHLuToyM-olQqVDq7wHJuAFKNxyKKso8bEXjCNFpb6shXqVV-XzzIUzO7zLwL7QjXjp59H_VtGar1C8ZCECA8AUlzbA0coj9K4lW-31fJgbjDkC6BfIZc7b2J2yNCaBphAcQ6dEiT-7-6cspVoypItNoep9tIaxRXukV1zI-yYqw7z-vPJo7jM32krxDdZEa-7FVPPn4XfXqDMPr3EZQyl97FsVbZ3qu8f2ev4R4hJpLCmv9YvSTuW0AYS-_mpqcKP-nBKWL-amfySXgdWGiR23-t9hU-vHx7NBkH7WHf52_gSvqfqsj2fkTD1zApuvkrr1TzmB9WnA7o1eso18NaRMBsM_eGS34gh-iuM-4sruO0wHff-ZgWt0ex6qcs4uMCLZMsm_jQXxG_Bt5ZN9VXGiq9DqLObTeFgfOnXhP_qlIpdDIC6t_RpYBq1MhZEw&cid=CAQSKQBygQiDHKJKYP_dEa3KBWAaS6LnORSDjDR-akXvFKapTnYeOnLt6_BGGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=8763672624534790000&adk=3563752640&idt=46&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84db376a6573ce4f0649d56dd350eae777b14173db20308d29262aaaa5850978

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39886
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CFC3 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6126306903007&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CFC3 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6126306903007&version=m202301230201&ct=76&x=1&cor=3661558560668543000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CFC3 92 KB
37 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYn4LXRYdpshWbiK421KXS6jK4dndT5GeZJYfpfs9pUm34X0HL5B_ooRDblqUguUx-06W4Wpc7mmkW_2P_vio-ZfXdMCMNw7X1aFuAXaVmZ_Ma51Q&cry=1&dbm_d=AKAmf-CsSDuONJVXZEQApVZOTD4NpowG5GWOgc37kNMnQVq_Axq1rWpywUCp96z2y_XligUau7IwFzEz1uEMFKZXGgMmMP_4odkqcrOAz7HACKnkrj0n4medFrqoXGyuw3s0hlTIUg3zbmb3Bva9BVlwL6pkQ41M2ER23MZLGsJKgsZqRd3rz3UOGmovzpgrZsAY8xAynuK4AcKZEHB4l9dYiOSCWosDSHU8HtCsrW-_ASpZN3NKhlvgYRe_ufSiv5UwwguDti69hXXV53pz9BQC9i3eo8mz8hVGEhUkAfRMGDdEehdc1I6QZ83qc0yJ1qtkDGhujUGDghkQowbnctOYwTrFn6j-xfN7vSqpDWBFFQqifNu-RM9PepAso41PiPfSo8TIxlQTo3UZ1MFH9W0g69OGhCtxGD2eIa2lkbmHNMKZ8SFZPFZgkXVuJp0VXMjby4jpGgGUBjPuseqN9cAPvPHHxrqKuR__xhuwbTjvSJsYDwqYdiUFap2xKCYx_ms_9yLOo9m5KgbVQ9u1FJK2j5lm7nGYHgH7gNp8s_E7FRndTiif12HiZcaR0-hsbaj-at86gojtGsAHFzUA5IC-QjqAHlLyHfGQ_0FVMb0WPkPVovKtkEYCQ_8HGvH_dUxWcHXBDefo4_yr3LXfDIx9EmntRXSS-kYfyH4ykmQjr0by69DeM8oI0_nY6GoLoJpI54be0S55a5tAaTc-viNEkBbEqz0L1DxBg73uaFIunZYs0F50Q-F9HKcX90IP2-ly1Owa_6BTeSYHho_9gxBEoIU85liKoo86sERBgv77vxU-WB5katgWJXU_V7TPE33u6nJ4079zPWDtGokHJkSeSyCNrodfZEXSb6_JPdRMnFiNmC4K4mbRj4gDhjH3iAREGWdR5y1mcDVVppWl0faP4EcodEbZjDjALB6H6DQWOax1cd8TTMy0LwcUQEwKbIPlFASm4MOkjvPV-W3qxgwbPw1abZ9pBL7X3uvYIsTbgJDNCQbOhgRt4OMPg4_ElIjA0v85Eihad7-5YI0DMcJ_IwCP386I6QN1CstxwebtzcM0IU4iyACtCOnZRadfrjucCHSRd8zheUJlGaoDB_GTzEqxu0V_qE72gJo5ZdFuPwNoGUEDiXf-eXcu61XT4WRxkj7AKICp6tP5CoO1eZc-Rtrn3hzuo_fpZb1r_l7yOsy2LC3ktdjJYfX92qnmejBnfqMLZ_PvKwoZsbhmUCWycI1ibchupiY_iWyigZLHJgk0Z89BvdWIHm-5SjoiRm-Wo0vMKLq2Miyf7iEyg1e9Bhyy1NVAn7jFTwoK2bsWGjaOORuJIZkzbIAA2npvjdWfTmZZjW6LhzyrZLU6ZZVujuATMdJ3YoRPjjPwSJGF0DmSXFultiuoCrEaVJ37GGlma6Myo5GADNNQpc1wkbD8xKhhf7ZfhcwqY3VHOsV1uFF-ohO70TUDN5tQejMx-PejPGRANHQMMpXwg0LFbT8BCulnpJox9vWYr6S1IMop2qgq4O96GpwsBqFjGPwcfaPTGjX4C6fzdKRIkiAzEoow1WTW4ob_WfW97MDKtGD7_YtAByA27ZdLb7OTlnSr6qgk7nqGfkd8qBnTX9sJXryl0GAX27LlFGioNBIUCexZ3x99i5RJdMl5QkYglRRhhzu9-ertm2BWyx_su7ojppvkxADOGtZLccmJjImSfJ4BfV3oIAx-8TPQ5vqZerCY4VJkcKIgiU-Sv2ydyFFLWMMIIZcjNJyQlhxbgkYw9LegvZO1SDNbkQBhvBytEsUANoB7xpvBPEfmcywJbTfRZzxdIipCEOy8p_7FXYfzLqY-a3jngCFndZC2mkjQ5ZqLHOIz8AHvRbJkf0Zkj2J3JS2I08SRfaW2w9SxLSwS5BCYBT_1XJBfLQunz5nyQW_UuQFaKXTIfQn5WyE_Fd3J0ecBwvuJnkWN0B64FrYxfZbI0wcWD4ylJ0nYaIxCgs5rx90esIYXi0H6Ue3PNLt6ZbMwMXF1en4FYrAZelaGWFf4g7iOSXFX3GHOLNMmEL45tORfHNLMQfhgBnB6ImRBMeWff5YVV89oAxjn06Jr_raQjjf43iuk1UfbhNf-q2mhGPFoZbAHZRvqNkCPJsq-QPp_sgipJbnHk8AV8InE19g1B6YY4hCDN8o6pOcV4bqiCLBdWYZVDEnBNNMoWA-9xoQM8_gDQp92zocIKEnJyQzbn6mNZngnxofNFRScQRxetWoy7YAyDMfLdk9MtHO1gSqRzgexK9o_uwRym6Phq_GzZgIbkMYkK_0ZFfN_o49CsA9AA5HlFc0vxFmOPw0Dr8c_LQEDFQOzje0YHID569agSJB9NC9VG4x77d8bv4GxhJgzi10ZUzfrZkSApTOcX0cpK6ScSrpl5iq_gisJKa7Z906xkln6FlG8AnPqKZTzZzXc0fi5zhtEAX8yhulNMrTWK-Dr75jjDxYjK5tV0IgJB_5GiS2LY6vfpVd4JrMBzgsYF9a7whBWGLPcRTXx45F_wSiT1hTMv_1HfunvMmJJpYcA9ySE0uLK7JS5Ad8AQbs28Y4wpHQqij9K1Oc-J0GqDAcpPaA7kltyZOWjNOatSA3nUKfOq7OBgTRnJwVa0lBrbMZe1ZwOWfRwXxe3zf52dnOjoc7so-PkDk4qVd0Q6iqpy0T4hGAfAiqpbYtCWaklJcRgofVjFu-z0unpfmZW02FOltXgbHhl8QM4YtC3ifxOn-9pOaYn-YIM5ZU22_ye9SnJq2vj_tAdprVfzYwy43H9xYl8Ua2OmrycLueXRaQ__l81e_zdo-Ipcm_FGgJO6OWaU9VnLl2wlVe3ZpR41KCWlZf1btzBuoIbi14_Ser4v-VZ5NhGNiJOaZShAhCdAwXCjJBw9o7YvzxjRNPIF-X-S1GK2cuFiLu1L1jNT0mqPhmc8Mf1m8cZc7AQR1k4FVFVtrC6yhR_xYl3Ktr6re_wueTnuKGDlBdN4jQlZt5lnIU71klsfsncLF_IsGIivvq_qR3--jDG4qw7kJsdrnrpiovcFvSsFYrwsFEiGw5NXaxRqZinAy05DE0lsv2O14yT5a_UBhtvbsLqAFqaWIJ1XC2JYnikBs-7Ztl__VnekcFiExFPhLHpGDN-HmEJ53teE_uxHCqxLqKrNW0c4RHLP4IT7Y9hvGGQ8uqUtQdJidAY0SHChu0eo1Yn0PEu6kFTVt0Ju_XR-GueCQUi54Q8BPOf8bcDi32c6IMkuAwxq_JeE0QPWJQ-jpjcXH3ZOUOLm9DQph2R_FCCNvvFYXnWtjbN2XnX6XpF9GTZ0__-JoercwnI0KgNgy6zL-qRmJC__KDbOhkgqNP2eUUblgwPJe1zh2rHg0sPFrkSXNBDo8lH6lkz-Isul6S9XN8WwzRv5eWMWVw0ZvGAvAB543fVU5HHAGM7DzWRq1T9YhgGskI2lefAqNKyga4AcvvdTEuY_CYQTpee35NUC0PzzkivpQMNfx6Zvt_QfQiPsJx73S8CzHNuWyGFVnaqMWROzg-0CpZX&cid=CAQSKQBygQiDsXS53_yc19vCKcGrEzk4A1nXCl4oWHLmD62xZh48LqrWJRzNGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=3661558560668543000&adk=2754877854&idt=66&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

294b9ec6dc4bf636cff98918c0b1ec57fad6639e982e2fea86623a68bb447d6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37725
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7CF9 43 B
216 B 302ms
114ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=561d10e5-3294-8cc2-4fc0-20c0b8158d58&tv=%7Bc:gYQCJG,pingTime:-2,time:176,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:309,mdZ:583,beA:694,beZ:696,mfA:698,cmA:699,inA:699,inZ:704,prA:704,prZ:726,si:731,poA:732,poZ:750,cmZ:750,mfZ:750,loA:803,loZ:807,ltA:871,ltZ:871%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:36%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:176,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B169~0%5D,as:%5B169~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tICH5Gg+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C1163%7C1164%7C117*.1484055-72040524%7C1171%7C1172%7C1173%7C1174%7C118%7C119%7C11a1%7C11b1%7C11c1%7C11d%7C11e1%7C11f1%7C11g,idMap:117*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:na,siq:37,sinceFw:138,readyFired:true%7D&br=c
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2644 0
0 63ms
62ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssOOI3VebrQvc8nx7hKkFGaUsgJtwVY-U5fKr2eHrbCr5KlIPxWYOinuafe00yZG4l55I3osxa-GVR1vz82VXnhQMC6s0WDt1vCp_BuKZie5OLnHG6vLyTHS3gKqZ0IyyVMlykAIE9ug9aEREK2hsY8z0KbTcLICW7YQ37TbybdPFNejy90tMafmJrNUZoRgK2cYAFPctiEA0StenFcywFcKjJRTgba-xzqMOuGAn0RLIL7j66kn5NfcpoEOE7xo7ocXen_ODPO3yrArTGUXV3oljNT7m0dwU__4KNU2e701jMX-PO8in29S8eWfCazGPHid57LiLcU_wB2qejO01O_pZZoTaiLoffDkDWqw9QtdziOrgV_Ake-zPxDb2Xxb7gGEedy59DPbPK66Okn1Y7eVvRhA8WuWKnpGYEedRNkYNyHripS5Lzeu-tDzxh8nyH_FdduSgqleNIXllXhCpso196KJpY3IpwF_FyAbyL6kSMF5fRZRrctTCh8FaiTmxQUV0CC1MMWZHFb6banywNPMYDXK3jr2xDP3azK1XH07bRCRxoOlWiqsEHaM2zkV3ld8t5laLIDom_d0RPKUF3U0gn7-IVJy182vpUyU6VWEJ_8t-kFTLDZ9q6pitWyk0zrmOWrv6wFoA8P5x2n7UPXB1EfkuEuVMmn7cZKpqN5HEk5U1geQgniAQBXbi6eO08afNNdkaUP8mX7ZvbZ_M68LbZ9zzEwAKBRyxe6npPtyX819A7_m4rB5t-TjxaE-DzVtWfvbZ2tOYoe_SBh2cH9OFOuOKNlhrqaUpfDyVZAK0H9HFHzo1LoPTuHPlT7g3t9jH_KgRV4gbm1TF05NzklLF9ent77Gs2XHeJaQTATrZ_hL5_lYtCSEUI4kjC4RadIPKaZJbIfMm7tdonjYhHfFbH_wvB-nJV2cXrb_CIkvrDP9ac2poptywpp_86DTJhgE8HjrNRcfLwnVisWhd7dMN9_h-PwZmyTmCkQMzvSR8aWu7k3jvS0NhwPAQ7YBcYHPR580skPDBnjaNEPd_emI82saDOf26_2Dsecb1u1J4bCWBVrlP2jLEda5nc4Qd7_9c2N3zmLOSfr02dJQnhycdczf5HMGJtdEy9xgbHguLAYzWdDmwIEHd2tLxQWt7dKyf1AR7SRZg45JVo3PVZOrkYUH4KMRwUHn4ktEuAeQiroxrsIWRq1a27wuXrADXOyjsy0GEeO9TyiPl-vc3bc-CIipAZ45Y3ki6OMEplFy-1FIzCIKBPJb2gdhNoerKPuYI1FfEDXDlN848JO2xaUKZOQr_J_iBQtYrd7DXvWoUXURH7a7JwrX8_WJ0065GSct_Yy&sai=AMfl-YQDhYz1V5VImkRsdh5YPTRfc3ZA-j0KZOMzlZDMxP0yFbh4oPY-c1eiyEmj-qmMncAnnczt-Vb2vZJdr-fLRkS6o3GA2kTFPMTqf2B-9pdihDv5DWlf2Jrd7nlGXFUQZ4_rb8BlLJI7EDNDxh6dixtsV1hiEF0Qci5Wx4ckZ6t0lyCmpglfxZG_B5-Q6_CMRFinDmKhhXV7lCTMrK5HH80JUgtg-WwO_VdW&sig=Cg0ArKJSzLL6EqwBZcX2EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=639&vt=11&dtpt=480&dett=3&cstd=149&cisv=r20230627.05004&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 9589
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1484055/72040526/4.js?ias_dspID=64&adContainerId=brand_safety_fy-eZOrJBM2Y-gaf5ZrACA&cbFunctionName=goog_wrapCb_fy-eZOrJBM2Y-gaf5ZrACA&true_pb=&adsafe_pb=https...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

22ms
21ms

Script
application/javascript

2600:9000:223f:9000:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:223f:9000:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 17:26:17 GMT
x-amz-version-id: Jti0WeteGIKG9newnPxZCBdJAJGT_BOt
content-encoding: gzip
via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 288071
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 26 Jun 2023 17:26:14 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: WtmiUhTxa2D93o3X12mk4H85rWetAtpd1kaQOASKqbKK0qGUoEjbFg==

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: nginx
x-server-name: app03.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 8D56 91 KB
23 KB 25ms
25ms Script
application/javascript 2600:9000:223f:9000:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:9000:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 24313871
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: Hbg6VsuZRSTz_wBFGQWgAb7s2i7gD3AAkR2qtgj1ilGASv9LzY5kUA==

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7CF9 0
0 62ms
62ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssVRJQODanb0ICS1hPyiWSQ5uMmgFeXSboBKDy35fntm-n91ColSVFM1lsggGsXWbG7V9GnnZDr1nBtV9ZYj14Q0UhdksT5sOHG7yhGy5o4ySKcABseHzYWw6JGyfBy-ukf3iZM1hrY3GMGhOo8wa5wIKlq2EaSDDoALI0MGhe43r6M-S9tH7D3PAOtxWbzhiAxG45Cl4Vv1uh1A-l_1Nqn4U0hZsD7NOrkJRJUiZIPQF8wKr2lOH9sflsp_OwtCqHj5jEUBzKcf3jqeNgT1wZCKvl809p7rDrp0IbH1vi66ldNOsgrZdl-AB8sXfPgvtCQpkmxaC5gspXnyENOLRuh5UEfMLBtwzLfCFzhSWz0Bumht0bNaLjAsTiV7J391uZHYMcc59j8UcNQSCHh56PR9huLwYOg8fhDrgi5gLZojmKEr-2pUcYO37Kxc7SPdmA8Di1xb2901Otf4XOi3uwczQ-UD4_8WX1j6T1z3mE-91UGbH3FFX1NCDBwDHq4FtnOATJfq8cXxtFqcOFqe1uyhaqgWLB7Nex4xUet4RkPB-RHRbC8FS8qdBmmUlPr1TnKPyDpLm9EN_9AfRsL-HvhFmurwRaHuzv_G3eXOc07lia64exsqxGgFPqCRV_zbnz-RpaRLRa-pYFfp3IeemAuHcC4XeZm0RNqAHbnFPzYOXfRQaYOM4WEKQwWYATN2vzsEmbpDRol9I4xLXDqXBBW-CIpuI0ORv7FTtcxyrbGm7jBHRO3uNsppU5ekT6veZ_IJtj_LUH-vUlzTVx3nruKDSKlAIwuvVT1GkuRQL-JHfJL8UtV5-kqy0gFZ3OG6iXD2_YIoic4dgNsVUcohhvd_vL8MyAqKtzDpyRQYwiKQFG44J7kcu3nYsBhPUoZhEknUpLt7cojHiQ4X6qfr-JNCqhygo168oaLHYHErNy0hwe34PNMAJAsRnY3ppoiDhlWGFEqgGzk-4NbO7zUW5Q0FgsdFVZh2oiReeVsQs4l_n4pUpyYve9k-ntUHNCIpjuYJO0QVMnmyCH3ojzxinJsoVwfir-dZC_dE6xwxCPTaa0i7Z4KtyYVDZlICrWZjo8qUGYhEERcxA0YGs6QJ9CszwVpXHgMP3UK3D3JBb-RvhFDYhwHMkh8m7TewZdzbHe5oG7-mbpqut1sCI-a6NVThXKpx9NQvs-ReaCY0HHcfrVUQq_EuKkunf74x6GTcD4AjvG8KvR1tyxAsQHzZld5mSY0ukoPu_oa3eGpckU-q-t6Vjsv-uez4YxPHYZWxSrbQtn6mwetF8arPsSpQiGLrO-v9gjfMk5Cei5LigL5axh158BXDXXN&sai=AMfl-YTLQTov_eJLVG1tUwkCPsm6FaUHsCSpBBRBZclaiMTzeIwHldiZco86HTYdGV9s-KzaYkJTFaMAAy1O6Xb8POyQlalU5i1eq7pXZI0oBei7OeTOGe86T4gZUtxUxInKPwMrpiUgAKrI__uub6xV8DH_kMulLTQjG-jLgKUEstpBHVHFuwGbTXaZqkkhcIYlECIq-hUl83pduou-cmbS-n-xNjMAE-fEBl1WZg&sig=Cg0ArKJSzHyl-iN32_CMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=646&vt=11&dtpt=526&dett=3&cstd=112&cisv=r20230627.45814&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 6C65
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH0ew-yEm0f8y8tU9jqOMSA&google_cver=1

43 B
61 B

32ms
31ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH0ew-yEm0f8y8tU9jqOMSA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNVbggKwaTQLHGYcbzwPyxpToMZXdKbvrakZJzZbv8a9VbR9WSyki35snR1r1tuCxMYulSDo2ug_Y6fJh2waoRzgSre-1PKwwAcN-bFu2c_HdzwOwueGHEmspNm9VKPHsmg2wAfhU5Lbzdk2xaBLJ6u_05JO11QhJ2j1LkOcwuwT-5Y7v-I
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH0ew-yEm0f8y8tU9jqOMSA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 6C65 43 B
120 B 29ms
28ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNVbggKwaTQLHGYcbzwPyxpToMZXdKbvrakZJzZbv8a9VbR9WSyki35snR1r1tuCxMYulSDo2ug_Y6fJh2waoRzgSre-1PKwwAcN-bFu2c_HdzwOwueGHEmspNm9VKPHsmg2wAfhU5Lbzdk2xaBLJ6u_05JO11QhJ2j1LkOcwuwT-5Y7v-I
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 6C65
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEGkX5dM2JRN9k3GpBFHY7Rw&google_cver=1

23 B
163 B

47ms
47ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEGkX5dM2JRN9k3GpBFHY7Rw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNVbggKwaTQLHGYcbzwPyxpToMZXdKbvrakZJzZbv8a9VbR9WSyki35snR1r1tuCxMYulSDo2ug_Y6fJh2waoRzgSre-1PKwwAcN-bFu2c_HdzwOwueGHEmspNm9VKPHsmg2wAfhU5Lbzdk2xaBLJ6u_05JO11QhJ2j1LkOcwuwT-5Y7v-I
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 01:27:27 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEGkX5dM2JRN9k3GpBFHY7Rw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 6C65 23 B
163 B 46ms
45ms Image
image/gif 2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNVbggKwaTQLHGYcbzwPyxpToMZXdKbvrakZJzZbv8a9VbR9WSyki35snR1r1tuCxMYulSDo2ug_Y6fJh2waoRzgSre-1PKwwAcN-bFu2c_HdzwOwueGHEmspNm9VKPHsmg2wAfhU5Lbzdk2xaBLJ6u_05JO11QhJ2j1LkOcwuwT-5Y7v-I
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 01:27:27 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 3617
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH0ew-yEm0f8y8tU9jqOMSA&google_cver=1

43 B
61 B

31ms
31ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH0ew-yEm0f8y8tU9jqOMSA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNX27Lc4_RarF0SxvLE8pJIbUpumLP94FzcK-4db15aNZ-_R51FdFeZ9DFBQfFcdQVbi1HGUpkqLinkmDixJnk5KDdUJxBi_ks8hVNTn-KvSABqwmQn8fGx3mO3LNV-hTvE8tC4H1gXrouNqWBcMKOtji31Qmc5Vu5fxcRIfl045bRJK-f4
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH0ew-yEm0f8y8tU9jqOMSA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 3617 43 B
120 B 30ms
30ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNX27Lc4_RarF0SxvLE8pJIbUpumLP94FzcK-4db15aNZ-_R51FdFeZ9DFBQfFcdQVbi1HGUpkqLinkmDixJnk5KDdUJxBi_ks8hVNTn-KvSABqwmQn8fGx3mO3LNV-hTvE8tC4H1gXrouNqWBcMKOtji31Qmc5Vu5fxcRIfl045bRJK-f4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 3617
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEGkX5dM2JRN9k3GpBFHY7Rw&google_cver=1

23 B
163 B

47ms
47ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEGkX5dM2JRN9k3GpBFHY7Rw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNX27Lc4_RarF0SxvLE8pJIbUpumLP94FzcK-4db15aNZ-_R51FdFeZ9DFBQfFcdQVbi1HGUpkqLinkmDixJnk5KDdUJxBi_ks8hVNTn-KvSABqwmQn8fGx3mO3LNV-hTvE8tC4H1gXrouNqWBcMKOtji31Qmc5Vu5fxcRIfl045bRJK-f4
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 01:27:27 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEGkX5dM2JRN9k3GpBFHY7Rw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 3617 23 B
163 B 46ms
46ms Image
image/gif 2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNX27Lc4_RarF0SxvLE8pJIbUpumLP94FzcK-4db15aNZ-_R51FdFeZ9DFBQfFcdQVbi1HGUpkqLinkmDixJnk5KDdUJxBi_ks8hVNTn-KvSABqwmQn8fGx3mO3LNV-hTvE8tC4H1gXrouNqWBcMKOtji31Qmc5Vu5fxcRIfl045bRJK-f4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 01:27:27 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 8CAD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEMGVVF2IPw9eEfeFJE8vzCQ&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEMGVVF2IPw9eEfeFJE8vzCQ&google_cver=1&__user_check__=1&sync_id=464afcd7-16e5-11ee-8be1-192cb16e0406

43 B
548 B

34ms
34ms

Image
image/gif

185.94.180.125

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEMGVVF2IPw9eEfeFJE8vzCQ&google_cver=1&__user_check__=1&sync_id=464afcd7-16e5-11ee-8be1-192cb16e0406
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNUOsoQg3uvArW60hbZ1JI9IFQZ-OjhCv92_LLv4T90k9uHaOgClqUPAqlM0NwF9gYwdI9AOoYtFKOJyEbQLB3rYOi72_pqtGi8t4JCzSm57I0fpqz5lor_0q3IvcmpBLX7WWjOoxRncJQb-gPpTdJ-fsia5hZtvoRrF50mkFGaW8WOTPbE
Protocol: HTTP/1.1
Server: 185.94.180.125 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:28 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 78
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEMGVVF2IPw9eEfeFJE8vzCQ&google_cver=1&__user_check__=1&sync_id=464afcd7-16e5-11ee-8be1-192cb16e0406
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 100
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8CAD
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDY0YWZjOTQtMTZlNS0xMWVlLThiZTEtMTkyY2IxNmUwNDA2

170 B
188 B

33ms
32ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDY0YWZjOTQtMTZlNS0xMWVlLThiZTEtMTkyY2IxNmUwNDA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNUOsoQg3uvArW60hbZ1JI9IFQZ-OjhCv92_LLv4T90k9uHaOgClqUPAqlM0NwF9gYwdI9AOoYtFKOJyEbQLB3rYOi72_pqtGi8t4JCzSm57I0fpqz5lor_0q3IvcmpBLX7WWjOoxRncJQb-gPpTdJ-fsia5hZtvoRrF50mkFGaW8WOTPbE

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 01:27:28 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDY0YWZjOTQtMTZlNS0xMWVlLThiZTEtMTkyY2IxNmUwNDA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 43
Connection: keep-alive
Content-Length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame 8CAD 0
125 B 149ms
29ms Image
text/plain 3.75.62.37

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 -, , ASN (),

Reverse DNS

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9589 43 B
215 B 182ms
115ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=927525e0-5f81-ea97-6ed8-778f6354609d&tv=%7Bc:gYQCLC,pingTime:-3,time:79,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:80,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B75~0%5D,as:%5B75~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tICH5JL+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C11631%7C1164%7C1171%7C1172%7C11731%7C1174%7C1175%7C1176%7C118%7C119%7C11a*.1484055-72040526%7C11a1%7C11a2%7C11b1%7C11c1%7C11d%7C11e1%7C11f1%7C11g,idMap:11a*,rmeas:1,rend:0,renddet:svg.us,siq:19%7D&br=c
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9589 43 B
215 B 286ms
224ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=927525e0-5f81-ea97-6ed8-778f6354609d&tv=%7Bc:gYQCLF,pingTime:-6,time:82,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:82,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B77~0%5D,as:%5B77~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tICH5JL+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C11631%7C1164%7C1171%7C1172%7C11731%7C1174%7C1175%7C1176%7C118%7C119%7C11a*.1484055-72040526%7C11a1%7C11a2%7C11b1%7C11c1%7C11d%7C11e1%7C11f1%7C11g,idMap:11a*,rmeas:1,rend:0,renddet:svg.us,siq:19%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2AE9 8 KB
6 KB 36ms
36ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63318d6406f707450076a1c41d436a0df11d5bd4feb76e4c9bf7c252d7a425dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5846
x-xss-protection: 0

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 883D 47 KB
47 KB 21ms
20ms Font
font/woff2 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:19:44 GMT
x-content-type-options: nosniff
age: 463
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 01:34:44 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 883D 46 KB
46 KB 24ms
24ms Font
font/woff2 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:22:05 GMT
x-content-type-options: nosniff
age: 322
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 01:37:05 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 883D 7 KB
6 KB 37ms
37ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

373a3f0f67372265d8bc59929b272c41173a20e285cd678256ddbd1f0a2e3410

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5741
x-xss-protection: 0

GET
H3 200 60005582_20210507060843268_Asset_Transparent.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 883D 2 KB
2 KB 29ms
27ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210507060843268_Asset_Transparent.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:55:33 GMT
x-content-type-options: nosniff
age: 19914
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2040
x-xss-protection: 0
last-modified: Fri, 07 May 2021 13:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 19:55:33 GMT

GET
H3 200 60005582_20230413245519799_300x250_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 883D 36 KB
36 KB 29ms
28ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230413245519799_300x250_LOOK-01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00867e4aa81a541e2fad8ba10b2c4e9a6b137bdbb4ba13fb1a38d2fea88cb41a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:09:41 GMT
x-content-type-options: nosniff
age: 29866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36758
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 07:55:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 17:09:41 GMT

GET
H3 200 60005582_20230413243008511_300x250_LOOK-02.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 883D 34 KB
34 KB 40ms
39ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230413243008511_300x250_LOOK-02.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60f46bfd81485e775d3ba7208cd1de8eb706639b1aaa338f371676199625faa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 18:33:01 GMT
x-content-type-options: nosniff
age: 24866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34621
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 07:30:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 18:33:01 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 883D 43 B
608 B 135ms
30ms Image
image/gif 141.101.90.99

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29115794_4307561_355029325_145340772_HSP0201A20230413&ref=29115794_4307561_355029325_145340772_HSP0201A20230413
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.99 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
via: 1.1 varnish-live-2-0
CF-Cache-Status: HIT
age: 6752881
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 22 Mar 2023 08:05:14 GMT
Server: cloudflare
etag: "2b-5f7789eafa280"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 20915251
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7df2a07e1fc93803-FRA
Expires: Sat, 29 Jun 2024 01:27:27 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 883D 26 KB
26 KB 41ms
41ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11065803848835661824/300x250.html?e=69&leftOffset=0&topOffset=0&c=8BFmYcr2d5&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:14:04 GMT
x-content-type-options: nosniff
age: 803
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 01:29:04 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7611 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 214186
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 9589 8 KB
4 KB 36ms
36ms Script
application/javascript 2a02:26f0:480:9::210:ee04

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=20309721&cmp=29968277&sid=3288807&plc=367565044&num=&adid=&advid=4309118&adsrv=1&btreg=558488208&btadsrv=doubleclick&crt=191643418&gdpr=&gdpr_consent=&tagtype=&dvtagver=6.1.src
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee04 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 104fe1d096865fb450f1d921b99ea70d85d935d9c8a2e88e980de371e03ea9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Jun 2023 12:21:21 GMT
Server: UploadServer
ETag: "4c41482e45017a01683eea2db59c11aa"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3373
Expires: Wed, 28 Jun 2023 12:36:53 GMT

GET
H3 200 index.html
s0.2mdn.net/sadbundle/10454987525626607892/ Frame 54F7 14 KB
0 35ms
34ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=g08B97Pq5C&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2994
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:27 GMT
expires: Sat, 29 Jun 2024 01:27:27 GMT
last-modified: Fri, 12 May 2023 09:19:51 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9589 0
0 73ms
73ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst7GVuWX0czL-wZy576vfkekq6V9aoIMeKI4-r7ulfda73QyItMLsBByiF6q8wgW4iq5_3nxT_TNNYQgnlCMuyQ6hCZ0mm1t5R6JNwFpjSxEWXMe2t_WG_IdbzHXZXa6xRETz5W8SB9yAgMKU7umgj9oTUcLjyAkZv1Df3mTv6jttO7U0Sbf5OpCsNYcQ3Cy2ue5RCZ5Jy4w5YvkPkow91VGfeo-1CSRW2gYy6DJ1l43UzPdkcSVEXSdgi7I9cKfTqM4n3VME_2JZ-GYkZ8fDaqXgFvvFbPg6FOxAhktc7G1p3gASozUdfK1ofyHrILx8_vU9Z6NIhnTrpyFQgoRnC_3KVTJ8UHWEoeRl_QB7ArXbiJG4QKJIdZWXtVpkhwIZlBH3Gh_2ERboygd-PIyVAeCyicMd7rkF7YUKy-ZGetg403o5vN3kdxsC-7T34RS2XzV6ehm4uGdZpbibB2kjpEEdZnPR2qU1Tzq8gxIE7paPPoE7dNC3dDv8d2gfHoBks4u5V-pAq067Djcsj4M_srjIve-TLGnKT92Xbo4EWUkaCIYdElQiWUaJYXcP1r7touGRBRjMDeoaZLMuVB4Xhrdr1OSdE1224d7XsjcXfLF4qxe0UJgjFI79PQhsR-izMKncHHvydSNyb90WcLKydaNZP6viAcgseFlY-gC-6BLQr6sXmtjJohCk7sZEEdPLsCleVDYDbBvINWPnXJSGtZh-Nmwrlp8XHGs6vwrPBvt1XImSSQNMUGJjipA7zj9WWAU4zFKTMA7EhoH6X-Vf07cV6fWJzx8fGQayU25j4hYRHa88OKuKUUSX7JdHSPKYAF6XJtJ414Ik_KYsMZ-U5kXVNE83Uo-3ZEOnXAnUY5pTsCYsDx4WUJYU6tStiv-70pQvVHzXGQlQj6NIKifxShHW3Y1qHzIZ4A1cta66OpkPnpRd5p8vrnn_dFmn0bz-N3UTo4viibIWnhF_c_QcNaU7EnbSG_-LyW7n_L29wjzzUVYmfX9QvCFAizba8XRFOgEMcprCZ1YFD5iCbtzoNKhqN7DRJ-ieDpzj4MEIdw9gffDXsCmEbYOVv0ac4TPPLnorbcBWgAXH1fL2dhKWv55ZcJEPIlXvqm5ewWiUhw6k5s-j-mN10JtAYnhP1T5j6_R5Uii1s2sLChoneEpj-4KaH_sLMi89CZAHL6wB5HbCpdub8qyqjC4clGa91irHRjgO9vCQyb4nr-eaLs1NZP3uRFmV-SfrbQgyjmZFf27PRdfze3DkhugHpDFhVfMHFgU9tolCfICTAsR8Dxs0XmPUnnASYfhlISBwpEaqDkskx4epjdqG1G7r1qbksjs3GWg8Xm&sai=AMfl-YRWYjGJe0CBbYas0_hOKvFEHU1Zz1O5Ty1HwYSxUd9bKpviOBvxqhXTUB16hijebmfCJ_NTCHaonc0Yc4LKZjn1tQQ9QcXb-e956CIa-nQbZRR0KkdjRBDlwZ8rH1MdEHNmnCGDLRA-il3zP7pKVW_wUbyLmwv2dvI_zFyU8G0L_D5ruNrNIGdSClR2Pp87TT-j5A3R3gG2fTsGGZCmY46ZpOgbX6OUFZZlZw&sig=Cg0ArKJSzOUgrjvK9B59EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=370&cbvp=1&cstd=362&cisv=r20230627.66192&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame DE9C 172 KB
60 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Origin: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame DE9C 11 KB
4 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0HHK5ZvpWcpbCqWtCsC_F-PZvOkafhQLLSktjfvMCnvQOvgt3j7yEGi4jJF28FmgxaFrAOwtWm_8sxG_S2P4Aznu8wKu9cbxPmKYmPEppbetdT4A&cry=1&dbm_d=AKAmf-DvX_ocpVKOBcZCatEmAoTZUZArYQeD_ObSBi1gpeOVXOWnaoT5tL1EHNYqOi2L47moljLJZDwgMFu8-fGoZZyQk_-17JfAxcjnHl8dEkmEZIXs3CPncVk-B5np0No-GHWS669dSzOIBsgiQh_MJGiN1ZANXFT4xiEgSM1kVcP377qhC4LFwIJ_fNT8kNeCOglTSJc4F9zkIlTM2prc0frMXTQdWk3lnNJAxnNUyxA6sWmjbzEmGpZeFX7AbncjKUgx4-SspXkHqGTv8p4b0djOJ5YXYIn-XOjcifakv3AF2sLMwNoFFvdfbhEmFvlqh2mpWVbQWZEa53soV_HCdadupvvheD3mJeOUN2hW8qdBSoYJjSl04jBPtIdvn8bKHrTwwgk-uMgAvnzruyn5VJfZ1JerQkgCLXIC-KtNy6h-x6mDwebtcx0o4BEu-_X_vvujS7IDXZgLTTkuawtG2wRJEbUi1nucOPcyNu6CaWtfcBmCV9I6xupFuDMBofQM6ZA5qenST9lxQdyYkiqEHNGhrDxZP_t0LLRgNl8aWRl81oAttmMCQ35uD03D77H1YDVUAW7gm9hJTNtfKm4Hzq2gYID99ZvnxedQjckHcMXi25v2SR0TJgHtxH1mvgXuhP5TD1Ts9_g9qGjayluF3580Ns3Mk47goNQ1MBMKCTwtTPMCrNf4gdiMPqx6Wdcnwcf4r5FryGqKggeKQfdevxNqVXS7KxHP-k6_QvQZWbmWENzwvWxraLZguQo-s4Bfmix07EU2QpH9Rl9jmrfJ9Q15c-r-6Wjc6itGgCbfDv_dHf-HEmeceklm-NeVOl02BiGcZFbMQP3pmUlBLnX-jwXJXTAwXPP0uVC670Tkjpl54qA6ilF8kDb7M0cQHdz7f9tL8Df6PxsxSMqd-ldNLVmWkdwX9ghowxx0R5zplPmIgNHu-Cl1zNAkevrJ_0bAIuZXIc7VTbjjRMfQN0FowmKpXZ2jquHmEk99GJXxxENaFFmOeWbsR4R3DHfH426THDB7pC1cc7apD53MN1Z0_KoqeIkPWI4o96qyszBt7u0sgZFX11tkKGFb2yBsQU2yqdrCB9_Mc20K2IZX0ydcsjkSU9Y2J0tcLzxooYqorYj7wDw_nmJMvspnOp6y3E11GXhG0qwev7a_zwUFAHPauy4YD0WyPl44hkvcVc3e8_Bf_esDA2tLa1mxYB85dPYDMMQkSLQdttaiHyCuOCMn48dxB_2NRH-JHT73f5CjOyGqoTunPslxfvwNz8YZvWoOtHYFhteVJxq6OYhTQOdAIkCzvG0AubSJ75x6hkjNUVKj4u_fWRN0Zu3DkogoPKMTcix_pvn0ZZVP22rpJ83g1z81lNcM1Ni2LPR9lYnsa2FdV802982Cc3NaZnccKS0iETPMS6dm8ONIc0JqiTdKKebBHxTShZAU7rMwyWWGJaQZukLWIQYayVMbpf2uwNEszZ9rqaS7m5KltKtTuQKvmaZpC2GGrJE3xBgTedZ_qlzcKtnVUun6-NaagTxMJA3LqJfXkHo8q3T8-vAaIfVi2SSTtx9YEXN8M61kqFSq2mufth4KNKywjiaAxfHOgM0gmjtbnBON5V60Fn_0xihLz8ZTvUXyo5JDo4CdCs-TtWRn19a3Tx33c42vzTBYhPEbIir1PQSX9ifsjyTYqMomAv92aJP_1XIQi9X8GTEsM5Rwwd3GXHtybtXFYwc87DZpAAFUpcIfOw3vLHvvhbDe7f7ygXcBUkJb_hOUV8DH9dGlCH8UdK0COcE25L4ZoOMTDYMnUIUHruI7ltlR8f-hdUvjHn8Iz4KIKzF80klXPh-SDBcgOeb_gLaroa9GuVNjlpKRqgGuqwrbVmbgDCc2M3JiAbOCz1CHJ1X6I73gb4q_E008vsRuf1HIpOSXYaRdIzdzztLRIOF8Hmy-eq0ZeMtCL-aQ9JEk4waD1V0NPPAFZyEBnjaZl7e5PtVN4A-HXUdNW9ZjWxrk1NYVP7S8nHvwGJ5xAHK3ZzWucZOipa15EPT5BDND7ROXA_8V72dOHMnkeKmFHT-arjG8VbpAZicxvmMSdUq7qjAPYG4A836mnZQ89lkRPihYnwtJiCeFmZQF9P3Jl_z8oBgfYg1pcN8pOOgHfDyuWl7vLPVvUzVDuwXbNzT66IUiSIDplX7bXbfXAbI9HOU2Av73RcGXr_UpmRjMPCESx9gWDjQ0W11brJiKK8Lf_ooxYWy-eW_Ip4MOruhpA2wcqk0ESYlZMtWjuekCwpjc8fAHTO7xgcUBbfYbt8tqBecAuwguRCVLqBaV-GM8_6RPIvt3jMJ0WQPBMywa15qo992D9aALjOVB28Z7SFhLdcjpYyGv9o3uw5nwm3tHLTSpjb85RrveWRvHVFtTY9eO6j56Bn1m2zumtIz9u-kLdh3QnvHeLpRu6JF9-lMcqGv9kCmMFnx2a6Y3frQvyq8cK5ZTYmfEt3gbUtLOR7640c8Ulh40NvJPsaBwoio8kiElPo91rtAkmaqunFukC_vsxGZ_7k1zQmezUTV59qsISF7qDZm90n6VlItHxIJbJumAf49MM4JoNZhinIcGj_vSm00mCpZ4AHUyaz02VrnRUH6M3tQZllETXAdx7BDn4jvn4TgX8YM4XSd0k4lX909cMTC4gjEcD4QuQUriKxKz6eH8lPGRZ7O-TGSVYe7g_dK97wqBSwCojs_-9Ks3V-MdNkof7QS1nemRRXnIezrPE766w4H0CJfjfJuMjYSVxYFsEFtY18yH4NaipTJ5slrCtFFEM34v_UEFIBnQ1uGu9ywTo84k1QoP1bISAaEorieffScI_F4PloKKouc2VMEQmh0SRctBlqUkd87Rggq_18yLSFskBsC7hgUVLi-4qpyhIsEXYTycl7Y6tk_qfjRcnX4ZXqabrItH5ctT5ngMJ97JR5l94RhLwZpwC1GQ8js6qzR2Ckw-C5tXM_2v3b1kll6QgqxMAMpee91j3qRtMUk-xLbv8bydYwhDaSUuxt_RwIFvRuEXpzEqNbIXV52VFTt7yoysTdH0xEOz3Yoo7fHhsP01XyCCuZlyYB_ziwFgUfKizTpBztP2ZQx7CgWpRe745zrK10rQ6PwIjONvNIy_FyhVVpqPfGs5uVL2f_RAU5cL_c5ytYQj3cDO-4EagRb0CjAf7OhVM0TEIgnS4DXM-_Qj72TVdkB3esfBNLKQWXbOoW84KHqvO5-spe9hImjBP9j1tB239IIFYuyyhlyHkEkSKjfwExRnrkDO9HM8y8UuohjX0iz2ZSBsIVYFyBHqXN3xBjQpt4UTLKpkSbNIHMiDrXbXZhAJUmCSZ2pPhVaUtcGSyk9WsSshPndrQOq5BFMDBmPyVcbotC2-U-_kW3rNNGQvIKKJrIDfl4V65Cbhh20grgds4lninQs1t7eJGEyyXY_sYzjFfxXBS-gQ-eqyJ_lxLEEp13IOH99OIs01LTatTf_qVJmdb81fT7IVSwwM_-QRwCEX-NFxcHPqKIdBsVfFryIRd5I5&cid=CAQSKQBygQiDwB3moKiESK5PpNvQ8_CnFKRXDDML_mAVzIKcBtp_ImGBh9A7GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=3531221117957339000&adk=578009112&idt=39&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame DE9C 30 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DE9C 41 KB
13 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214492
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9589 43 B
215 B 117ms
116ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=927525e0-5f81-ea97-6ed8-778f6354609d&tv=%7Bc:gYQCMH,pingTime:-2,time:146,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:366,mdZ:424,beA:610,beZ:611,mfA:613,cmA:614,inA:614,inZ:618,prA:618,prZ:624,si:629,poA:630,poZ:649,cmZ:649,mfZ:649,loA:692,loZ:695,ltA:757,ltZ:757%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:147,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B142~0%5D,as:%5B142~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tICH5Gg+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C11631%7C1164%7C117.1484055-72040524%7C1171%7C1172%7C11731%7C1174%7C1175%7C1176%7C118%7C119%7C11a*.1484055-72040526%7C11a1%7C11a2%7C11b1%7C11c1%7C11d%7C11e1%7C11f1%7C11g,idMap:11a*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:svg.us,siq:19,sinceFw:127,readyFired:true%7D&br=c
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
server: nginx
x-server-name: dt26.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1484055/72040524/ Frame 302B 244 KB
74 KB 51ms
51ms Script
application/javascript 34.250.56.160

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040524/skeleton.js?ias_dspID=64
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.56.160 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 319e02992d9fdfe5a963ac207347a0cb2f537a565cf6f9b193b261ed39d5db86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 302B 172 KB
60 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Origin: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 302B 11 KB
4 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeLw5vNjXHMeb_Dg0g47xC9Y2M-LNFI7fHtcAoGbZpM0jouQiqsE0thqDBKLGavqMODBWQs_ZGDFylrCfeEgPZK3BW6Ql_fpF5050k4beNkLwx5EJqru-NZapXByQ3SkXOC6BbT-LNUvlhe-97qd6PRn1vzoWPhgt5xWj2PWb4MkZ--gQ&dbm_d=AKAmf-Bg9npkn0GawAR4w_7FwCjNtCYtHBdwvrGuyTzju3Wy_9qGbPiuBm3sOc2PtkM7NGlM-RzSkB-DkVYkXwOuRc05NjAfPwAKANQsJ3ZnW4iRiDV5GcI7V6hAKbWna_HIe3s71Yl3fYT8CsVqm5hnU-pOzhZ7KCh4WcQucmZfQdcN6Tdv6ZmFO7B9nYOly-6DnjOA8708NE0mhute4EWXvjh4gXHnyNTsOXncjRdlG0sWbFDYCa8ykRTZi40Z789ZdqefQA085ocZQJ27ARhsDKKwzMo5lShB--ftTFdpJuoPhdLOMamjC8zaXWo5D_wsvIuMTt7fYOKtSsA39iiO6nRox8611DRPeXOupWTXJaL8hnJwIVvqDfTks-rgDGDKw_7GtiPMoOwpqc34s4B33AoK8Iqe3o3HtzQHYSqJ9AygHRw2tlMpdUxU84F-Xkj_Yjs551nVAoTx4sMV3P97yXuhw6AFQ1HKCf0DQP80GgOSBjzb-TSBuacpfHdBfDGUdBjpjlgTjQqDgeG4t6kidpJCFUVTjLHuDTFC0eW9tmPtUTY8Jlri0yjGgd3fW3pKgHD5Z1xPB5TXom5a7YUlsAEVz8DAU9z-8iEwFP_55rvaBoPZEDfLOMss9Z5Yf5_ba0iXgbImJeardAdGv7Vp1w05M86gO47Lp0vasKVn3ZqhOuTWDoU1nlOqE-AwE2hagXYxieVSJqMS6w6FcSanC4PvvkPvbJQyx1SI4fjYT8iMgeXS5yOBQk2xQT2IJBQyy_iwg0Qko2J_af7Zg3Gg_qiR_xBGPy79YTKmeinTA8DaShy6zKoX7oWQa_R01oPRyq0FJ2hzIHOHiVPQrSti8Umo_q1RH8rYi3YjhXawD1kNTm5PlXWT51EeImb9BdN-uP5jd7eRRGdYlcAX-uYOfpqd9_4Ogxkpi_ZOumCnTbOYIuVluyjGIIQqEH5WBg1zWJ28pQ7B9X0HZsQEznS3RSh_eASEhCyUGKxN3J4H9M6SAzGqqG-V2tmQTCl7kPA7Cs-N9gLAAqin1KaejGh3kjVWBP-eX9K24xZJvSQ6-bfxUOUqmC6naNn5rC1H4VZSG5-g3WruA4_-OjvLkdw4nIEAgMufTQgvP_WyosLGqjCivZGmDeF5yuX2Xl7ZTqc9rabcYe3E_MjC3gCXEdYx3PIsZe7lzy_xAi3J8DI1A24FgyViPOpZe6rXDdOLwGX_6uVAvMxdAf968RBJuxgVEO7Xd9JNml7UNWPBp7uiY3ABWCoEEh2ZKkVyBlEt_Z-IR7NyZ6gpxNbPffDD5rqXGhlRSOOPh1oySYROopydTUXOmsk96RuM9Mh4N7W-V8-SQkouHBJlQr8bMjMHV30ar4DNYgVw5KJo9CvLkeCgjb8Lb7kaWrelT00q_Z97M5RH_LMKxQUrh5zIpELER-AlP49kWE8JltmoCRY--AwFiohBiaeEYqVjEmpbgQ0dUrIHPF-1TB4d0CtvRQfx_dyXJ0zwyOZkFNkx6KY-qlWigc3XEnfHNSxPM5MEy2yI9toHmNM41ZJHFxM3jq884S2CsBV_y-McXqGWqiHqP9USFfGcC7oorY5ea8HiPtN37YwH7jNIs7eUFUt0Fa5eWOqc3NYl06MnANIHaqNMcorCSpOveo_rUaG7i1jhtzbfvJB2V9yrriJCQpW3ijyVFmmKaVsKBDmLGnwz8pIwQBWLfWFBxcRrHmnFtj0PpNGzhXZgkbONlP3_D6VAeCVLpULwXdTavze5eXzdyKF52-rGD403D9X5XI_H_Zl6UqLyRPhhNxnZVJuCcJD8vvilMUKUr5BijeAqk0OggdfJXDVx_4BLskXyBqqB5Qew-1x69SDVxPtuueSmgaOa3TY_lvwuyEsB0hlHyyzqvHUtnv_IpYalThcnuVGmQL7tnohPkxM4Se8vMIntEnaCeXCvc30oQaWHXl9V3PsruvVcFSgzW5NolEv0ewaECYf0QL_fir-cz-ytKpMr3JB7aov6euMz_hhRGxxNNLlPCymhg18MNY9pfTNADE00pZhqySTe0ESNnDJQy6hQsPY8EDqx2dIFqd1GBZbxPPI7S24Zi4c4Fc4O9ca35z_LgSnKiD6huPqNXVdxTfc3ZLxsUFdCERzYcP4mOa5MKFIL20nNIDRfITEElrehToMyKpAdelwidjwsjlcUYztfC-8jkRD8ep3WKDzUC_Yx3Kn8a9UlU-zdxrB1FermlWcFu4j_ynR_GLukP-Zb2aFe9CniufPpG79f6b47V5qF3-l8iW9mpJteo2PU4MZWnVzNbYx4QVtwTvNQ_g0aC_sbXjfpTT2_PjuanlJWVDO9FYJJN0kdHVMzEghgZDY_3kynFZTsn9Oc0Mw_7IuT8VeaT8_dctkJgc8amFDrpH2SvW5lbl_8QdY14Wq2w2JgfHYZFii0VhSTP-56CwtkXF_Ybsmwd737d1tb4s2uaWU1SWQaLiz9CdLGQ3oFJobtIVUsAMrcQPr1vUZbAfNFi5hBK6DxQqA8e8LoZphnt45woVemINdNbXMa7-_KCF4JYBq2r_WXDiMUL44JNW_lYtvfF9HVizEiYuJYX3J2_jdInKcLCB9AocTEjJYA-ETJQZao6BSOC-x61K4enJdPqO4YomlAvJTedsczDkQyhi7ca0-IS4IEyFPAMfDm5gD7PklWOEzZ3-j2dJTCphwiSuJKYDmZaOvHT-88tQXuVH0is5yZ7uoazAvQmrVG5cc0G9lmZ45o-F8Q5WmCij6unSD1G_FnZnGUxqUkHDxSkd1eBf49GtOb0pPwVjvKSBRg67xFNBA0WfGqouwWFvSpI2r1uHDkvKrQ6YB8NJK17onNOoD7iSW5d6riAS0iiTYobp-zWE7vMl0gOHSSNhxkZjdAXjecqha2VYV9pg-AhFNyrVpSHLuToyM-olQqVDq7wHJuAFKNxyKKso8bEXjCNFpb6shXqVV-XzzIUzO7zLwL7QjXjp59H_VtGar1C8ZCECA8AUlzbA0coj9K4lW-31fJgbjDkC6BfIZc7b2J2yNCaBphAcQ6dEiT-7-6cspVoypItNoep9tIaxRXukV1zI-yYqw7z-vPJo7jM32krxDdZEa-7FVPPn4XfXqDMPr3EZQyl97FsVbZ3qu8f2ev4R4hJpLCmv9YvSTuW0AYS-_mpqcKP-nBKWL-amfySXgdWGiR23-t9hU-vHx7NBkH7WHf52_gSvqfqsj2fkTD1zApuvkrr1TzmB9WnA7o1eso18NaRMBsM_eGS34gh-iuM-4sruO0wHff-ZgWt0ex6qcs4uMCLZMsm_jQXxG_Bt5ZN9VXGiq9DqLObTeFgfOnXhP_qlIpdDIC6t_RpYBq1MhZEw&cid=CAQSKQBygQiDHKJKYP_dEa3KBWAaS6LnORSDjDR-akXvFKapTnYeOnLt6_BGGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=8763672624534790000&adk=3563752640&idt=46&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 302B 30 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 302B 41 KB
13 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214492
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H/1.1 200
OK ajk4xlebn4mw Show response
hal9000.redintelligence.net/zone/ Frame 1B29 10 KB
4 KB 101ms
34ms Script
text/html 144.76.91.199

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=7593337796467216459&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DqE7lJorNfoIV5Z4OgUWzPw%26exch_seat%3D20035004448%26mt_aid%3D7593337796467216459%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_cid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 977591ed4b8a45e1a98302cf30f4ea828072be585e68c0407e513e6eda31b432

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3467
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 1B29 49 B
329 B 87ms
28ms Image
image/gif 185.29.134.249

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=7593337796467216459&node_id=4046&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzI0LyAvTVRCaVpqTTFZMk10TW1SbVppMDBOR1kxTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzc1OTMzMzc3OTY0NjcyMTY0NTkvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1OUhaakZtZlQwcnd1c0YyX09OUDNoQS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC83NTkzMzM3Nzk2NDY3MjE2NDU5L2Ftcy8wLzg0LzE0Lzk5OS8xNjIvMjAwMToxYjYwOjEwMTA6Oi8wLjAwMC8xNjg4MDg4NDQ2LzE2ODgxMDEwNDYvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8xLw/AYmbI-9lU1IkTYkknfzPI1Z0KCo&nodeid=4046&group=cdg&auctionid=7593337796467216459&pbs_auctionid=7593337796467216459&shardkey=7593337796467216459&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.161&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 -, , ASN (),
Reverse DNS
Software: MMBD/3.393.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: MMBD/3.393.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x101, cdg-bidder-x3
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 1B29 43 B
418 B 92ms
33ms Image
image/gif 95.101.148.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=7593337796467216459&v3=651871&v4=4562306&v5=6622332&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzI0LyAvTVRCaVpqTTFZMk10TW1SbVppMDBOR1kxTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzc1OTMzMzc3OTY0NjcyMTY0NTkvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1OUhaakZtZlQwcnd1c0YyX09OUDNoQS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC83NTkzMzM3Nzk2NDY3MjE2NDU5L2Ftcy8wLzg0LzE0Lzk5OS8xNjIvMjAwMToxYjYwOjEwMTA6Oi8wLjAwMC8xNjg4MDg4NDQ2LzE2ODgxMDEwNDYvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8xLw/AYmbI-9lU1IkTYkknfzPI1Z0KCo&nodeid=4046&group=cdg&auctionid=7593337796467216459&pbs_auctionid=7593337796467216459&shardkey=7593337796467216459&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.161&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.148.198 -, , ASN (),
Reverse DNS
Software: MT3 1031 59fd23a master zrh zrh-pixel-x31 config_version:"1524" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x31 config_version:"1524"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 1B29 49 B
328 B 86ms
28ms Image
image/gif 185.29.134.249

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=7593337796467216459&st=4562306&time=1688088447&nodeid=4046
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzI0LyAvTVRCaVpqTTFZMk10TW1SbVppMDBOR1kxTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzc1OTMzMzc3OTY0NjcyMTY0NTkvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1OUhaakZtZlQwcnd1c0YyX09OUDNoQS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC83NTkzMzM3Nzk2NDY3MjE2NDU5L2Ftcy8wLzg0LzE0Lzk5OS8xNjIvMjAwMToxYjYwOjEwMTA6Oi8wLjAwMC8xNjg4MDg4NDQ2LzE2ODgxMDEwNDYvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8xLw/AYmbI-9lU1IkTYkknfzPI1Z0KCo&nodeid=4046&group=cdg&auctionid=7593337796467216459&pbs_auctionid=7593337796467216459&shardkey=7593337796467216459&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.161&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 -, , ASN (),
Reverse DNS
Software: MMBD/3.393.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: MMBD/3.393.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x84, cdg-bidder-x3
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Fri, 30 Jun 2023 01:27:26 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame CFC3 172 KB
60 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Origin: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame CFC3 11 KB
4 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYn4LXRYdpshWbiK421KXS6jK4dndT5GeZJYfpfs9pUm34X0HL5B_ooRDblqUguUx-06W4Wpc7mmkW_2P_vio-ZfXdMCMNw7X1aFuAXaVmZ_Ma51Q&cry=1&dbm_d=AKAmf-CsSDuONJVXZEQApVZOTD4NpowG5GWOgc37kNMnQVq_Axq1rWpywUCp96z2y_XligUau7IwFzEz1uEMFKZXGgMmMP_4odkqcrOAz7HACKnkrj0n4medFrqoXGyuw3s0hlTIUg3zbmb3Bva9BVlwL6pkQ41M2ER23MZLGsJKgsZqRd3rz3UOGmovzpgrZsAY8xAynuK4AcKZEHB4l9dYiOSCWosDSHU8HtCsrW-_ASpZN3NKhlvgYRe_ufSiv5UwwguDti69hXXV53pz9BQC9i3eo8mz8hVGEhUkAfRMGDdEehdc1I6QZ83qc0yJ1qtkDGhujUGDghkQowbnctOYwTrFn6j-xfN7vSqpDWBFFQqifNu-RM9PepAso41PiPfSo8TIxlQTo3UZ1MFH9W0g69OGhCtxGD2eIa2lkbmHNMKZ8SFZPFZgkXVuJp0VXMjby4jpGgGUBjPuseqN9cAPvPHHxrqKuR__xhuwbTjvSJsYDwqYdiUFap2xKCYx_ms_9yLOo9m5KgbVQ9u1FJK2j5lm7nGYHgH7gNp8s_E7FRndTiif12HiZcaR0-hsbaj-at86gojtGsAHFzUA5IC-QjqAHlLyHfGQ_0FVMb0WPkPVovKtkEYCQ_8HGvH_dUxWcHXBDefo4_yr3LXfDIx9EmntRXSS-kYfyH4ykmQjr0by69DeM8oI0_nY6GoLoJpI54be0S55a5tAaTc-viNEkBbEqz0L1DxBg73uaFIunZYs0F50Q-F9HKcX90IP2-ly1Owa_6BTeSYHho_9gxBEoIU85liKoo86sERBgv77vxU-WB5katgWJXU_V7TPE33u6nJ4079zPWDtGokHJkSeSyCNrodfZEXSb6_JPdRMnFiNmC4K4mbRj4gDhjH3iAREGWdR5y1mcDVVppWl0faP4EcodEbZjDjALB6H6DQWOax1cd8TTMy0LwcUQEwKbIPlFASm4MOkjvPV-W3qxgwbPw1abZ9pBL7X3uvYIsTbgJDNCQbOhgRt4OMPg4_ElIjA0v85Eihad7-5YI0DMcJ_IwCP386I6QN1CstxwebtzcM0IU4iyACtCOnZRadfrjucCHSRd8zheUJlGaoDB_GTzEqxu0V_qE72gJo5ZdFuPwNoGUEDiXf-eXcu61XT4WRxkj7AKICp6tP5CoO1eZc-Rtrn3hzuo_fpZb1r_l7yOsy2LC3ktdjJYfX92qnmejBnfqMLZ_PvKwoZsbhmUCWycI1ibchupiY_iWyigZLHJgk0Z89BvdWIHm-5SjoiRm-Wo0vMKLq2Miyf7iEyg1e9Bhyy1NVAn7jFTwoK2bsWGjaOORuJIZkzbIAA2npvjdWfTmZZjW6LhzyrZLU6ZZVujuATMdJ3YoRPjjPwSJGF0DmSXFultiuoCrEaVJ37GGlma6Myo5GADNNQpc1wkbD8xKhhf7ZfhcwqY3VHOsV1uFF-ohO70TUDN5tQejMx-PejPGRANHQMMpXwg0LFbT8BCulnpJox9vWYr6S1IMop2qgq4O96GpwsBqFjGPwcfaPTGjX4C6fzdKRIkiAzEoow1WTW4ob_WfW97MDKtGD7_YtAByA27ZdLb7OTlnSr6qgk7nqGfkd8qBnTX9sJXryl0GAX27LlFGioNBIUCexZ3x99i5RJdMl5QkYglRRhhzu9-ertm2BWyx_su7ojppvkxADOGtZLccmJjImSfJ4BfV3oIAx-8TPQ5vqZerCY4VJkcKIgiU-Sv2ydyFFLWMMIIZcjNJyQlhxbgkYw9LegvZO1SDNbkQBhvBytEsUANoB7xpvBPEfmcywJbTfRZzxdIipCEOy8p_7FXYfzLqY-a3jngCFndZC2mkjQ5ZqLHOIz8AHvRbJkf0Zkj2J3JS2I08SRfaW2w9SxLSwS5BCYBT_1XJBfLQunz5nyQW_UuQFaKXTIfQn5WyE_Fd3J0ecBwvuJnkWN0B64FrYxfZbI0wcWD4ylJ0nYaIxCgs5rx90esIYXi0H6Ue3PNLt6ZbMwMXF1en4FYrAZelaGWFf4g7iOSXFX3GHOLNMmEL45tORfHNLMQfhgBnB6ImRBMeWff5YVV89oAxjn06Jr_raQjjf43iuk1UfbhNf-q2mhGPFoZbAHZRvqNkCPJsq-QPp_sgipJbnHk8AV8InE19g1B6YY4hCDN8o6pOcV4bqiCLBdWYZVDEnBNNMoWA-9xoQM8_gDQp92zocIKEnJyQzbn6mNZngnxofNFRScQRxetWoy7YAyDMfLdk9MtHO1gSqRzgexK9o_uwRym6Phq_GzZgIbkMYkK_0ZFfN_o49CsA9AA5HlFc0vxFmOPw0Dr8c_LQEDFQOzje0YHID569agSJB9NC9VG4x77d8bv4GxhJgzi10ZUzfrZkSApTOcX0cpK6ScSrpl5iq_gisJKa7Z906xkln6FlG8AnPqKZTzZzXc0fi5zhtEAX8yhulNMrTWK-Dr75jjDxYjK5tV0IgJB_5GiS2LY6vfpVd4JrMBzgsYF9a7whBWGLPcRTXx45F_wSiT1hTMv_1HfunvMmJJpYcA9ySE0uLK7JS5Ad8AQbs28Y4wpHQqij9K1Oc-J0GqDAcpPaA7kltyZOWjNOatSA3nUKfOq7OBgTRnJwVa0lBrbMZe1ZwOWfRwXxe3zf52dnOjoc7so-PkDk4qVd0Q6iqpy0T4hGAfAiqpbYtCWaklJcRgofVjFu-z0unpfmZW02FOltXgbHhl8QM4YtC3ifxOn-9pOaYn-YIM5ZU22_ye9SnJq2vj_tAdprVfzYwy43H9xYl8Ua2OmrycLueXRaQ__l81e_zdo-Ipcm_FGgJO6OWaU9VnLl2wlVe3ZpR41KCWlZf1btzBuoIbi14_Ser4v-VZ5NhGNiJOaZShAhCdAwXCjJBw9o7YvzxjRNPIF-X-S1GK2cuFiLu1L1jNT0mqPhmc8Mf1m8cZc7AQR1k4FVFVtrC6yhR_xYl3Ktr6re_wueTnuKGDlBdN4jQlZt5lnIU71klsfsncLF_IsGIivvq_qR3--jDG4qw7kJsdrnrpiovcFvSsFYrwsFEiGw5NXaxRqZinAy05DE0lsv2O14yT5a_UBhtvbsLqAFqaWIJ1XC2JYnikBs-7Ztl__VnekcFiExFPhLHpGDN-HmEJ53teE_uxHCqxLqKrNW0c4RHLP4IT7Y9hvGGQ8uqUtQdJidAY0SHChu0eo1Yn0PEu6kFTVt0Ju_XR-GueCQUi54Q8BPOf8bcDi32c6IMkuAwxq_JeE0QPWJQ-jpjcXH3ZOUOLm9DQph2R_FCCNvvFYXnWtjbN2XnX6XpF9GTZ0__-JoercwnI0KgNgy6zL-qRmJC__KDbOhkgqNP2eUUblgwPJe1zh2rHg0sPFrkSXNBDo8lH6lkz-Isul6S9XN8WwzRv5eWMWVw0ZvGAvAB543fVU5HHAGM7DzWRq1T9YhgGskI2lefAqNKyga4AcvvdTEuY_CYQTpee35NUC0PzzkivpQMNfx6Zvt_QfQiPsJx73S8CzHNuWyGFVnaqMWROzg-0CpZX&cid=CAQSKQBygQiDsXS53_yc19vCKcGrEzk4A1nXCl4oWHLmD62xZh48LqrWJRzNGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=3661558560668543000&adk=2754877854&idt=66&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame CFC3 30 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CFC3 41 KB
13 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214492
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 35AB 172 KB
60 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Origin: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54603
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 35AB 11 KB
4 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DJpKarSBjeFIgEVg7kenMqy7JfMngLmaB1xOyKbZfEnXe7F_8Cl3hn3gkORKwzgPFwomXTrlpK3qqQdtOcNvMeDr2yXA&cry=1&dbm_d=AKAmf-DnRk6R6SOkE4ZeF3RWqkHbnt_JoQ0p4gbeTkUrXn2njjXay0hKNuaEaVwqT2_OnR8xAlqw33sQkNkWj2SbmMyimz0BDjX8zNUYX0T2fRT1sVbWSbs-C4W3qDFdlw1B12Ff4wjdfNVupJYk5Muf0BC4d7rxp3rlwlc0dJ_yQIpsishFDlqRb4avPFz7ylWTzfPDbrpxnBcV1sGQxijZqxCG35hw6VXkQZJpvfHfjnfjONzYuohh_W3KFEx9Hx3IsTGen2ImsHwqoXELuTSnQcYzMiJqygIjIIjaync-eCDc55J7oQ7EInxpJ_09Yu3fdSLcmSlDJkCgMlxUOwb4-ONcnQz5sE2V_bxyo0JjmRsPcuIe_EayBs4MK671stj4TQ8k4o_oqj2gZkPSnOfnGxvAW_zm7zpZj7kS3A5KDY3o1LgIoLciPyDC--eC5bqHJpA7NMI_0NAcs3fKs5GghmFom9e7lcma13Yg9SmMP4BQ0pSA7RgFpVhPe4QdwUnR--QpDiVan6Yt4L8YPjmU2dXi_W6vXvpPUHvKtf_d8T55wprvevrI_F67ikMjMobaIF-RYAqCxnkyOA0UryJ4JkYCBlUZ7cgTB469fI_ejLdUjS1tn3PAlY_QMV0aNpW6aHzaAtOracmqPbNLUBawsTFczDV3E-9iW7_OY8G1Jlcllzaxg5wRvhn3DPKpWHO7g0nW-6ZLWCGyA5nL76WQHPZ9sk0sadpvs0VmxmwH97KctUM-OP83TsVFIiBzmrIa_kI4lkdyE6_BjJRJWGhLwEFV2DDgqP8z8Zz-Birn_ugjp5IPfEmxuXX1ZYhFmhFTCSPyv4GX878Sv8WhVWrqaVMXub84-NUWJE3b5ChKTv-V9TWa8MuiAATKVScOe3v-ZW22WJA1p-pmbB1eRiIPvKXKjdhAxg1Ur8JD3R2zdJ-ykGtFrbdj6APUTFq-6aM1_rp9EzkN4Nypze-REjCKxSgHhgzl_Hy_wNtdWGwN8Ko4Uplp9NI4wr9QYmvyxqSCLL4VCYZmOgwIxO1sxM18UGfjUjgtjO-wFmNhTeGL4xl6lf5t_eYf_tkhIWx3ijlCXGMF4SaCfDGgyBuOW-zBagU4vnTZOqRD-QVX6PYsPmcSwfps0eo7_Gwtu3nwszHyRMHAfBCwCrLt_T2wkHGQ64A7-V3wbeo-bWBGLlWUopi934w-i44-_DUuVEGUSZEiyo4KFrTr3RCotg0bve-02WaQ3VyKzWGJjC1NtCMN-XlrhTYHyzxvgRWgkL4gFrApiKJGhgHyxolRWRv5TO40S8kW0m8H3HT9qg5aKXx1HgdulBipvHYCaRhUOk1Y-EmnMMDud3tgU2AV263TJtw3mDRtsXugaRsoLTOYZapLpvV9Qbmwpy64vuFIS5J2M4qF70s-JcBOoQBdjlvJJpLWHEEw9eVFjXcA6pzjsjPROT85pWjINAN7vU6hmdSn52UPVELiE7kSmPH7vE8aanv5lf3pFZAU6rezg3n5hbaKXy8Oh66Smt6LobPxe__flLuKjAmQSiRSLrYJOtGprgc0q2IyqDZtBRB2jm8Y60vTOw1I_s9gpGJ3lPbpdiYmAbc2CMcLAUlNAF3BHNW-pBumWpT3V0ZyMjMcVV57luhKteQNVw2yYWzWstnUlF_1gQpJ5nvxvbt34exVhoUhK1oPwPUQZ0rLhqyoMLfuVT2lMRKZnhYLsEQv0GLneDokx5O3lQQ0xtsJRzXfiaX6CrmQyJoyUy32cdaRPL6IdaidtPa0zLKwNGpR-SVtop3qf00THDzO78YSrSoYLoxfnD73EA-BSs4vtYxza2sJ9VjtTj_rCR3mCt-1hJAWkfWLR_4uxEiTd5RHWOaWA-zsoj_-OmArjJBI-sg9plCpqsFGg3sSlEssdnU1JU4QdHHFSsmPfZtriA18C-UxjPvPYYlcFxjFqSYJYbcEfoupDUpa6CUUH3jPVyXmR19LC88YxxGqFMbZi_SzmzVkZXgIjBaZ38OJZCrKHICW9cUmufHlGDpsqbeyRywwVRoHpQv5yV9eQhnlz_YH5liMhPnXhczdPIsD7wol8NdV3vPcli9sHGGMvGM1FCMUmE0rJ0_9FOJjNy1iPW562CPiVy0brk4xH7TQPOjCSPBeiLUC900pEtYZ6ORIDl-Hf2H7xbJHrT_0XBPXZQPPE4YH6LedheuMOT_to6VRzgPUCMPIEAC_EGRlGPouRqvIbg_B7j_D-1c42h0y05ltxXmlNan-MSkUzGX5Dnw-WhR30_P168TGK_iXh3ggpqJgUQs_ABqAoVomD_LMTAYFGzvz3q2MbdefaN93WV-kg3bsvTVfuKGfn9ysj17kaEC4pdQDaJl_ey1H3a2T0Ye8U_w4ffn4S4frcOiFglXgEBFb8bQLYB5V3tn-7uJWYpi6vnYnWX96FNXMHXyplRZ3B2tmhW5IH7u4e0lL0nOuLurJhkKXbzMJ8rkUrOZEA9u-o-TEZnp8le7bZDxLkruOwV2ik_cY80DrFHT4wgpSGFG51mdHcIVAb3oV_6dssakJgFv5L8GsW7aVuL4KuWArjI4TBoNZcn3pYh3ZLCMtU9X2798_GolsYu8jeuf2FERODbYWWxJlrU5j5yHm7P57wKMOflsSl6rBEde6tpmXz1YZ3DWXEv0dDPkMdQakQdUtR0D4innktaU810DU2EEhWK9CtZlpbllWrg_wubNgwyKwcfXVRHp00p7BDj42-_89AoSMnibuJHyjLqjimefSAdnbYit7R7JrT9NtQY3Kx-BDA_M9xQ4irwK71cxRvHfPo8PqcMslky9E7kse8zplvXFO3F9wdBLBNf_OVRUBv58gxMFRX75U_wkCZChxFe-ZufCy9WiYQq6j4I3VSUZ37BnFd5vk6uLUHBShdESJ8GraGzBzvo3nY7MMeWO2S6l-RtNsVEYRxrnI8d00MJpij-Z-fNNaZbrkiB-La-8LjUOVTb3GBY_M4mmiiiOJite_oMa-E9RA3pbcjhuYaSRioiT_Occi2lSq04x6NsR8-Z8FMj9pkvYXG_Zd8f7_1i5Y-jSwDdbts0IKPfgPl3Fki49e-jQnymHO_H5fb-ORtxlw4ADnRGJ4sQf66qCGo-n47R0sxh3Gs00UjXJnC0gNNzQAkf99qczd2l15ubYB-jpSxmCOvRXTKryoLk_7B2SvXF4mH0G2Jy_jWdRcx7CiscRc03o3flBAvH7qV--Yp69Reg6krBJwJJ3geyXSELVCrU7c2O6z_ME0dKI8CmFk6wl5rtqC9H1WPyOgg29B9LCeo9z6h6nuzgyGrLTj70lYX93T2RdfacKqUEKmIazNu45J1v23oa5F9fn1YS1PAYVZBA8OMHYvMblXmmymeGtXWLFOfbXJd7wKKHQDvDbPTXMN-YmtY0c_YQvI1vd8LKucFheLBCptCBdFSOpwQfovLrVM8wtIa8cKrXoW62jT&cid=CAQSKQBygQiD-EHMGYIciy7DmIsvJRNaT2gOBLbOqud1wFOHOwEt0vCK6WHMGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=11692701704189960000&adk=3587751834&idt=43&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 35AB 30 KB
11 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:56:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:56:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 35AB 41 KB
13 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214492
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2AE9 17 KB
6 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AD27 1 KB
643 B 22ms
22ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37385
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Fri, 30 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame DE9C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68d4febc35b568c92ae19977d77959b1678585f177f76dce3ef3fe6c3c1b905f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 883D 17 KB
6 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 01:27:27 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F141 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37385
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Fri, 30 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 302B 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 40943b563f9b350f35607d10ee74e6b18af29d8370ff1e2bdd8cc1c5ba574ac4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame D95D
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEF0tLMhWt5lqL9QfLSljn5I&google_cver=1&google_push=ATf1kGMFH7-fsuDzSRGpyeJ8FMyA1nKSi8iLi72km0unqUfSasBr4x7WJ7If29p0Hmil-E5lcgGEdr1JJa-aBNLdsJja77BQkHPU_w
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzEyMzIzNzE0MzczOTg0MjY2Ng==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKpEHKAqhBtaHcJrMvt4Kbk&google_cver=1

43 B
398 B

28ms
28ms

Image
image/gif

2001:678:cb4:bbbb::11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKpEHKAqhBtaHcJrMvt4Kbk&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKpEHKAqhBtaHcJrMvt4Kbk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D95D
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFJ4kuWboT2tvSEcLvLKWQw&google_cver=1&google_push=ATf1kGNACq5ax7dzHytATZFuZiBMasZFeGawDYjAaUyRRQD9PhvAK_BVIzdy6pivNcOnuWkwiHZspYzT...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFJ4kuWboT2tvSEcLvLKWQw&google_cver=1&google_push=ATf1kGNACq5ax7dzHytATZFuZiBMasZFeGawDYjAaUyRRQD9PhvAK_BVIzdy6pivNcOnuWkwiHZ...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzOTU3MjQwNTI5NTI4NDY4Nw&google_push=ATf1kGNACq5ax7dzHytATZFuZiBMasZFeGawDYjAaUyRRQD9PhvAK_BVIzdy6pivNcOnuWkwiHZspY...

170 B
188 B

33ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzOTU3MjQwNTI5NTI4NDY4Nw&google_push=ATf1kGNACq5ax7dzHytATZFuZiBMasZFeGawDYjAaUyRRQD9PhvAK_BVIzdy6pivNcOnuWkwiHZspYzTBGVVjxCMK2XP1N9sq0-HRA

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzOTU3MjQwNTI5NTI4NDY4Nw&google_push=ATf1kGNACq5ax7dzHytATZFuZiBMasZFeGawDYjAaUyRRQD9PhvAK_BVIzdy6pivNcOnuWkwiHZspYzTBGVVjxCMK2XP1N9sq0-HRA
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame D95D 43 B
103 B 37ms
32ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEKOiCvzxx2vYD2sUzNE-lug&google_cver=1&google_push=ATf1kGNhDGvOU5rcXas3tP2bed18khMiVLhBESF7y5lnvdjhC0X4Ovw3B4HJseTDqaX1hUiRBP3KC-l4xAx4QVD16vMhBdWXOc6zLQ
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D95D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF8Wa52p1erYkmSjZJsphsA&google_cver=1&google_push=ATf1kGNPn-IampZY2pHIRFfMtbHiWpIRkZjRwe1sNfMTWx7bsM8laNgs-2wXbQTe-FC8bbiDbli...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpIVzlZS1UtNS0yUjI0&google_push=ATf1kGNPn-IampZY2pHIRFfMtbHiWpIRkZjRwe1sNfMTWx7bsM8laNgs-2wXbQTe-FC8bbiDbliY1aMQKBA7PRzZ875iJrBgNZvoOA

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpIVzlZS1UtNS0yUjI0&google_push=ATf1kGNPn-IampZY2pHIRFfMtbHiWpIRkZjRwe1sNfMTWx7bsM8laNgs-2wXbQTe-FC8bbiDbliY1aMQKBA7PRzZ875iJrBgNZvoOA

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpIVzlZS1UtNS0yUjI0&google_push=ATf1kGNPn-IampZY2pHIRFfMtbHiWpIRkZjRwe1sNfMTWx7bsM8laNgs-2wXbQTe-FC8bbiDbliY1aMQKBA7PRzZ875iJrBgNZvoOA
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D95D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELoD1nWQ1MOIi_BwUMSk52I&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELoD1nWQ1MOIi_BwUMSk52I&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=ATf1kGOLt3CFEUQIUlPmDOy2QWXeu9o1-_urh...

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELoD1nWQ1MOIi_BwUMSk52I&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=ATf1kGOLt3CFEUQIUlPmDOy2QWXeu9o1-_urhTFTQ2HQBKuQXvsD4ef8xOX3lz3Nky_Dfd0fUgDFu_QBUbnPmLcfTsJdgIf4kTMk

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELoD1nWQ1MOIi_BwUMSk52I&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=ATf1kGOLt3CFEUQIUlPmDOy2QWXeu9o1-_urhTFTQ2HQBKuQXvsD4ef8xOX3lz3Nky_Dfd0fUgDFu_QBUbnPmLcfTsJdgIf4kTMk
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame D95D 0
45 B 302ms
32ms Image
text/plain 185.86.139.104

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEIhw1R3bLwFFblmnr3nKgbg&google_cver=1&google_push=ATf1kGPpYVfPiT8f4gRPMJH5YkuvM8xA76YsjhmrSdu6STZ3AXs2YFFCRuv-m2bw5GdbIGGI33F94wHdH2RclBqVUAjNIFgendJkqQ
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.104 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame D95D 0
15 B 34ms
29ms Image
text/plain 3.75.62.37

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEP-JmPPqnWdgytllOnCdrT8&google_cver=1&google_push=ATf1kGMBfKpuQQMrSfHtPdEGGPjuONyp6VGqvcX0NjnYfP-jOZl6ywjMgwwS7IHE9nq6rtKcb3vY3BStxzSj6uM-a6esd4w7AUVr4w

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 -, , ASN (),

Reverse DNS

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D95D 0
12 B 36ms
33ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LKcSAh-vcbID_IS4oZpP5uuS-MX1Yl22XPpcOECK3C6HcvYxoU9yZDgIVyPAIFoNxRjuf0Rg

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/10454987525626607892/css/ Frame 54F7 6 KB
2 KB 24ms
24ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=g08B97Pq5C&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

543d48d1e079fcd974d371768fe777a8c842d99d2be67d10d2f0e946f4198ebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=g08B97Pq5C&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280943
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1560
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:04 GMT

GET
H3 200 Enabler_01_250.js
s0.2mdn.net/879366/ Frame 54F7 120 KB
0 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=g08B97Pq5C&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=g08B97Pq5C&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83862
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 02:09:45 GMT

GET logo.svg
s0.2mdn.net/sadbundle/10454987525626607892/img/ Frame 54F7 0
0

GET gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 54F7 0
0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1281 1 KB
643 B 24ms
22ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37385
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Fri, 30 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame CFC3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 756436a828bc505defd18315466851945565deab796a40a3836a3546e31e53b6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7151 1 KB
643 B 23ms
22ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37385
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Fri, 30 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 35AB 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 669c6af1e1d96ae08c4e17c5c91c248ca44d74d45816da80003f3c8efe85f651

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 5648818383791576392
s0.2mdn.net/simgad/ Frame 8E39 532 KB
532 KB 22ms
22ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5648818383791576392

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 23:35:48 GMT
x-content-type-options: nosniff
age: 438699
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 544482
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 23:35:48 GMT

GET
H3 200 14952963386359035714
s0.2mdn.net/simgad/ Frame 8E39 10 KB
10 KB 21ms
21ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14952963386359035714

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:13:04 GMT
x-content-type-options: nosniff
age: 472463
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 14:13:04 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8E39 42 B
63 B 44ms
43ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ca3sOvWRi2-wFHuVuFyWdzzoj0WI1LKBcyqcF2wtgzr6x2xSAHBu2agK2d_lzl-pb9CEdlHUktDhGCNihH8tC5VF5CPbK7QKJHL7P3zxVslxX9tdBC22JnBN3hM-uglE-OSWgwfCXKgRsikJvOSMrkHhrK9g&dbm_d=AKAmf-AKwNmt8_9GEHlseQuZs-TDtmKdS8qyXp_SPj8Jc_0l-KYdbUqNC_hGfLSSJH6HXg7hHDVxKoBzUKizZceZKsgkTcPRYxqFsOj19Q9C9fV-rW1WjAUboXYnK1_unP3VMZrcC91xutjEZvFfeyqxwME7o5wvaA3qvieWo3OoJexgR6SIIJ502NebKqAd5XXuIwilPvp8EHT-83VpdtnSGSZeLOyT2ads5-H1vHb3f06EdXWaSrE_-Z0BDocrxvR2L3LTXcYSGLlUg6Pwm4nYm2S6UCbmN8vOSQVHBEr2rhU2le2jDdOYG-EOfPezB44L4UMCnaYJ7DJR7SLBx0iaMmNVWGnM6jP8Ma04aIvLmQHMLZU7hbQ5tHY005WT8__vMBJJxfPHqtmGat0VBQ5qm-_PjIHAm7ePcJ72PpcV5JoOMmVrRhXepwHfJE1asoOcR5RziF-dj0FAdNPjXlup9S3Tag_HyAATy1EstPElVqsK9f__ZSGjc-17KaT2MDZQGZx_eIJrfL5MIefbGnKDkLWHZBYpLbDCcFlRAKru0b_j2OR0XeK1pX2O1HqcChsxjhd-yKstoBalPOTGp3FU3TzMmra4wvquqFs8Pw9hsiMcYyWeoaX451lQMpUwRN40MZ7BBF29PeTT902J0bIKNIJXw-OWjFrqT-SdKSjlMafRrbmRCKFXvL6rR3FWmJGFJSVMwOuW7wCqUFYgo3ebk8wlmKMSdkDR-Zggzq0OGipeFFpcWQd6fy8ZEiwtzEdL4TS6fitWSpHNZVvFGe4UsPyswVA0x4m7TGQ8Y5DFeNlfVwqrRF47v7dsDkLTKKOhWK8bewm0RlfvgqezllrvukeSzRUvP_bDKpEVF-YoPve2Tn8i0_2LCvR9DPkjm242bR8QV14emKe2dhVw998nc9P-FT8k87FKyqo3eJlRKTgmdd30kANIYWEZ5uTfyM2YUWUq8O-LkB8rnmSFEaa5I0k6zm7isFRnY7tpGWodXfFAoY9fLiToEaxk2z9aQ3H_mPrWD6yKNK78viLHkDo--rkbxvkFzqbDpkHMOKFB9rAekOc_Xou59DM9HD_84pUemPc-SRYb925ZraIXLrD2k2BEshkm_stmHjFdH4E42qJ9BXkEW-HtAJOSxur5S2hvfWDR-QC1u-4Q2_T4aYBeBB50BklMzmsM1I5Sv9Jl93xBXl6mgNuKdNqSjDAqMCYOqANLh3_0LbSW8BJThpqxCFYSc_t06IKmhlsxPlJiPxhiZ0RMwnH_ca8htStY2kFeh_LgYWyMUoVkz_OGVWviOrU7KLzHJi80ZWQnaAXNUVAXcsWVOAUQ5crrSM1hDfhGsnY0BE2q_qrsZ1eOYdYT_nAxr_Pd8M5CxqMsTqv8ggzX4ts1hGjqla8nkr4LVB5eh9Hj6YX1XbfzEXAcz0VD4w_8PO8IaPLOUhY9Aby-rmkhqv3iPh0OiixuuQcpQfnCmrmw9w_Epuy1fxD_tpdax2dDybUVI6Qv-F_gfbKx9d34ZRzhWN0NrKLgYmQVwPYObV08FnJUlSG6Jeh7BxgYIA75_0Psz1PcY7Hf-2PIPdtMHU2T55tLOttmKamfbEpITp2L5OUN0CyQOxl3cVNP4sP0n4ZwYsIvX1q0X3bzmzEKGc6pxGUQt10R_Xn0j4oUVcPB7JLMnxLNYylTw-fnrl9xfVS2gK4XFWeg7gkNtAihn9yI6HU-SMnyFU5AjxA_bPMEK3J_AIzebnTPC02HBHAdowJ8u0lf7Sl_uLpOf-XOveYxu0y7UQXdT4Ohr_87T3WU-wWfmYsfsdIOO_IpO1R-xLRuokUs0y46vM-jYaSEpYNuBMBPfI_JfzzcXsafACwTb9Eq26PZ6EbMUZubMVv-pAmMysNfqjSS7rLUxguzvYPIuzRPI_t7m9aV6k3JgZA4QLioz1Xi_NUyDf-RW36-dpdxCgWgDbNurPG3c9ho7W9tGw1j7F8Tl6TYwjP9JwoMcOQDejLrNwk7auMhZDg81mImwb6UTiDiw5Pcx7cLipLyIHcNwF9XSS9qduuvqa3GfgXu_fvQtV9zkx8UOBUIz_b-oJbc3ku2hJhSvtcoXkGlTtX14uCfVDwtQEr7rP7key1ks-LzIuI_2L30CyDIHSyTm4QKqivWjJoo1VPLsdFZpEqq9mKWXzbQ3t2yukUFcicwHUOq-b4vZak8WzsemQEg8lNP14BWZe5Gvl2Xzfqgv119uyuMFZPbpQ39E1QN715MlfDCaEprZX2tjTcO7QMv4Yqi9CKsLECNvCebE9on_xC85--z7EjNyN6oEK-4c2B9uE4kBP0Km9SwwAu-S_iYfTjfImoWg9JmLTwsSXdy6aQY6zb8mMLBy-cNncSjW4U9UOqIZUhXiLGejv9CYusZc3Pi3lrU9J-D6-wEhwx0BYZ7qqJUvloroGOkJyZjs6kKfXGeAOpwf3nQekKMIrcvspnsZpQwY4FXDkaRhS2pgaZZtLi_XE3YU9QPSonAw0faGMTnxeR__Crz2FRsdc8diqO59eeW_ltBBMGfsXF1gwyNz-Bbl1mhh1A2WV5BCI9cpHxB5xpl2NbM0Daw12ghB7pMgD_sE_KmATJg2JDQL-Zv0U21ZEmtzjqbnPWTVleHAx3I5W4rMHUuCazJTupkepkEnK-k4EwhLtyf5L0png7kJIoet8loAuoWYsZNcA87UtujbMoNNN43lz7xtBNSKhhdXGOF9VYCjeQZysbDlNCMknR4Q0pWy9YpjYPTBvMIYDhjam_6-SaOEvVvSTXOoPjaeVoBQ8xx9sH5Ynpi8jxecHiAYIoqIQzNWpKYt43OkVH8XxdQWUdh2f_oz8vk7D0uR7119YIb9aVpMjdP4ardNAopQNZO_piGXpWeUm7CH81h0tZsUO63OnMv-yzTzUylDh0NZfv1gjO1GkXhA0XMW8lUZDpsvfK5URa0B9Ds15uIWAUnZKY6gW5B-8efnA3YNG6QjWwbs1hESaTzeWv72xnDqlCJMgEWdwR2jyKPtjcKE-H80KSJRjTN4VX4d739PQdfZtojHeWX2NiTBvPoSGAUPtZ0DFcEhejh7U2_ttC6V1djFlNVF-x6T281ygSech8OinzZi0lTaxGLy3diMsmDFwhijPpp3d4G5_QB79rSWR3v8stu1dTvPa4HwKRlaTfqZJy5RhK0yquxr1ghy3TYQe2_hbw8IVUsTgnuPP4pJ5uF4dkwrMoVzmfrBlQxZpkQb5MfigYu4mZ5xdjb3qIUsFYAyCCkFYkhZcw19PfV3538yxaJafd0I0xxvNTUVBF4JWK5hUTzSXJ7VoVTtPsOEJxxWCTYxhN0adpqFBXBy0NrqFeGQfqXPo2XcuUvdkd9Q8mgKVlRar4Geb4&cid=CAQSKQBygQiDUgyP_bPN7Qarra2sFVAgkyLzWzDodGOx-KT0FavYvYh4HdrFGAE&dc_exteid=31139735555918883492188214205138317&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8E39 0
0 61ms
61ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C1l2Jfi-eZM2IMeiU9u8PqeacgA6X9tbmb7ebyK2NEcfJor3AARABIMCygmtgldK1gsQHoAHTqd35AsgBBqkC9dJygq47sj6oAwGqBNkBT9CAIppJGUDE4N7ZM3i9_eMu8v7KvY_c5ZdmsgQdByh8fLPohy5s7plC41Q8EYfxFf86nZClqdOOUnz_AISdhhZjrxWM3xzjSKjIZYrvI46HNhNazZ9ouMSgAUxX9IjhMzXYRcuJUnpoNshqdNEpNltETTRvJFv7D-JgD_M1WlbtTYeDihxvdgwdeEqPEDNNXe8ERQpJGP9kCdkIcjgBGmykWrFLQbBZ3X-pHQzU213-ciZjyF1dlUTyXJZDaxmnaWxgdbNDqm4gMew3cVKLmE9V19MvfM6Kh8AE8Pe7nK8E4AQDiAXO-ZuVSpIFBggbEAIYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AHldaihgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChDV9wQYtJHA5QHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsBsBPDvOMTyBOb7Y7iA9ATANgTDYgUAtgUAdAVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=8yIbnlRbpDU&uach_m=[UACH]&cid=CAQSKQBygQiDUgyP_bPN7Qarra2sFVAgkyLzWzDodGOx-KT0FavYvYh4HdrFGAE&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET visit.js
tps.doubleverify.com/ Frame BF07 0
0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 2644 42 B
64 B 67ms
67ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsur2P-OlbMU33LWA-GyswkirUHih25DqNzfm0YIuoCcQrWz0AJ-cPtAGBUFRBVHVpKpsK58Ck4lgUpGAtUKX-h5pHaiuXV42AqPAOMeBOvUd0ti2GKZe_BE7e_BY0p24dw3UAiQzzSky21T&sai=AMfl-YThUH5cTtm1YLED-PW87LM-6nusWDI_YuJoRA5X4aFEok18EXO5iJpdLJXRhkYepOSEJbUC47rgwP9mvBxrsO6FxCez7W2I90g&sig=Cg0ArKJSzAl52L5bOcM8EAE&cid=CAQSKQBygQiDOm0MmhTnFYddoFB9xMGYLRUnr9NogLboylQQBmGZJYgtoFFeGAE&id=lidar2&mcvt=1208&p=0,0,250,300&mtos=1208,1208,1208,1208,1208&tos=1208,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3413524557&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688088446551&rpt=283&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7CF9 0
26 B 63ms
63ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuM0ar6Gb78MRnWDpeFGQt4ymj6lMJJ_n6zYOg-SMwDjmB0ZxmUAFWPKFJNgmunxG4IflzQ9Xmgd_1haRN4i2Cx_xppspYvvY_IlSUMbChXd1x0gDhl7ZzCULpjA3aqq5-WV6I6j5PSy9mzWfa9CSPQmsYwT0LlVHNEDbSsxoDQ2bTt3nKFknn8IrT2vm5jryoft54U-0YKfBCLKA&sai=AMfl-YT2DuABgu9S1mPahILHmLKrcL16LWTzljmEKNbnvYN5H1TVQ5rv999I-W4QzGKgWqxVWgmpVRjcW8Ni34e_0NdJz0Skwdw3wmJAlqxWSm94Hs_VLsQndaEfE96PU86XwQ&sig=Cg0ArKJSzD2diP69xN0EEAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9589 0
26 B 63ms
63ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu4MrKbQhQDhRQNvl-CZKbXYR-UQTLnGolfszXHtpkb7L3QOAK7SyDClek92_eysrYLZHvuOl-ikd6kUdc4e_g7VvP5HlEUckgXYX-q9tflsRJztPpvpSnO1SYai4SeGeVofuLrTm49O6X4MXqfZddsbDvw87Vrv3hvnUW51ub24hNea89b3DaRJl997W105aJG_EEy_1IXepu_mQ&sai=AMfl-YQL3z7MTOf_8iHabOjHVUJzmErYRY3Pwqd6-kDn0giw4bBdmvbC2Sac8I3D3m5Bs4SGAfvNRZWWwlzJJt9bHvPY3VWxivrOQbXDpgMNXXvp5VD6-v7mSmj7v9fezpMdnQ&sig=Cg0ArKJSzIJwQNCeMWlaEAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 160x600.html
s0.2mdn.net/sadbundle/5793540040533475328/ Frame 5FA8 47 KB
12 KB 32ms
32ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=1XFLHHulsf&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:28 GMT
expires: Sat, 29 Jun 2024 01:27:28 GMT
last-modified: Wed, 15 Feb 2023 15:29:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DE9C 0
0 79ms
78ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuPuNxeOANcrNgLja-Asb42jtogVa5GXrqwx7F6iBrRG5U-migSASqXDX3LyQDKgF6Wxnypa2EblPVF1VgFo4NRBEUc_Fz0tuv_p7WthVLRPWADphzeM0E4Xji3ygYQVKPkbRMEkUmOWCnVDyLqC9r9qwfZgnerFQ9-Zkr1BCD1D5CSnTE-aMJaF0N8c5gT3Bevo8jN7jrzEd-qCa8woBptvXnASjOjhw6lKNiruD3F2AcOccxa9uUPAgkekXoegHYzE9t5Wkx8sGgXCwbkX1wMs83DsBlj1dFLABvNWltP1TR73sWyb35gO0eMdR-f6JEbZnrzzGAH14QEeKDHsXSQpPYBCtziAKVfbcIkAFxHYbAF5uLJhgy63W2TuBH_BD9lP6b9V4ZJ0U-IzTCo4FkEw-9sujIdv7ELe9qDCtX3TyPj_atJFCeILNLR98lNNMw8Mze1ZV3OCGojSHXjSmk3Hjoer-qkJvyYilqjTHXdwp8VLjnbP5HL9tLR7U813yOSBO9AITlaPU9AvbUhCYpZolrhepI0taa_iLfPgFLRt2rEkAMyM5zYMAzcq-FDpBxb0HGywzM8L4X1xfxJmvbLKOIxqquMaky_kFFVIlqOKW51ee8XBbyL_nRHxDOmOXwPE0c44hrUhtxSzVeRjuGR1tQsuDcYd2Fh6KPSgLshKXH8y-TzrG2gx0iRCd2bupPn_IK3yPIe4LDJEIGO5ZFATVuqQ4JkBS8gc9-hoVOw6JemNmTRBOjRk2d6JG6UiA8XYjcGjvOYNRQdfD4YllkdRJoUO0y2iP6vAC84YND25pBhV4Jjdexk4Ww0Ft6D3R0VJQJSnfWsmMQTkBmsMnbVbtX1It84vGGpBjkBSdgzZzUpGIg6WJ1D7gRVzaaS7-q0LMZnWzFsDdjdHge5yoDbUQSW1sv1FXGr4RTQj3GTGjQ6uVAo8Q9XzLlxxsS3yKSob012RSTuyUghGlASsP2nHiBW74Ri76epxqaM5kr9nMqLLrjHkovpK3n1km4NWPIo0TsmHc8044BllOD3dDbm_-Qf2-si_ySn7OCkhjk7epTuZl8GqaHisHFcT2a_YQDOk9U5Bu4VX6H2fYh3f84__6xfFU0vnPD14UCJN05PHCW7GpUR55iv2IVXbQufCySxRy_Bvp-Q-ZrhvS-QieM_WjkbzHvPtcIb_zx_Xsg2pBnz0dpGuZcDqujUTw_CmX28LHoPGM9K2VdnPxA1xSOD_rvR60gWs007DMLyf5WjWnep1NWpZ5QDKa3atrKg5b3eS1et7zn_pvtZ5v9elxuxs5-wJZxn1mly6GGTOB3iE-Sbenk7syv77EJT_cuuW7aY1lbLSj4_KXOD8w&sai=AMfl-YSYBgva0RISQWLTOsOaYi40H9twv-iBMTCQjr645GznVeF8-KIlREo2VAb3bKBnRp6pyZ159XUQR-xU6B3BTebSOVaPiWF4Ds1utoXaRR7_e7RE9P-6EDfUMBHSq2rpbt_NvjgrneFYdHn2JYzuNDR0q9iWSnVnwhVXhtIbmgOuCpAG01bBUCHM7BLY1pKY4UFClszu4P_fdmwkYPqCXeJWD-WkVYmqU-zDXA&sig=Cg0ArKJSzOvhcJ-44xA4EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=479&cbvp=1&cstd=473&cisv=r20230627.31451&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 01:27:28 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:28 GMT

GET
H/1.1 200
OK request.php
hal900011.redintelligence.net/ Frame 1B29 3 KB
2 KB 165ms
96ms Script
application/x-javascript 138.201.64.38

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900011.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=81494ea125&subid=&uid=6111c2fc7b3dbc2e&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DqE7lJorNfoIV5Z4OgUWzPw%26exch_seat%3D20035004448%26mt_aid%3D7593337796467216459%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_cid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=9820169456400&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=7593337796467216459&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DqE7lJorNfoIV5Z4OgUWzPw%26exch_seat%3D20035004448%26mt_aid%3D7593337796467216459%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_cid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:28 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 44241100007543700951389012371011
Connection: close
Content-Length: 1121
Expires: Fri, 30 Jun 2023 02:27:28 +0200

GET
H3 200 160x600.html
s0.2mdn.net/sadbundle/5793540040533475328/ Frame 8232 47 KB
12 KB 30ms
30ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=SaBtOB96NW&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:28 GMT
expires: Sat, 29 Jun 2024 01:27:28 GMT
last-modified: Wed, 15 Feb 2023 15:29:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CFC3 0
0 77ms
77ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsufUxxF8H4Ewr1VDJ-n6HaNLcckAQnEH0M9_GHK9P2kWijQ60PpZLlfiYaW82rilktIOR3cPmIEqf-fsNvqGhiAWQH5Jm5rn3Ll8C5SWh6AuYbMDHJbJ24crXbAq8XQQ6uIqoAnddIRU4TR5_a6hTZKvBmkVVCQc-qvsWGl__tAx2OxFdCxTWx4-WzBayB9OnrsS5djuJG1p8vu7u-Q9mWczT4wD52eCby7DSlj_dlheDQh-uaP-HiJtYkoDzlyM9UBgl8wEF_avS9jf084pUjvZ2VUoDGn5kuYw8o2Bpfq2flLxR3lHvPYoI_SvhOCH_Q6kvNmPm3638C-EJm3Rs6__dGJQRnCw0q_ibyrbspIbfnutX9eLMQh41N2uh-fRntL1XkadkiusHXNTx2a_ye3IxUInnEfDCDDFPKiIYh9wFVQORDPo4uJf5VPK47plqhlitFS2iwHnfeUDLWWWlBQ4pxPF7lYU50vVuUCw7VkRB6quIQInqOOQd2mYFAkADk7Ick2AEHSBpJ_DP8TYNbVmqi4tx6D3hwSMwXCQTvBYm-Kx9ApY72f_FN49EZJhTkOsk1BK0x_7bD_3vu0UAWx0pwEKir0mIq7xyFMrIAS4_ya-GeWXagQ_0Zlm_B_xj2Yl1BJooD2Oafn_8cRESq5Af5dmE2zeydsKh9fGm8tT1JdPZK4q5bAb3SpbYOPqoU2C0kvb6vDu5henKY1xquQmT5R6gcvGMim1WqhHJx8AL5ZafsTP0J5NUhV1sxxtWfx1jN0Tmg4D4mrnCFmyx8maG3n9G5Sve07en9X9ZBwWK8zFe40OClR5fKNjDeol2IQ4NNlIE5855BRo6jtIz_ra9F7jgGzF0tKnCoW_gxUiOCRvnDQOxedsgkxK4i28BEVc025Ti7jBnEssRYpj7FoN9vUswksIik72VLeLZ5LtLJMVLT0l5_y7pE3l5iBaKJSL36mAFzx0DiHNTTAJlHs_yaWByLLbEHcKj9fTU4yIV96cYjYAVqslrqZraTWQxHz-WjqxWxNsF22VYCJaS8pjtq8eCHwFRiO6zO0EmUATK4HT2I5M7Ft2cKwFJfTj922QrUIuI-3FL9wd8zC2i-MSQHneeZB-IZ5GoG7wnDVE79lmMATPn9cZjRPOp8OJrCbUrNVzeQP5qhfj-DjlFgBtt_pXPif3BRchke2Ild9G10dCDQtbKSn1M4w7u21cz_tT2TZoHBdBOnQgLr7PPku967cY7cBv_i3HQpugQihSK3qiiqatrk8n2dYeKo3tChl5EuaShOG_wte0w92tNAhrtlhANEgww6X481DES918DENTO0XfyDbokZi0iHDdpJHIetjTvqXojQIZQ&sai=AMfl-YRLCK2KeK6xg4t9rmMqRkggXIrZnYuGAFztUof5_puN8EYRv4sMLj_m5YG17a3KjffrJSrBwhT50Quk5OJFrQZagan1rFtaqb8Mq3V4wEHo9vg5GYF3C7JKz1qYx5YNcWLXPU6e-PCBwhD5SMeQPP4LzDVG3FKEtW_ioVJ_VigpDJLvwhsqjflfTy0aR-3sU1q-zX1xRooHTEMxeGC_HJuID9yeHF3KWmedqw&sig=Cg0ArKJSzIs7RoXXemABEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=492&cbvp=1&cstd=486&cisv=r20230627.02125&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 01:27:28 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:28 GMT

GET
H3 200 s
googleads.g.doubleclick.net/pagead/drt/ Frame 2599 143 B
166 B 25ms
23ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 656
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:16:32 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 72A8 1 KB
643 B 22ms
22ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37386
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Fri, 30 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js Show response
pagead2.googlesyndication.com/bg/ Frame 7611 37 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6c4f7a3d487b7ff022968992263a5783a6373fac408f2185053c4937fbb4fc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:22:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 198279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:22:49 GMT

GET
H2

200

4a.js
static.adsafeprotected.com/ Frame 302B
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/4.js?ias_dspID=64&adContainerId=brand_safety_fy-eZOOgG6e7x_AP5cOPqAU&cbFunctionName=goog_wrapCb_fy-eZOOgG6e7x_AP5cOPqAU&true_pb=&adsafe_pb=htt...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

32ms
23ms

Script
application/javascript

2600:9000:223f:9000:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:223f:9000:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 17:26:17 GMT
x-amz-version-id: Jti0WeteGIKG9newnPxZCBdJAJGT_BOt
content-encoding: gzip
via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 288072
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 26 Jun 2023 17:26:14 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: rXj45YH0BOEWY7t2zNQ2EP3Dk1_8P14AWPenjJU2PEv_yoZi7f9KVA==

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: nginx
x-server-name: app12.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame E1CA 91 KB
23 KB 25ms
25ms Script
application/javascript 2600:9000:223f:9000:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:9000:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 24313872
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: Y6LRsFq2m1Oc8Oe-myLO4ntjdtuyJ40CSenDFmUoTFb_xMMH29RpuA==

GET
DATA 200
OK truncated
/ Frame 8E39 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e40f3d031801d70ac0a6e1d53d439508a3a0f1037ffe32e6bf1c1755b447588

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame AD27 0
104 B 250ms
66ms Image
text/plain 2a02:fa8:8806:12::1400

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEIOr9tDxfNR0NJWWo1pFsHk&google_cver=1&google_push=AaAOQGGNBIavAUJ0OV5k9J3pIzxxcZ1iX9bqZeN_zF4-dWW4T-gzOzo9R6zM0fAhNcXXw49aQYzIiE1-nNjbRXHshgpv6uRwr6I
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET i.match
a.tribalfusion.com/ Frame AD27 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AD27
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEH1vPb_r8HR1BjW3gXQ5CRQ&google_cver=1&google_push=AaAOQGHTDruMNoL0azSL4zLlbb4zSnOnUt9GQfOZzPYtTRT3a-1hOnDJJF11xOYa9uGleCrv1xL...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpIVzlZVlYtMy0yTkRQ&google_push=AaAOQGHTDruMNoL0azSL4zLlbb4zSnOnUt9GQfOZzPYtTRT3a-1hOnDJJF11xOYa9uGleCrv1xLNvQybsJqnScYbbK1ShwBTjX4

170 B
188 B

39ms
39ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpIVzlZVlYtMy0yTkRQ&google_push=AaAOQGHTDruMNoL0azSL4zLlbb4zSnOnUt9GQfOZzPYtTRT3a-1hOnDJJF11xOYa9uGleCrv1xLNvQybsJqnScYbbK1ShwBTjX4

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpIVzlZVlYtMy0yTkRQ&google_push=AaAOQGHTDruMNoL0azSL4zLlbb4zSnOnUt9GQfOZzPYtTRT3a-1hOnDJJF11xOYa9uGleCrv1xLNvQybsJqnScYbbK1ShwBTjX4
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AD27
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOsdG3c_UcJpW8TgvC3xU_E&google_cver=1&google_push=AaAOQGG0oM3g2J39rtCl7l6dmHLaIZ8mKhFrEzfCsDLXYE7H-1K2VnQWaBW7AjzOcAdEEzCjgmmmjRgRWQpYOgCzV...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGG0oM3g2J39rtCl7l6dmHLaIZ8mKhFrEzfCsDLXYE7H-1K2VnQWaBW7AjzOcAdEEzCjgmmmjRgRWQpYOgCzV-0F-Vc-hRs&google_hm=G5lXrGZH_7e4ODl9St6gVE8n

170 B
188 B

39ms
39ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGG0oM3g2J39rtCl7l6dmHLaIZ8mKhFrEzfCsDLXYE7H-1K2VnQWaBW7AjzOcAdEEzCjgmmmjRgRWQpYOgCzV-0F-Vc-hRs&google_hm=G5lXrGZH_7e4ODl9St6gVE8n

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 01:27:28 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGG0oM3g2J39rtCl7l6dmHLaIZ8mKhFrEzfCsDLXYE7H-1K2VnQWaBW7AjzOcAdEEzCjgmmmjRgRWQpYOgCzV-0F-Vc-hRs&google_hm=G5lXrGZH_7e4ODl9St6gVE8n
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AD27
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJ7YWOs4ZG8BuTe5Pij-oCk&google_cver=1&google_push=AaAOQGHg8-xwUCeSQKFyWgSFpldTkxDyxC6ZqtZwWfJnAw1IMVRV1eCpoK-qh6hoiW4KRwyXkw7OCeLsQXsy...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGHg8-xwUCeSQKFyWgSFpldTkxDyxC6ZqtZwWfJnAw1IMVRV1eCpoK-qh6hoiW4KRwyXkw7OCeLsQXsyBnaQfjngHRxrRlA

170 B
188 B

39ms
39ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGHg8-xwUCeSQKFyWgSFpldTkxDyxC6ZqtZwWfJnAw1IMVRV1eCpoK-qh6hoiW4KRwyXkw7OCeLsQXsyBnaQfjngHRxrRlA

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGHg8-xwUCeSQKFyWgSFpldTkxDyxC6ZqtZwWfJnAw1IMVRV1eCpoK-qh6hoiW4KRwyXkw7OCeLsQXsyBnaQfjngHRxrRlA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET

RX-fe70c67b-cc49-4510-b52b-8ba5f8343fe4-003
sync.targeting.unrulymedia.com/csync/ Frame AD27
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEC...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGHjCUkemd9sMcgJVup0JnnC5uLDJ2Y2cfDYGjybo69ZcAWHz_Qgpwk2MyaUBTaWk5kkV4k8cevoq-8bHCAMFWFPdsukBFg&redir=https%3A%2F%2Fcm.g.double...
https://sync.targeting.unrulymedia.com/csync/RX-fe70c67b-cc49-4510-b52b-8ba5f8343fe4-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHjCUkemd9sMcgJVup0J...

0
0

GET gob
sync.inmobi.com/ Frame AD27 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame AD27 0
12 B 31ms
30ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IR-q6Dn_7eulT9XH2sc3Cj7reuEORUy1wN_qI-_yVGdI2P-z3OXUUceRAAmeIlVLTTaPv2hg

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html
s0.2mdn.net/sadbundle/8665997961098057607/1685968291221/ Frame 61E3 4 KB
2 KB 31ms
31ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8665997961098057607/1685968291221/index.html?e=69&leftOffset=0&topOffset=0&c=JbsmRnnhMj&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1593
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:28 GMT
expires: Sat, 29 Jun 2024 01:27:28 GMT
last-modified: Mon, 05 Jun 2023 12:31:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 35AB 0
0 69ms
68ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvtl1z2y7wLQnQrLkeQ9QC7ivZy97s3uThHXV-fc3CynQXdqApbCKlKh1eXNXcIS_GpFhMLSSlAGanoM12A7jaSRVpHx-itjl5cGmaIT2TNfIGq_25oiuIdclLryQNiOiIQYLgTCP3HBgkh-yVoqORX2t2soINE4IBfKkSDiGrLlDv6WBbWY9__qAiIKOPQGq-WU_eTJJUrSGlsAeT_K_VedR2NwyN6Lg_W-uFnnvpH3vzQVONkvs9R7iahmMKvH5j4Ibp5-ELfLSe1yxXirGXANATR3SSORBzNh7fRDgiFoaTo-WMyxLF1Cy4nnLGnI52fCh8kcoSqC5bLe_RTIaqreFeQKMNBmeBx8E8-qMSupS6ZIJvNhc9cGVxLNb2-UqP2HV_JQrwbfgrsepYRduM3glxM1AgZt_H5KyEJhJDO2DrjZj-zicowheegr8mJ84zZegdQCKW_620l6wBXjsBQjMrWfh4qcnY2WT0GGux8Rs9WvEyM4LRjjNtQJVNNyvaEgnLDkfcUFOi8PfeaiqrtoHt-I41dqRydQOpC1RYfzkzysaoT-RIWTSxPL3d7IrnAe6vr1S8endMLDdznXL_eHoBZ1rWVOAm9SnWqr4EmBjf4FNGtSEg1tXHGShWq_8ANX8ftB9fLo_oratLjzXLomx75midCKkbLQHQbSTze-RSmoqEykiU-5fjv4hdGBjzM98cHIPNH5LXRzedjD_jEG7RdIR57Z-FIQe_sn8bgfX0gIOOKMSqMCVXeOcLix9nOEdlMf7B80H8Km-garYmEWRqnbkeTAsV3OhkNqS-jIhSG5pl8bAw3TsLcTa-DRiBosjSIv5nn9pZlpRHKnUmBbTw-avz4Fe_phKJsTvqmoB5H2qaq5d0s851g46-4hB2AjRmfIbOHZK4AvPMlpkSMfu5T6f106US9tKXCaMfB_ocYEEeqxNYyx1fhYyzgedrKZWW1XNBt05nMZdATlZTWK0O1XAXHNxNuayubhruvMBSuKdl4Z6rrslPO6GcXHPEz9AP_yvGZFrBpnM5LAcXeschjD9dwik39btmOaTKBYvKtyuueboh_WFw72U4QkR1W6TSurzfFIX7sSOCcQzszdjsDNyhAysDvPucCPAiK5veu_w9tekv6Ba9ee1oQRgxd1KhyG-II-VeVG7rUD0x0Veve2YgxIJtz0_MwtRfi1eiHeC1FW6pzPsNdGjsm62-_F2vDRALfy07iryfY3_8TMUwONw3IVFK5iWI8kbO-kxQ-qKYdAINfPCPUBLzONyQ4wbIhMAJ7-jmQCl6UZbGGbpMYCWai&sai=AMfl-YSABno8rWjdaST8DZ9Mc5Wp2tgPGdiqR6nTv1CcClJolgIDWqLaMbaELuok-cM-5yeVpivQPGAK29S2RJoqxRw2lgsBg3LUMo03rGO4xvgZAFdiSwKw6GPgfE81zYEPHzFB0_SzdG4JfKPRZBnv2LRDoWm1zi5sNYSH5EV_5tSwfwXi3hRqiHYOyG4kEh5YumfBCdbiVwBH&sig=Cg0ArKJSzBYSwTWqtglNEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=563&cbvp=1&cstd=556&cisv=r20230627.95112&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 01:27:28 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:28 GMT

GET event
samsung-germany.demdex.net/ Frame 35AB 0
0

GET tman.cgi
pfa.levexis.com/samsungde/ Frame 35AB 0
0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9589 0
0 61ms
61ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst7GVuWX0czL-wZy576vfkekq6V9aoIMeKI4-r7ulfda73QyItMLsBByiF6q8wgW4iq5_3nxT_TNNYQgnlCMuyQ6hCZ0mm1t5R6JNwFpjSxEWXMe2t_WG_IdbzHXZXa6xRETz5W8SB9yAgMKU7umgj9oTUcLjyAkZv1Df3mTv6jttO7U0Sbf5OpCsNYcQ3Cy2ue5RCZ5Jy4w5YvkPkow91VGfeo-1CSRW2gYy6DJ1l43UzPdkcSVEXSdgi7I9cKfTqM4n3VME_2JZ-GYkZ8fDaqXgFvvFbPg6FOxAhktc7G1p3gASozUdfK1ofyHrILx8_vU9Z6NIhnTrpyFQgoRnC_3KVTJ8UHWEoeRl_QB7ArXbiJG4QKJIdZWXtVpkhwIZlBH3Gh_2ERboygd-PIyVAeCyicMd7rkF7YUKy-ZGetg403o5vN3kdxsC-7T34RS2XzV6ehm4uGdZpbibB2kjpEEdZnPR2qU1Tzq8gxIE7paPPoE7dNC3dDv8d2gfHoBks4u5V-pAq067Djcsj4M_srjIve-TLGnKT92Xbo4EWUkaCIYdElQiWUaJYXcP1r7touGRBRjMDeoaZLMuVB4Xhrdr1OSdE1224d7XsjcXfLF4qxe0UJgjFI79PQhsR-izMKncHHvydSNyb90WcLKydaNZP6viAcgseFlY-gC-6BLQr6sXmtjJohCk7sZEEdPLsCleVDYDbBvINWPnXJSGtZh-Nmwrlp8XHGs6vwrPBvt1XImSSQNMUGJjipA7zj9WWAU4zFKTMA7EhoH6X-Vf07cV6fWJzx8fGQayU25j4hYRHa88OKuKUUSX7JdHSPKYAF6XJtJ414Ik_KYsMZ-U5kXVNE83Uo-3ZEOnXAnUY5pTsCYsDx4WUJYU6tStiv-70pQvVHzXGQlQj6NIKifxShHW3Y1qHzIZ4A1cta66OpkPnpRd5p8vrnn_dFmn0bz-N3UTo4viibIWnhF_c_QcNaU7EnbSG_-LyW7n_L29wjzzUVYmfX9QvCFAizba8XRFOgEMcprCZ1YFD5iCbtzoNKhqN7DRJ-ieDpzj4MEIdw9gffDXsCmEbYOVv0ac4TPPLnorbcBWgAXH1fL2dhKWv55ZcJEPIlXvqm5ewWiUhw6k5s-j-mN10JtAYnhP1T5j6_R5Uii1s2sLChoneEpj-4KaH_sLMi89CZAHL6wB5HbCpdub8qyqjC4clGa91irHRjgO9vCQyb4nr-eaLs1NZP3uRFmV-SfrbQgyjmZFf27PRdfze3DkhugHpDFhVfMHFgU9tolCfICTAsR8Dxs0XmPUnnASYfhlISBwpEaqDkskx4epjdqG1G7r1qbksjs3GWg8Xm&sai=AMfl-YRWYjGJe0CBbYas0_hOKvFEHU1Zz1O5Ty1HwYSxUd9bKpviOBvxqhXTUB16hijebmfCJ_NTCHaonc0Yc4LKZjn1tQQ9QcXb-e956CIa-nQbZRR0KkdjRBDlwZ8rH1MdEHNmnCGDLRA-il3zP7pKVW_wUbyLmwv2dvI_zFyU8G0L_D5ruNrNIGdSClR2Pp87TT-j5A3R3gG2fTsGGZCmY46ZpOgbX6OUFZZlZw&sig=Cg0ArKJSzOUgrjvK9B59EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=993&vt=11&dtpt=623&dett=4&cstd=362&cisv=r20230627.66192&vwbs=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 01:27:28 GMT

GET 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame A7B1 0
0

GET

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame F141
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENcCSHhNzlWUKJhMWz4bEUQ&google_cver=1&google_push=AaAOQGF1Y6VXvtSX4G8LHagjgzzUMtqL2829GabCYEp6JE1Kq8kS6UKGnCD7-lbIlDA20hfFJW3Wa2DfjUq5thzk1qK6lTqsgtU
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzEyMzIzNzE0MzczOTg0MjY2Ng==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKpEHKAqhBtaHcJrMvt4Kbk&google_cver=1

0
0

GET
H2 200 dpixel
cms.quantserve.com/ Frame F141 35 B
463 B 187ms
23ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECxegV_ljfaKlKkqRXHypkc&google_cver=1&google_push=AaAOQGEbrly5d25-mLmyyKICAhfDWBTyIKMhkCeJkz4Q-btr7bwrWF4FRvUdgKYe89asO0_ykpNmkBREl98HILZVSFd-LYhoG8I

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F141
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

38ms
37ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHMv2hUjCQJTqOVl1Bu5nubuTDgRJ68aJZKZfZjEV8c8zqTNGcAVo2j__rJ7LwZ06Gi5HNl_HuvKL7OvOD_K3TtgE4Zr6E

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHMv2hUjCQJTqOVl1Bu5nubuTDgRJ68aJZKZfZjEV8c8zqTNGcAVo2j__rJ7LwZ06Gi5HNl_HuvKL7OvOD_K3TtgE4Zr6E
date: Fri, 30 Jun 2023 01:27:28 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F141
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=AaAOQGH3LvoMScyGC9f76TEdMxmYu8x6yD5NL...

170 B
188 B

38ms
36ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=AaAOQGH3LvoMScyGC9f76TEdMxmYu8x6yD5NLtNVWVCNVIH9aUcFrqcQ6LewwBC8SZ9FxJb2257CG91ejxHfIiMP20DfHbv7wNg

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 01:27:28 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECi3bGqCK_XqVXb2-FBfGyQ&google_hm=ZJ4vfs7_Dx1DDVUtuRPq1QAAFCMAAAAB&google_nid=index&google_push=AaAOQGH3LvoMScyGC9f76TEdMxmYu8x6yD5NLtNVWVCNVIH9aUcFrqcQ6LewwBC8SZ9FxJb2257CG91ejxHfIiMP20DfHbv7wNg
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F141
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED_fH7NGvD5H73ZF-sARbm8&google_cver=1&google_push=AaAOQGEiOa0hMUVh7vLWvJZvRQ-seQADTnqdiRJDlyGJ_GaEGa3EDCndx9FnXom0jwyiX5YYIw_5NhKdif5HIp_KF-Ejgd_o9A
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=AaAOQGEiOa0hMUVh7vLWvJZvRQ-seQADTnqdiRJDlyGJ_GaEGa3EDCndx9FnXom0...

170 B
188 B

37ms
36ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=AaAOQGEiOa0hMUVh7vLWvJZvRQ-seQADTnqdiRJDlyGJ_GaEGa3EDCndx9FnXom0jwyiX5YYIw_5NhKdif5HIp_KF-Ejgd_o9A

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=AaAOQGEiOa0hMUVh7vLWvJZvRQ-seQADTnqdiRJDlyGJ_GaEGa3EDCndx9FnXom0jwyiX5YYIw_5NhKdif5HIp_KF-Ejgd_o9A
date: Fri, 30 Jun 2023 01:27:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F141
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEDbQpFM5uSfJXOjrqYyX0PI&google_cver=1&google_push=AaAOQGEeMrNoRZmvg...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D&google_gid=CAESEDbQpFM5uSfJXOjrqYyX0PI&google_cver=1&google_push=AaAOQGEeMrNoRZmvgwrr-GVidQ7ByTT1OC...

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D&google_gid=CAESEDbQpFM5uSfJXOjrqYyX0PI&google_cver=1&google_push=AaAOQGEeMrNoRZmvgwrr-GVidQ7ByTT1OChs5h-455UQxbn-iWqHDUoVDM_COIMI-4E1_0NOEgPgoajBKAY8n-yik4ftoGTkLPLy

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 01:27:28 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.215.131; 217.114.215.131; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d73871c4-32bb-4ebe-8b1d-6e6155b12db0
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTg0MzUyMTY1MzM2NjgzMzg0OA%3D%3D&google_gid=CAESEDbQpFM5uSfJXOjrqYyX0PI&google_cver=1&google_push=AaAOQGEeMrNoRZmvgwrr-GVidQ7ByTT1OChs5h-455UQxbn-iWqHDUoVDM_COIMI-4E1_0NOEgPgoajBKAY8n-yik4ftoGTkLPLy
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame F141
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEJ_YNTLbr...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEJ_...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=0d4bd23a-4883-46f1-906b-67c8ec2a4ffe&%%GOOGLE_PUSH_PAIR%%

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame F141 0
12 B 31ms
31ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KPayCrcwkEjdpx3ubprCbwWT0BxKqMrKVIg37XIpf6yX_pek1CFMzY0TAdAZNL85fi_VuRnjk

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js
pagead2.googlesyndication.com/bg/ Frame 8820 37 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9sT3o9SHt_8CKWiZImOleDpjc_rECPIYUFPEk3-7T8E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:22:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 198279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:22:49 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 7CF9 43 B
215 B 114ms
114ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=561d10e5-3294-8cc2-4fc0-20c0b8158d58&tv=%7Bc:gYQCXg,pingTime:-10,time:1018,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xOTggU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1688088448274%7C%7Cd665fdbdfa7f540d7df9630fb05660f8%7C%7Cdc0a08e416cd7f8471c71ad711523ca3%7C%7C2bf5898094a53b4ad4eec1b3f050b7a1%7C%7C5fd521658bae8ebe95393a02bf72583a%7C%7C9480f871fb6091d26d4162b4fd1c4f6a%7C%7Ce5649a1d72d4d89586d762006f26afe0%7C%7C53184ccbace1079f42a821b8fce33fad%7C%7C1663701684,im:%7Bpci:%7Btdr:234%7D,imprf:%7Bttecl:1211,ecd:337,tsecr:451%7D%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET

pixel
cm.g.doubleclick.net/ Frame 1281
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEKz8_-yMRrvWQX2XWDjhRTE&google_push=AaAOQGEaHclfVvgQN24D_nRM-4O0VxKKmxtkjTGP2YPTzSCmXoI1dgBCZJ...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1281
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESENS4bvpiPjcVhXR_nq-ieQ0&google_cver=1&google_push=AaAOQGEYiZXdCfQwGpL3eG8DI4jnuSjEu0q3Iv488V8r_Bx4Gjg5DeLV9GwJvphP9pILgKOtBwYtXV8s62Mwdy4k...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=MxolpnslRNOgpcyTMzBxrg2&google_push=AaAOQGEYiZXdCfQwGpL3eG8DI4jnuSjEu0q3Iv488V8r_Bx4Gjg5DeLV9GwJvphP9pILgKOtBwYtXV8s62Mwdy4kfEEjCybg9hS5

170 B
188 B

36ms
35ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=MxolpnslRNOgpcyTMzBxrg2&google_push=AaAOQGEYiZXdCfQwGpL3eG8DI4jnuSjEu0q3Iv488V8r_Bx4Gjg5DeLV9GwJvphP9pILgKOtBwYtXV8s62Mwdy4kfEEjCybg9hS5

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 01:27:28 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=MxolpnslRNOgpcyTMzBxrg2&google_push=AaAOQGEYiZXdCfQwGpL3eG8DI4jnuSjEu0q3Iv488V8r_Bx4Gjg5DeLV9GwJvphP9pILgKOtBwYtXV8s62Mwdy4kfEEjCybg9hS5
x-host: tde-deliveryengine-production-7c97bc8457-jcsqm
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET

pixel
cm.g.doubleclick.net/ Frame 1281
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESENWtTNNmy9KB5FcLLAJ7R_I&google_cver=1&google_push=AaAOQGHylWy9H_0XW5xYNdiNiye_uJQV6fyXYLEaXxpB7kgzwXfWwDVWBDCT3nJDL47NvZhkTf5bUEtTMQhnKZUJjR9Y...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESENWtTNNmy9KB5FcLLAJ7R_I&google_cver=1&google_push=AaAOQGHylWy9H_0XW5xYNdiNiye_uJQV6fyXYLEaXxpB7kgzwXfWwDVWBDCT3nJDL47NvZhkTf5bUEtTMQhnKZ...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHylWy9H_0XW5xYNdiNiye_uJQV6fyXYLEaXxpB7kgzwXfWwDVWBDCT3nJDL47NvZhkTf5bUEtTMQhnKZUJjR9YyYsaBaU&google_hm=DUvSOkiDRvGQa2fI7CpP_g==

0
0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 1281 43 B
58 B 30ms
29ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEPd2xJ2EJNoLxIkpUgyQOok&google_cver=1&google_push=AaAOQGHpfQdZdASwWYzjOHiAEv32TLdn4kbLhIAM40o03Kjgxgvnl-6FCnueI4oPlX9zJbCBjltsPvD4awMBrOY_e2iBx9mWsucw
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1281
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEEwryK86CySvt-Zaefj7iE0&google_cver=1&google_push=AaAOQGGWEq8BGPhau7mARtxaFgE9wxLiQ9m1bFuEumwRmeNS4k0JnX0Ds-ZCsuHbR7tVy7Ys8vLvrmOExiTE0n48u8RhcK...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=AaAOQGGWEq8BGPhau7mARtxaFgE9wxLiQ9m1bFuEumwRmeNS4k0JnX0Ds-ZCsuHbR7tVy7Ys8vLvrmOExiTE0n4...

170 B
188 B

58ms
53ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=AaAOQGGWEq8BGPhau7mARtxaFgE9wxLiQ9m1bFuEumwRmeNS4k0JnX0Ds-ZCsuHbR7tVy7Ys8vLvrmOExiTE0n48u8RhcKfbluD_

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=AaAOQGGWEq8BGPhau7mARtxaFgE9wxLiQ9m1bFuEumwRmeNS4k0JnX0Ds-ZCsuHbR7tVy7Ys8vLvrmOExiTE0n48u8RhcKfbluD_
access-control-allow-origin: *
date: Fri, 30 Jun 2023 01:27:28 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 1281 0
44 B 33ms
32ms Image
text/plain 185.86.139.104

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEN2zXKKABjNyov3wz4x1HgE&google_cver=1&google_push=AaAOQGGluGSKi-GwQxq5u9DRjYvvzHwwVc2HR6QPv6UPmcUJxndeRL3vonbCx9oXGI7eW6YAs16qT-lGmvjD0y7UjjGKJx3-qrMh
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.104 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:27 GMT
content-length: 0

GET

/
onetag-sys.com/match/ Frame 1281
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJ7YWOs4ZG8BuTe5Pij-oCk&google_cver=1&google_push=AaAOQGEaYWkvri--beDe3D_ft-mpvz--9ifwQDYmmCXf1XV_c0FrPUx91c53n4T1PKazzT2DPYgOvHw9dMi...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEaYWkvri--beDe3D_ft-mpvz--9ifwQDYmmCXf1XV_c0FrPUx91c53n4T1PKazzT2DPYgOvHw9dMiAUGRjhOhtvM9tTUQljg
https://onetag-sys.com/match/?int_id=19&google_error=5

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1281 0
12 B 32ms
31ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I-jo3Yo-bCDB6nOchKL59XA_f9kZQcsnqYL6MIj5qHkw3hGZsRUxlW_4_v_jA-K0iepqSzWg

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enabler_01_247.js
s0.2mdn.net/879366/ Frame 5FA8 118 KB
40 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=1XFLHHulsf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=1XFLHHulsf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:36:21 GMT

GET
H3 200 gsap_3.9.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 5FA8 63 KB
0 36ms
35ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=1XFLHHulsf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=1XFLHHulsf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 01:27:28 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7151
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECXwmY5AslvAyEHTwq41ndI&google_cver=1&google_push=AaAOQGEgT8KXGcw21zgg5WSX0jMSa1cIGwt_Rhb4izoL78s0IRCoOT6v5SRVdRbULOh1r7jJ7JTe2yBpeNewLExw...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=3S5kni9_QQGpByMmBBY_bA&google_push=AaAOQGEgT8KXGcw21zgg5WSX0jMSa1cIGwt_Rhb4izoL78s0IRCoOT6v5SRVdRbULOh1r7jJ7JTe2yBpeNewLExwoqnY8gwDgQ

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=3S5kni9_QQGpByMmBBY_bA&google_push=AaAOQGEgT8KXGcw21zgg5WSX0jMSa1cIGwt_Rhb4izoL78s0IRCoOT6v5SRVdRbULOh1r7jJ7JTe2yBpeNewLExwoqnY8gwDgQ

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 01:27:28 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x8 config_version:"1524"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=3S5kni9_QQGpByMmBBY_bA&google_push=AaAOQGEgT8KXGcw21zgg5WSX0jMSa1cIGwt_Rhb4izoL78s0IRCoOT6v5SRVdRbULOh1r7jJ7JTe2yBpeNewLExwoqnY8gwDgQ
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 30 Jun 2023 01:27:27 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 7151
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEPp5S_kt0g7QZskbqbZ3WCw&google_push=AaAOQGGeGMkaaZUVl99hUKO95ATNi7D7UOmJslgzMQ-iQ6uHug-ukeWZu2...

0
0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 7151 70 B
264 B 50ms
48ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEEs2SlB8trBpf_h49sqbV30&google_cver=1&google_push=AaAOQGHnTZ7Rk7AstOpiB0B1MiiH9NWm3z2D8FlTDQGEEbHzuLp9f19voteU_3_y5geSsjCgUtj_A0gl-wdDH_XM2r7q5ffgdv4
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7151
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEB_0z0AWVIE3chlzAKPdfcU&google_cver=1&google_push=AaAOQGHyjOgXoPNrReQFDbCueelPuINq92y8vj4ocwGsVNVeSG0Lp1e_59KLZpg9DFXb9Fsy5q7fahmAWxr...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHyjOgXoPNrReQFDbCueelPuINq92y8vj4ocwGsVNVeSG0Lp1e_59KLZpg9DFXb9Fsy5q7fahmAWxrd1ziX-8hzb5oLwnQ&google_hm=eEdlp9-VRMuD90phgRfRiYM

170 B
188 B

40ms
35ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHyjOgXoPNrReQFDbCueelPuINq92y8vj4ocwGsVNVeSG0Lp1e_59KLZpg9DFXb9Fsy5q7fahmAWxrd1ziX-8hzb5oLwnQ&google_hm=eEdlp9-VRMuD90phgRfRiYM

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:27 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHyjOgXoPNrReQFDbCueelPuINq92y8vj4ocwGsVNVeSG0Lp1e_59KLZpg9DFXb9Fsy5q7fahmAWxrd1ziX-8hzb5oLwnQ&google_hm=eEdlp9-VRMuD90phgRfRiYM
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7151
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEOwfU3jwdp3G8FpNz1O8Op0&google_cver=1&google_push=AaAOQGGGzY9TBjIGM7upZwHYXwlpm5s3s_Gn36BBYQyVhKzjLEPTE38r5NXZQAnIT5_f_QSUfvjYpz9wNwHH09...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDI4NDY2ODM0MjEwNjI2NA%3D%3D&google_push=AaAOQGGGzY9TBjIGM7upZwHYXwlpm5s3s_Gn36BBYQyVhKzjLEPTE38r5NXZQAnIT5_f_QSUfvjYpz9wNwHH09shL-...

170 B
188 B

39ms
34ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDI4NDY2ODM0MjEwNjI2NA%3D%3D&google_push=AaAOQGGGzY9TBjIGM7upZwHYXwlpm5s3s_Gn36BBYQyVhKzjLEPTE38r5NXZQAnIT5_f_QSUfvjYpz9wNwHH09shL-t3l8Kg4gk

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDI4NDY2ODM0MjEwNjI2NA%3D%3D&google_push=AaAOQGGGzY9TBjIGM7upZwHYXwlpm5s3s_Gn36BBYQyVhKzjLEPTE38r5NXZQAnIT5_f_QSUfvjYpz9wNwHH09shL-t3l8Kg4gk
Date: Fri, 30 Jun 2023 01:27:28 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7151
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

38ms
33ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGIcTOFsRzOjNcancDuM6cQIZ73b6AiM0E9aQDBlSeWI2fw1j3oA-Rn8mX-NSMQDFQeUl4yQAhXFii7aLSgheAmvS1hB-M

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGIcTOFsRzOjNcancDuM6cQIZ73b6AiM0E9aQDBlSeWI2fw1j3oA-Rn8mX-NSMQDFQeUl4yQAhXFii7aLSgheAmvS1hB-M
date: Fri, 30 Jun 2023 01:27:27 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET gob
sync.inmobi.com/ Frame 7151 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7151 0
12 B 32ms
31ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I_xSqKkMxTA8r1Qwqhbw9mIJoUYX5LtFPPXvHK0D0TlxJginodq806jnMc-1uJGCSD4wbGCg

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9589 43 B
215 B 114ms
114ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=927525e0-5f81-ea97-6ed8-778f6354609d&tv=%7Bc:gYQCXV,pingTime:-10,time:842,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xOTggU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1688088448315%7C%7C9a6212cfc5365cc028ce29da93b325a3%7C%7Cdc0a08e416cd7f8471c71ad711523ca3%7C%7Ca06be4996e4e28a98cd122b960e7cca6%7C%7C1d34ad8a1b69915240f9ceb12c125d4a%7C%7C99433576428bea793259f963b2456fd3%7C%7C1b3a0ca4aee1ce548899ea7c767d6e21%7C%7C36629ef4a79317ecdc400c8c7e95745b%7C%7C1663701684,im:%7Bimprf:%7Bttecl:854,ecd:140,tsecr:451%7D%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: nginx
x-server-name: dt25.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enabler_01_247.js
s0.2mdn.net/879366/ Frame 8232 118 KB
40 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=SaBtOB96NW&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=SaBtOB96NW&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 10:36:21 GMT

GET
H3 200 gsap_3.9.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 8232 63 KB
0 29ms
29ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=SaBtOB96NW&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=SaBtOB96NW&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 01:27:28 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 302B 43 B
215 B 115ms
114ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=43f9eb36-421a-70e5-7900-11b45dbb91a2&tv=%7Bc:gYQCYC,pingTime:-3,time:204,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:30%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:204,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:30,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B199~0%5D,as:%5B199~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tICH5UK+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C11631%7C1164%7C1171%7C1172%7C11731%7C1174%7C1175%7C1176%7C1177%7C1178%7C1179%7C117a%7C117b%7C117c%7C117d%7C117e%7C117f%7C117g%7C117h%7C117i%7C118%7C119%7C11a1%7C11a2%7C11a3%7C11a4%7C11b1%7C11b2%7C11c1%7C11c2%7C11c3%7C11d%7C11e*.1484055-72040524%7C11e1%7C11e2%7C11f1%7C11f2%7C11f3%7C11g1%7C11g2,idMap:11e*,rmeas:1,rend:0,renddet:svg.us,siq:31%7D&br=c
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: nginx
x-server-name: dt21.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 302B 43 B
215 B 116ms
114ms Image
image/gif 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=43f9eb36-421a-70e5-7900-11b45dbb91a2&tv=%7Bc:gYQCYD,pingTime:-6,time:205,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:205,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:30,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B200~0%5D,as:%5B200~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tICH5UK+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C11631%7C1164%7C1171%7C1172%7C11731%7C1174%7C1175%7C1176%7C1177%7C1178%7C1179%7C117a%7C117b%7C117c%7C117d%7C117e%7C117f%7C117g%7C117h%7C117i%7C118%7C119%7C11a1%7C11a2%7C11a3%7C11a4%7C11b1%7C11b2%7C11c1%7C11c2%7C11c3%7C11d%7C11e*.1484055-72040524%7C11e1%7C11e2%7C11f1%7C11f2%7C11f3%7C11g1%7C11g2,idMap:11e*,rmeas:1,rend:0,renddet:svg.us,siq:31%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a4e9:c915:4486:6e7f -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 8349 22 KB
0 36ms
23ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 214187
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A7B1 0
0 59ms
59ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230627&jk=1992809445552694&bg=!2tml2Y3NAAb90kgr3dI7ADkAdvg8Wnl4rex2R6Ie6-8T_5Eesy41ltqmgloCAdeEMVpXND_8S5-sOkThrhFNMglJG_Xt9-Acn9MCAAAB0lIAAAADaAEHCgAIWpmG3dCDiSqZAsTnn0cDucUatpx0zjunEl-wjGTZdl75_0CHG2MxZgApwYMDtX5W-fdMUx1G38FFrmp-ejwLwNXsFe7AMg0ioi8RnTqgkxN_U7mISddW66aqYVc3pqWSvSRwP1DFfyV6uTDrhT0olWUjOlRakktxj8cRIt3nJFO9yz3L3PYCdj5r-3VSRxGPvkmKSh2IeDFwiw9s-U8LZFSi-h27ilrqaoeRgBrsDmsW0lrs9JYTfcO7ktiDMPULkF7AYpNPos3sDhSVj56LECZ2RkImdiiq8d7CI4SKcYVNP5aBe-rD2qrrT4bTUBvLcJhrbqtEOVivTOBDcmMD3PdKkVZ9sDnGn_pwunLqd-qJXLUMQK1EIKatKdxr9iglRICGOph3E54-086dfoeq5HJlWvYwkbXeE0EdyUV8EMNsAssLDBhC0ZgCOYRX0YOvfOM9NZKQ8WxQr1tClJ8xdLvE9mudGLIN9bZ6oiE9xnh4W00KR_SenFeUIBn7hX9WM49M1aov_SuaIQiRxXpHANg9BYG9atEXPpsSWv4unYfHuFrVb1tUfC4LpKLJzvJBNMiTTcVujAZzs8Jvpwzuxvhws2qlrI2JVilhJfg9sxcMHnVCe-P3A5RUgke_QqZAF8fBGUS73yaj6L30_lXRjDaaLqsiasCkjOd5TO4jCylBqLOqnWuG2-FHdIgmXch-BMZSrAxG6Q6DBqTqLPOYUDDPQtDiWUUDYIqPyGvW7bXD17LpVUvQ_GM8tmW2GAHzKeyWt-AXyQAp3hxopO4x6nYtQ5v6eUERoVEKLwflefXFdUechnvhAJH0985_cIgZXPIfBGMk8uXQNvmJwoyHC4JCm8rvAnN3U3dbUxjvbwNDJ4BXyJbPzFxAfuOF2tvfbYnn08ZcePHsHhqxc62XK6P4OtN7Jk8Wg_Vj5KR4raDEy-iFMz_ZOyoA50XrrlY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 4CB9 22 KB
0 36ms
24ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 214187
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK dvtp_src.js
cdn.doubleverify.com/ Frame 302B 8 KB
4 KB 38ms
38ms Script
application/javascript 2a02:26f0:480:9::210:ee04

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&num=&adid=&advid=4309118&adsrv=1&btreg=558488166&btadsrv=doubleclick&crt=192207036&gdpr=&gdpr_consent=&tagtype=&dvtagver=6.1.src
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee04 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 01:27:28 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Jun 2023 12:21:21 GMT
Server: UploadServer
ETag: "4c41482e45017a01683eea2db59c11aa"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3373
Expires: Wed, 28 Jun 2023 12:36:53 GMT

GET
H3 200 index.html
s0.2mdn.net/sadbundle/16829948873192997814/ Frame 5E29 14 KB
0 44ms
34ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=jTdQRzDdGb&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3050
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:27:28 GMT
expires: Sat, 29 Jun 2024 01:27:28 GMT
last-modified: Fri, 12 May 2023 09:19:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 302B 0
0 72ms
72ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuiWq652ySz3NWe5ONX-jILsD5af1sklW6Tj8gkN9p4HqslENae9jjm7Va9o7OOPmZrwX0xFHfwF-LNHHqEYpBN30ckOk9i2SxpuE6AoxK0O33Ab1PFXhZkxbeLxbzDkSKsc3al7kq4wR0Zn7MQEC_yP6mf1s-4LrT44VZx_TW-1qkEnmGJOrlae-L7bcZPnR0TLWNDS3PHglN_sZJb2RXEoXmR4Yk889aMhNGqe9T7_LskzePEZChfFSBUeIebgzA4ooAJ9bbTt0arGmJNA8lSbLpxwFRk8OLvpcZK8ZSl77MYaiXanqS7oicw-HXLI6UseHk4b394AfvD5EeF_39FHciiLcUiKOqEH8gL8D28OlN4rlSVXUmt9fLaUkqy9uku4fbmI2onRFS9k4ApgL3Zj2dsnMhD-Lz4yELXDu-yMRPuFZPeoaUK4ndjcgog3x22mbVxxj_88u92wiuJiA5OxPtsxSfN6eelq0RdcRvBp3nxA33sY7FV_pg0W0h9rYiMM8Ix5UA9p8QzIHZT67MojccdUxhMCApshNM5phaYt_yJPNRnQvy3xxzkuM_1W0GlFzZSS9u0iVGJUhIPScAaglETtIGZc66ORD5tVY4rtlYn3ANDlywOAOkxvEiFXELJOyRZsnztE9lVUjttG5ZClblVZ8euVzCeuPjgOgjGxmMvEyrHB6sH-cRgk8VU6TcYJA8F6louJlptNaowrkz9jFvJi2h8ARUW8gwHmz7ovKNhVzmV0sJA0FT29ZHON5n6cnA8dk51scWfJR-M-aqZdwX3XAL33O6WbaYXFzqMmorrnaQB3Y71d6barIAzokR30FDOTM1Eqya_LbCXyhNbm2KErIs0IH30Di0nruOwTb12zNWVID1JYHq7G8ANODLU62KtCR8YfP4t5pnzwbKOwhIja33_cNaKByv_6YEPY8rDQeURS5wGwCLB4c92ihnWnw2OR5ew8aF2cInJJb0Hmy-26W8TzHzNIgMAYM5FkTk30WeNn-9hIt2NKuFE4n7Vy1LbIxbmzPVYO6uh2veSVaANKlrusFeDRuo4bk1ZlJjLQVXWMZWOqjc7FOB1O2r49Ai25iU0muFxU4QkeaGKSvaQlH7NwJ30_MT1ViGFTtsHsk1zr3jy9stIClIWcvU6jvFuJbZQulDQ9ILpoZmWwmlq1FuEYQpN0nFlBpPuxiNHhdvYxjuNrzOicKH2_cHbzofseBOTWsZg7sOuKP5YQQdQRPEM9casz22NAKNfbN7L2hoo2mspKlIXWZHwj2Iqo3fBvWMZkCzjZ2ZA--NKgo3KkZ4UpXKx54eLDSs4bmzmU07_GHm1&sai=AMfl-YQUh9_d0Vt3WPswdwbVT-1t8uteMpyxtdJtmfTCuNip4yRZtlfNSykWwe6fpzZtjOb1Bo0LQFP-cTy-gilU2Qwvhjl_3PS-Kpak1dIKNgiRb4PsKB1AFCpKw83_jS9fO70DYkZSrke0uOptIAw0JZxdPjdTAc04n-9nVkS0m6pWaJ8nHtBXifaVDoyZO6Yg5b6yLF_eq_YRvvg5bUJTxoTgUXRk5VX92jLU3g&sig=Cg0ArKJSzL7jOc2NxXmoEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=755&cbvp=1&cstd=749&cisv=r20230627.77323&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 01:27:28 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 01:27:28 GMT

GET
H3 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame EA7A 22 KB
0 29ms
23ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 214187
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enabler_01_250.js
s0.2mdn.net/879366/ Frame 61E3 120 KB
41 KB 29ms
25ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8665997961098057607/1685968291221/index.html?e=69&leftOffset=0&topOffset=0&c=JbsmRnnhMj&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8665997961098057607/1685968291221/index.html?e=69&leftOffset=0&topOffset=0&c=JbsmRnnhMj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83863
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 02:09:45 GMT

GET
H3 200 1.jpg
s0.2mdn.net/sadbundle/8665997961098057607/1685968291221/ Frame 61E3 14 KB
14 KB 30ms
26ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8665997961098057607/1685968291221/1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8665997961098057607/1685968291221/index.html?e=69&leftOffset=0&topOffset=0&c=JbsmRnnhMj&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8665997961098057607/1685968291221/index.html?e=69&leftOffset=0&topOffset=0&c=JbsmRnnhMj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 21:40:07 GMT
x-content-type-options: nosniff
age: 532041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14000
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 12:31:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jun 2024 21:40:07 GMT

GET
H3 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame E72F 22 KB
0 24ms
24ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 214187
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9589 0
0 70ms
65ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssg2JwqyfLc_JkMfoCVhwT6RCTlnhEnpABA6NZQxyxpJPuqM7SMfjOgE22O1N7ivYXFEVpDJjqww6zD42W3qG-XuchBcl0Zo3W2LugBaTxiGzLnclo2iYSewatXBsQxC8NY3-dIvi6ZoI5u&sai=AMfl-YS9pKy7gFq5BDSVJ5QUzL60RatkmlavZh6IFGPKL3K4wgD_Rw0OlvwSsuVX4flogtTopSvRbl2t_luAVcVEk9C-D7zuDFM7qNA&sig=Cg0ArKJSzLw4FlS9INn3EAE&cid=CAQSKQBygQiDMzOuCVcys6A-VWJD5PP0O3J1M_TP5m0q4G6W3lYEOo7GE5GGGAE&id=lidar2&mcvt=1068&p=0,0,250,300&mtos=1068,1068,1068,1068,1068&tos=1068,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3116655499&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688088446863&rpt=482&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 01:27:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET dt
dt.adsafeprotected.com/ Frame 302B 0
0

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/epv/ Frame 337A 0
0 171ms
86ms Document
application/javascript 145.239.193.130

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=44241100007543700951389012371011&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Requested by

Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=81494ea125&subid=&uid=6111c2fc7b3dbc2e&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DqE7lJorNfoIV5Z4OgUWzPw%26exch_seat%3D20035004448%26mt_aid%3D7593337796467216459%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_cid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=9820169456400&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 -, , ASN (),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Fri, 30 Jun 2023 01:27:28 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: D972D783:BF26_91EFC182:01BB_649E2F80_59E8E63:25BD1

GET
H2 200 /
adv.office-partner.de/ Frame 8A64 0
0 123ms
27ms Document
text/html 2a0b:4d07:102::1

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=81494ea125&subid=&uid=6111c2fc7b3dbc2e&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DqE7lJorNfoIV5Z4OgUWzPw%26exch_seat%3D20035004448%26mt_aid%3D7593337796467216459%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_cid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=9820169456400&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 -, , ASN (),
Reverse DNS
Software: keycdn-engine /
Resource Hash

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Fri, 30 Jun 2023 01:27:28 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Fri, 07 Jul 2023 01:27:28 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET

htlp
futalis.de/ Frame 2747
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=44241100007543700951389012371011&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2832927057

0
0

GET link.html
track.webgains.com/ Frame 1B29 0
0

GET
H/1.1 200
OK request_content.php
hal900011.redintelligence.net/ Frame 023C 7 KB
0 86ms
32ms Document
text/html 138.201.64.38

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900011.redintelligence.net/request_content.php?s=44241100007543700951389012371011&a=4a8818e9
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=81494ea125&subid=&uid=6111c2fc7b3dbc2e&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DqE7lJorNfoIV5Z4OgUWzPw%26exch_seat%3D20035004448%26mt_aid%3D7593337796467216459%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_cid%3Ddd2e649e-2f7f-4101-a907-232604163f6c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqNuhfi-eZJiJMcn87_UPzaqi-AzPh46bXMCG2YLGAsCNtwEQASAAYJXStYLEB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT4AU_Qm2XixuzK1YV7b10JgJvfSxQjuyXlVM3xDlNrohSgSPigj0Z8WTM6Nw47cVe2P5vrzTJZrNA29p8YejwsJFXjK03PrSx3-bumgUwUHH6cWZlk5brGI7TSewVmSaMkt-NUg3hAAgvpveXXOc0bAoSujos1zGubiqsCYy64KlyzKqDWgLpxbwFK2lklDN6UWa0-s2xu4IBWn1x3GTVnXmYziNsiaryH_4XPGBBpbMBRl7F_3auxqeaDVaSTi7a_qHK1cYMeREzgAT-YfDu4O1c6JXzuSFrkyggk7tPQPqqgfrd7FbhQdNvGA473ZgGmmQEqpYVRlIX84AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EaalqNKxAYzc_SfCXmMbTNZ6cgA%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=9820169456400&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2072
Content-Type: text/html; charset=utf-8
Date: Fri, 30 Jun 2023 01:27:28 GMT
Expires: Fri, 30 Jun 2023 02:27:28 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET e99aace94e6e5873881d3400993e1e7e
medialead.de/trck/eview/ Frame 1B29 0
0

GET AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 72A8 0
0

GET

pixel
cm.g.doubleclick.net/ Frame 72A8
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESENWtTNNmy9KB5FcLLAJ7R_I&google_cver=1&google_push=AaAOQGEjEEh1PrGkQy-wcQ7vfO3uOaTV4-C_SlgTygVNG4x3Pang5Zcqkl_tOjQu0oX1z57aBy3uNo4eeWgVnjN6unqr...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEjEEh1PrGkQy-wcQ7vfO3uOaTV4-C_SlgTygVNG4x3Pang5Zcqkl_tOjQu0oX1z57aBy3uNo4eeWgVnjN6unqrwUTcepw&google_hm=DUvSOkiDRvGQa2fI7CpP_g==

0
0

GET

pixel
cm.g.doubleclick.net/ Frame 72A8
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJwjz6RCHJlPfuZnrTcQ4Wo&google_cver=1&google_push=AaAOQGGhVd52GPD7wi1gL_2TarJW_vM-0FkHvf2quX_6SVZ1K-Xw5YrqXtJQCTCoCyKehX-ZdIiiX5Jc...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzOTU3MjQwNTI5NTI4NDY4Nw&google_push=AaAOQGGhVd52GPD7wi1gL_2TarJW_vM-0FkHvf2quX_6SVZ1K-Xw5YrqXtJQCTCoCyKehX-ZdIiiX5...

0
0

GET

pixel
cm.g.doubleclick.net/ Frame 72A8
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

0
0

GET

pixel
cm.g.doubleclick.net/ Frame 72A8
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEEwryK86CySvt-Zaefj7iE0&google_cver=1&google_push=AaAOQGGfTDobYYCiQfaixB9MzrUIMg2VzUKBbSUZ2dY3KIJoHqCN156JNORENAX5k99gj5hXHoqE3Ld-n3ntyaHqtYLw2T...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=AaAOQGGfTDobYYCiQfaixB9MzrUIMg2VzUKBbSUZ2dY3KIJoHqCN156JNORENAX5k99gj5hXHoqE3Ld-n3ntyaH...

0
0

GET

pixel
cm.g.doubleclick.net/ Frame 72A8
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED_fH7NGvD5H73ZF-sARbm8&google_cver=1&google_push=AaAOQGFBmFV3U1rffXKb0XbtaoK_fQeF7bywPZ6fel4pcN44EOPl_6gxYfWNinqudtVy6XHSbprNexUTaZbRPJmRmOjFr3xW5vCE
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=AaAOQGFBmFV3U1rffXKb0XbtaoK_fQeF7bywPZ6fel4pcN44EOPl_6gxYfWNinqu...

0
0

GET gob
sync.inmobi.com/ Frame 72A8 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 72A8 0
12 B 33ms
32ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KWhCGRb70yt8AlGcFoDvJoc9quicNolR19Qz8VwbTjE1vuyeTGhlG15I9OqKe_H3w-4JPwMg

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 01:27:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/16829948873192997814/css/ Frame 5E29 6 KB
2 KB 22ms
22ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=jTdQRzDdGb&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=jTdQRzDdGb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280934
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1606
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:14 GMT

GET
H3 200 Enabler_01_250.js
s0.2mdn.net/879366/ Frame 5E29 120 KB
0 23ms
22ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=jTdQRzDdGb&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=jTdQRzDdGb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83863
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 02:09:45 GMT

GET overlay.png
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 5E29 0
0

GET logo.svg
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 5E29 0
0

GET gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 5E29 0
0

GET
H3 200 cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame ECFA 0
0 22ms
22ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
URL: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37386
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Fri, 30 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1B29 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

POST gen_204
pagead2.googlesyndication.com/pagead/ Frame 2644 0
0

GET gen_204
pagead2.googlesyndication.com/pagead/ Frame C5ED 0
0

GET gen_204
pagead2.googlesyndication.com/pagead/ Frame D3FD 0
0

GET

si
googleads.g.doubleclick.net/pagead/drt/ Frame 2599
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

GET css
fonts.googleapis.com/ Frame 023C 0
0

GET /
hal9000.redintelligence.net/scale/ Frame 023C 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/img/logo.svg

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Domain: tps.doubleverify.com
URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=461&ttfrms=27&brid=3&brver=114.0.5735.198&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA4%3D%402%3C%5D3%3D%403%5D4%40C6%5DH%3A%3F5%40HD%5D%3F6ETar9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETar9EEADTbpTauTau7ha2a%602%60g3e3f_%602_4bh33a76caf45d_%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=1&aUrlD=0&ssl=https:&dfs=426&ddur=180&uid=1688088447856655&jsCallback=dvCallback_1688088447856981&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.198%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=4050&tgjsver=4050&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Ff92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&fcifrms=1&brh=2&sdf=2&dvp_epl=284&noc=4&nav_pltfrm=Win32&ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&crt=192207036&btreg=558488166&btadsrv=doubleclick&adsrv=1&advid=4309118&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=185070126491.5443&dvp_tukv=160903839614.98383&dvp_strhd=0.40000152587890625&dvpx_strhd=0.40000152587890625&dvp_tuid=576127911960&jurtd=2602798888

Domain: a.tribalfusion.com
URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEAYJacG6T8QjMa8OLfT8rTo&google_cver=1&google_push=AaAOQGH66jDbc2T3EcQJAJDWKg6DBgUHVYbK_a9GMwYTryKNgGlaailkhnrN_kDyn3GX0HplRbTwPWwCURMSbx4GgVucQvjYuHY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGH66jDbc2T3EcQJAJDWKg6DBgUHVYbK_a9GMwYTryKNgGlaailkhnrN_kDyn3GX0HplRbTwPWwCURMSbx4GgVucQvjYuHY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Domain: sync.targeting.unrulymedia.com
URL: https://sync.targeting.unrulymedia.com/csync/RX-fe70c67b-cc49-4510-b52b-8ba5f8343fe4-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHjCUkemd9sMcgJVup0JnnC5uLDJ2Y2cfDYGjybo69ZcAWHz_Qgpwk2MyaUBTaWk5kkV4k8cevoq-8bHCAMFWFPdsukBFg%26google_hm%3DA_5wxnvMSUUQtSuLpfg0P-Q

Domain: sync.inmobi.com
URL: https://sync.inmobi.com/gob?google_gid=CAESEMhMeQYTroUAglCL_eGhVtU&google_cver=1&google_push=AaAOQGEcS1TssKj8WAE2-nnf4SoFE3dr4BfzqVXpSW0GihCIRzqRLd3Z-wpvymWjee2AyVa888JBkJ4ARzIR-P9FndMfr4mCHdQ8

Domain: samsung-germany.demdex.net
URL: https://samsung-germany.demdex.net/event?d_event=imp&d_src=38080&d_site=5313500&d_creative=192902398&d_adgroup=23233&d_placement=368598827&d_campaign=30106407&d_cb=2276592726

Domain: pfa.levexis.com
URL: https://pfa.levexis.com/samsungde/tman.cgi?tmad=i&tmcampid=8&tmplaceref=368598827&tmclickref=192902398&tmtag=image&rand=2276592726

Domain: ng2.virgul.com
URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688088444674&userId=vnet3efcf331-6724-4a12-907e-5875e1a22e99

Domain: r.turn.com
URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKpEHKAqhBtaHcJrMvt4Kbk&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=0d4bd23a-4883-46f1-906b-67c8ec2a4ffe&%%GOOGLE_PUSH_PAIR%%

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEKz8_-yMRrvWQX2XWDjhRTE&google_push=AaAOQGEaHclfVvgQN24D_nRM-4O0VxKKmxtkjTGP2YPTzSCmXoI1dgBCZJglVebl_Pt9mzc_3qK5kz6L137Gwf6ia_BpZSPKc8v7

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHylWy9H_0XW5xYNdiNiye_uJQV6fyXYLEaXxpB7kgzwXfWwDVWBDCT3nJDL47NvZhkTf5bUEtTMQhnKZUJjR9YyYsaBaU&google_hm=DUvSOkiDRvGQa2fI7CpP_g==

Domain: onetag-sys.com
URL: https://onetag-sys.com/match/?int_id=19&google_error=5

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEPp5S_kt0g7QZskbqbZ3WCw&google_push=AaAOQGGeGMkaaZUVl99hUKO95ATNi7D7UOmJslgzMQ-iQ6uHug-ukeWZu2LI_G0TbJ_B88iQyBj13lg_32JAZQc2lK_2i3SWmwA

Domain: sync.inmobi.com
URL: https://sync.inmobi.com/gob?google_gid=CAESEHiN6NB_8kTgxYD6X19Svwk&google_cver=1&google_push=AaAOQGHk5vpvccaK2v9KjrQpN_N3cZrPuQlF6KJHvjI3mOtmNqEIv6m4k-2LY52BsT0i6pV_HF1eYxZD60C_4R2X4JtLOCwqG_eD

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=43f9eb36-421a-70e5-7900-11b45dbb91a2&tv=%7Bc:gYQCZH,pingTime:-2,time:271,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:538,mdZ:601,beA:1071,beZ:1072,mfA:1074,cmA:1075,inA:1075,inZ:1078,prA:1078,prZ:1097,si:1102,poA:1103,poZ:1123,cmZ:1123,mfZ:1123,loA:1276,loZ:1278,ltA:1341,ltZ:1341%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:30%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:271,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:30,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B266~0%5D,as:%5B266~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tICH5Gg+111%7C112%7C113%7C114%7C115%7C1161%7C1162%7C11631%7C1164%7C117.1484055-72040524%7C1171%7C1172%7C11731%7C1174%7C1175%7C1176%7C1177%7C1178%7C1179%7C117a%7C117b%7C117c%7C117d%7C117e%7C117f%7C117g%7C117h%7C117i%7C118%7C119%7C11a.1484055-72040526%7C11a1%7C11a2%7C11a3%7C11a4%7C11b1%7C11b2%7C11c1%7C11c2%7C11c3%7C11d%7C11e*.1484055-72040524%7C11e1%7C11e2%7C11f1%7C11f2%7C11f3%7C11g1%7C11g2,idMap:11e*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:svg.us,siq:31,sinceFw:238,readyFired:true%7D&br=c

Domain: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2832927057

Domain: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=44241100007543700951389012371011&nw=1

Domain: medialead.de
URL: https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=44241100007543700951389012371011&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Domain: tr.blismedia.com
URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEKYGeTfmyeL9z7fL81mi0J8&google_cver=1&google_push=AaAOQGGusd-3UmPqLZ3bzTdVAVvO5uGGs0CV2vmwx7-OGs03SL2bmiJEd5K5qdyFHZB8ELQVi02INVcyPhxs6ORk38UptbQcYG1t

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEjEEh1PrGkQy-wcQ7vfO3uOaTV4-C_SlgTygVNG4x3Pang5Zcqkl_tOjQu0oX1z57aBy3uNo4eeWgVnjN6unqrwUTcepw&google_hm=DUvSOkiDRvGQa2fI7CpP_g==

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzOTU3MjQwNTI5NTI4NDY4Nw&google_push=AaAOQGGhVd52GPD7wi1gL_2TarJW_vM-0FkHvf2quX_6SVZ1K-Xw5YrqXtJQCTCoCyKehX-ZdIiiX5JcCg1YrlZdFbWJMrNuRKM

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=NPiYf7EDQnaEKY_L1xZCng%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHZmhboq8ehPX04x7TLP6JUZdh4TyDHGkpFuGUDOFWcLN2QiFmvIldbx2-1408qdHlg-WhSj-rOinam5QNpEwk83lfTCDy-

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=OzssFnkiSFum9MxbpNFrLw&google_push=AaAOQGGfTDobYYCiQfaixB9MzrUIMg2VzUKBbSUZ2dY3KIJoHqCN156JNORENAX5k99gj5hXHoqE3Ld-n3ntyaHqtYLw2TsesqwK

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDU0ODMwOTU5MDE3MDg3NjI5Mzk3&google_push=AaAOQGFBmFV3U1rffXKb0XbtaoK_fQeF7bywPZ6fel4pcN44EOPl_6gxYfWNinqudtVy6XHSbprNexUTaZbRPJmRmOjFr3xW5vCE

Domain: sync.inmobi.com
URL: https://sync.inmobi.com/gob?google_gid=CAESEMhMeQYTroUAglCL_eGhVtU&google_cver=1&google_push=AaAOQGGot9eTkKpKO_O6Ik5mlXYMGmXI5o1aXuKIRsHP8xZ2pfD3_W_ORKEOU5-DGDfejZyskX6NxTNMCwTUx0Se9QI-l5UmcX91SQ

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/img/overlay.png

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/img/logo.svg

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7073790728773&version=m202301230201&ct=76&x=1&cor=12600362156233832000

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZNQJfi-eZMzNK-WD4gGhs7zAAwAAAAA4AeAEAg&bg=!lZallsLNAAb90kgr3dI7ADkAdvg8WlpDLhJsbjyX_O_89kHv-KNJT_6wvi7rsI_nUqNgC4niIviI2ogEYVhHMIvHKPMpxSqdbbQCAAAD71IAAAACaAEHCgANpDhYt3U7yyl0l7wE3ZkDE03KqAIY7NvZngnfcnAcCKTAlB8YP0gwwaDp8FI__0bMyRwHkXYkXjgNQJjBpQVVzHSe0ORLCRga5SmhWaYe0LN2nQlv53h6V068W1B_HZHScRgiA6jdJqSZhp2xyZ7wEJvcZ1-pLXkU8PwHpqFFBZ_Y0gKWHUlc50ywhXHU5h4rOs3k38SL-d5f--c6cNO-rjwnGtiUEpdH6JP_KWokyf3SCk0br02TAPS1nmE3WHOHd4dCMM9T8EsAtc9lHUfRs_HV1xV5kO-Da_0FU4Jp8HHOTr_7ET7Tr1VHA8cqDv75nImC966W9fhQ0R7rnNddymgmY_Lqge95747iXTT4wfRPEo7YeokSXw6pzLnNplmhrbvx9pX-ZB52hapcHygHQzTzQlk9yrSkJbTqOr_QEWEeWKvnGouFFGKJoy0QHzzUOD774n4_cKciIHfLc4nFdHQgaKNyDcFdvjW3sQLJ63cIQ2Qy_ek8XlYB0RKGQ_12OZBYJDaFPnuJ6RxkBNl4GCQlS4-o8fxIBGiWFVaU5ZASYB-DPkrN4nwOlGVZAuuZmoCK5vI_R0bTbBf1IJQ4qCInE90-cLUHp3ueIf7e0gwCEWZXBfLkGjmT5B3D4KV57wmsUXJV-JBzKtRZFlwxdHb5lk1PfF9IIgOnSHrYdo9OFk_eZOaOtti_LjeSxIqFOr4ZfvcTzAJErai1fDE8GgqzTIYKm5ohTlhPLVeJosCKi5V0E2Xg207Cj-5mPA4uTv5447R9MZXrSF_U09SGQFGVSKHmXzfD0dqHCtdxI0lif9FtrFdlftBlmq0OcQDQDTovy0veEn4aXjkID-4ySbebZO6QKtRJ8P1e15LR94KDoOOg8WyVBHnG7Ob-C2pbGXQIixXnSvj9GxuFonCwUVDVqxQrfai9Q1dBAt0xpPuu3w94WUwMHg26BuvaCjx2YeevLsEUtQksosDU6hLFIkQ2GWpsRcJLUQ09egdoiZCVk9etvmh489ETKYL3AarDtQQQIBwE_MtJ5c3kjQsHyBJRMp-p99ffV7HTraBnh91gvjM

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BYjvbfi-eZPCjLP-wx_APgZ-usAsAAAAAOAHgBAI&bg=!WlmlWQ3NAAb90kgr3dI7ADkAdvg8WkreeucKCLxTX0HiBeIvXdDl-7eDPtO5IrISCeyzCvFQJ91r8K27K_mshyhBmS0zckxmLdgCAAADtVIAAAACaAEHmQMG5Gad9bKu2BViYPlb_kXd8NFs7pgQnNYKZElNNnyUJ7fTAo4BVQB912u1Qk5qx9IVO-t76NA9pf4Sg4Ygs53oToivqBhgIjviFhSCK3eQ5wSEfn9EF_D_zvPz-t02bpnxeleLh49K3t9n1ov4p7bZpEWHOR-5zTmBeRZicXzT9rXL2Vupgk2MIqauFM-oAqsCejmrHfzLQLI7N1JYNr3_hn8rT0n_BT4mO9vUBkOWSCMVRwf-AP9r8x0I7ujdHLDI8I-qBePcz377-rbHx4UmedAhfwAOh0Eu2de1Nmx7k12Ms9-mE2N1q9ij4jpFToWqf3JBtNeEXl8RkW5r3Z86WwybZnpxzPFxWQ73N_AA_p9_gSrrPUaUzEysrE039pUITd6GvJu_fzaOOP3zBfljQdwZMvIt9PPsZasTueI0Ce5NjhmD_8E0vbWoKv4oibIGSgmjSS4x1GQTOIHs5cNiQBKvMlwP0AX7WjZZP98lZNJby_Ci5BpDw8ONJecVej3qA-53O2L1z5UJqtm8owuL-OdFeLr-ssAydeWAdbM0K4e4Sc90j_EO8xKMVkD9iIsF0NjfWZgXGlwKtZsEredQegJ0SRkMohe7F7leRfxtC_4rsKHvPrMhzFf-r14o1B__p2nle3-3o2VnVgDikxbQ3m4uOsB1PCgLggXZ2LYp9jZXJcz7eWJsgu2LTt2F5ZwpiU1yzVWU3ZdnnKMDo1a4jrpJvNjyauHGqVvk6sE1puE8z0FX64sPbvr94Gey-Iw7KmV7H5Ge8MXqZ40h21_N1OZl-a_Mm6q6gCiMgjf24pK6vaVmo6HaFGghBBPEWMgxLCe7wD-f1ztlYRDOePArwFgzwysXiffpkzfaSXQoa7qrOZv4PYmL-41FiQwSTpyVq53_mN4aLj5Z6Hm3YYWOJYD2k5uOnglpSMiVY2vS012lflLmtAQ2Na7mgdD9a2FTcqi3b3qS__D_IO3NVYMMCZMfUjrGRhbOuCRluz9WbQ3sk8ir_HQlWprdETOX-_9YmElfBMXj

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Domain: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_627x627.jpg

Domain: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg

Domain: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/627x627.jpg

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.casalemedia.com/	1970-01-20 15:04:24	Name: CMPS Value: 5155
.casalemedia.com/	1970-01-20 15:04:24	Name: CMPRO Value: 5155
.casalemedia.com/	1970-01-20 21:40:24	Name: CMID Value: ZJ4vfs7-Dx1DDVUtuRPq1QAA
.adnxs.com/	1970-01-20 15:04:24	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ilds(PZW!]tbPl1M>e)ZlrFUfJ+tGXxoy=9rDH8]sQ#L[@xbVE`9/B(OVO[802u8J2RJ3If)y3KL9D3I?-AUTg5T
.adnxs.com/	1970-01-20 15:04:24	Name: uuid2 Value: 5843521653366833848
.doubleclick.net/	1970-01-20 22:16:24	Name: IDE Value: AHWqTUmi0SxrPQoJJEmlosltDmFEqvOJi98BpWQwa9Mvu5B0IIOBAyhPbLpj9r0I-3g
.adfarm1.adition.com/	1970-01-20 15:04:24	Name: UserID1 Value: 7250284668342106264
.ctnsnet.com/	1970-01-20 21:40:24	Name: cid_784765a7df9544cb83f74a618117d189 Value: 1
.ctnsnet.com/	1970-01-20 21:40:24	Name: gid_CAESEM6avSCpA13YQil22j_DOLY Value: 1
.ctnsnet.com/	1970-01-20 21:40:24	Name: cid_a027119981064fe8b0dee04c43232ebe Value: 1
.ctnsnet.com/	1970-01-20 21:40:24	Name: gid_CAESECEZUMUqx7UY-u0uqYCSKWw Value: 1
.pubmatic.com/	1970-01-20 12:56:14	Name: KTPCACOOKIE Value: YES

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x69807j0b5.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688088444821&bpp=3&bdt=808&idt=144&shv=r20230627&mjsv=m202306230101&ptt=9&saldr=aa&nras=1&correlator=1561840534599&frm=24&ife=1&pv=2&ga_vid=1290104769.1688088445&ga_sid=1688088445&ga_hid=533080476&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C42532279%2C44759927%2C44759842%2C42532277%2C31075664%2C44788442&oid=2&pvsid=1992809445552694&tmod=1235851652&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.g0htxj6el14k&fsb=1&dtd=157 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
aax.amazon-adsystem.com
ad.turn.com
ads.travelaudience.com
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
ap.lijit.com
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.doubleverify.com
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d5p.de17a.com
dclk-match.dotomi.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
f92a21a18b6b701a0c39bb2fe427cd50.safeframe.googlesyndication.com
feed.pghub.io
fonts.googleapis.com
futalis.de
fw.adsafeprotected.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900011.redintelligence.net
ib.adnxs.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
match.360yield.com
match.adsrvr.org
medialead.de
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pfa.levexis.com
pghub.io
pixel.mathtag.com
pixel.rubiconproject.com
portal.o2online.de
pv.medialead.de
r.turn.com
rtb.openx.net
s.ad.smaato.net
s0.2mdn.net
s7.addthis.com
samsung-germany.demdex.net
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.virgul.com
sync.inmobi.com
sync.mathtag.com
sync.search.spotxchange.com
sync.targeting.unrulymedia.com
sync.teads.tv
tags.mathtag.com
tpc.googlesyndication.com
tps.doubleverify.com
tr.blismedia.com
track.webgains.com
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google.com
www.googletagmanager.com
www.googletagservices.com
ye-mek.net
a.tribalfusion.com
cm.g.doubleclick.net
dt.adsafeprotected.com
fonts.googleapis.com
futalis.de
googleads.g.doubleclick.net
hal9000.redintelligence.net
medialead.de
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pfa.levexis.com
r.turn.com
s0.2mdn.net
samsung-germany.demdex.net
sync.inmobi.com
sync.targeting.unrulymedia.com
tps.doubleverify.com
tr.blismedia.com
track.webgains.com
108.138.9.235
138.201.64.38
141.101.90.99
142.250.186.66
144.76.91.199
145.239.193.130
15.197.193.217
151.139.128.10
18.66.110.17
185.29.132.245
185.29.134.249
185.7.176.221
185.7.176.223
185.80.39.216
185.86.139.104
185.89.210.20
185.89.210.244
185.94.180.125
198.47.127.19
2.16.97.41
2.19.224.115
20.60.220.36
2001:678:cb4:bbbb::11
213.155.156.169
216.52.2.16
2600:1f18:1aca:4280:a4e9:c915:4486:6e7f
2600:9000:2057:be00:1b:5138:8a40:93a1
2600:9000:223f:9000:8:48e:53c0:93a1
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:806::200a
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:811::2006
2a00:1450:4001:812::2001
2a00:1450:4001:829::2002
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2008
2a00:1450:4001:831::2004
2a02:26f0:480:9::210:ee04
2a02:6ea0:c700::17
2a02:fa8:8806:12::1400
2a03:2880:f084:105:face:b00c:0:3
2a0b:4d07:102::1
3.75.62.37
34.102.243.38
34.250.56.160
34.98.64.218
35.186.193.173
35.186.253.211
35.190.0.66
35.241.45.217
37.157.6.241
51.89.9.251
54.76.252.247
69.173.144.165
76.223.111.18
77.245.159.14
85.114.159.118
94.138.206.83
95.101.148.198
00867e4aa81a541e2fad8ba10b2c4e9a6b137bdbb4ba13fb1a38d2fea88cb41a
00a91cbdff0ef1201b1dc6b365b2109bd2547814b9ec13d2b6d0760c6016b4ac
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
104fe1d096865fb450f1d921b99ea70d85d935d9c8a2e88e980de371e03ea9e1
1190eb867c4df128fe0de77914a76244b3a08687a194d017624b6b42d6522468
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
147c0a445950fa29f9fc3784910f112bdc6dc232412915e1162da9e7ea36ad51
170e5eee89592cad0fe09f8adb7ce590e4af0f8733be52d0df67b5af0f094d2e
187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8
188d877d31031b40a373936e2fd37b05cdfe0580f9fcc926adbe64237a03a4da
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34
1a6d6ecc5afe8b370681181e0077b6c838310f74f8473a1f36527577d5a1fab7
1bd2603da78c0513ae07dff23bf8925d95683b782d9eaabc18e003d3167b8dc9
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
24959a4e5b72bc5745e1d2cddb34e3e7db3d16782406514a2f19ff0293d1fa10
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
294b9ec6dc4bf636cff98918c0b1ec57fad6639e982e2fea86623a68bb447d6e
298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
319e02992d9fdfe5a963ac207347a0cb2f537a565cf6f9b193b261ed39d5db86
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
372e646203759b4bf2ddab1f01469d03dd8bc920f187a3a09bb316f4edf6d604
373a3f0f67372265d8bc59929b272c41173a20e285cd678256ddbd1f0a2e3410
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
385b19d8c7f7bedac5169d996fa57206b3a35b608518dfd0aa4669f7d3a7b7de
3be63679d6ca5fd205bdbc6dc4e6caf8d376a09decaea16226da1bae6d24fad6
3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07
3ce23e46909581b70d68506a6358a982f310ebf4f6414b397d76409ede79bd4b
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
40943b563f9b350f35607d10ee74e6b18af29d8370ff1e2bdd8cc1c5ba574ac4
41c1fbb9c844da7fceb130144cdbf8e33c6222e76169344822da8a9c4db2bc06
43204d58f6a24cdd36d594f28e4dc0f9ab0f5ad29b4a166bb6d5f3c16756636f
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4689c7a0aa9ec698a7ea4deddc9a20dee679635ec1a0797485070b3ed6651f56
479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e58770c8455c8600881447a5f8153ce2f5d1b5ce1bf335b8cc47a0f613446c0
502f09b7adc6f1ff2c01cba95a7a9384a1ae0a5ae7fa370e858fd25bd8678ea5
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5061ede8e14dd075136fdcf6a3879f4b42a692eeaa605e2c5aa5f354e753fa61
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
51571e6e49d9d1243db244dd3bb1790047c7b566dabc9400564dd7f74432ffc6
543d48d1e079fcd974d371768fe777a8c842d99d2be67d10d2f0e946f4198ebe
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
58c3d25fc865c3aaae0922e8ac934df58da2da41fd82774107239becbda5b409
58fa8288d109b6525ab6ced54d659e79cc4e2a925f61d6c76da140f0a689ef59
592d455c34eb7f4d5e8c96676b8113fa85b64dc95c6b326fdaa8e77cbaa1de22
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5af02ce6b5997fabe156a5cf9e0dfdf4901a0552a78732b587d1ca38ffc2e4f4
60f46bfd81485e775d3ba7208cd1de8eb706639b1aaa338f371676199625faa7
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63318d6406f707450076a1c41d436a0df11d5bd4feb76e4c9bf7c252d7a425dc
64af7a328ead4e6e3e77587ae81c88a4156eea6f476df565496f8f46d89d255f
6501e50ffffdc89ec56c93111f32c70f697610d4af971fb38ae964b5824c7eb1
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
669c6af1e1d96ae08c4e17c5c91c248ca44d74d45816da80003f3c8efe85f651
66f57830eba3793b6d407a90dc0636b5e5e028f466bec6045ebc0813acaf7afa
68bbcab002cfe978fe70454b240f442046de6170bdef247b98f4819f1e7f2417
68d4febc35b568c92ae19977d77959b1678585f177f76dce3ef3fe6c3c1b905f
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6df7c73fa12d8261f09a11faff5c77f91f912362a9fdc15c46c3b949b188717b
6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4
702a8f4501821b3190d291065e31d4763083e4f43194a7f20fc0458829066a77
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
756436a828bc505defd18315466851945565deab796a40a3836a3546e31e53b6
75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5
76f1a75d72e11e1336e12470e14e7a35c24e8cdcc8bede6c1d5a328a5fc7093d
7acea77597a54fecfac92b34d1684d076085f07ec0435c9f712f3aaf6f40a7a0
7cbd870232b0a7b2bf23084e1aa673608ecc20407149ed25e727bf4d91fa5bf9
7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460
7e40f3d031801d70ac0a6e1d53d439508a3a0f1037ffe32e6bf1c1755b447588
8206b7cb4977df1646b35835886cc5ad752365263197f15f0581d41c3751aa0a
842c88bbde71118e56fc313dbe3ad3d9e5dd9b3b9913960838734a29e5982b7e
84db376a6573ce4f0649d56dd350eae777b14173db20308d29262aaaa5850978
8518ad3fe58d51b97b21810baa2882276c812a226e3c0f780c30b6a701ac4de5
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9078ad6549c699b59cfbec37ee95adb562803eba1546222a730f8b5d87316492
93877a4648f07d0a209913c6a05dcdc1810fe91fb41c96320aea06de80b708c5
95ff99f853b8eb8296a5c0f066d547a7bf9eff3e04437262190edc80d4c4b292
96aa3667db041dd0f9351d85ca19b7485bf1dad1832ae2099c65cd5a11841275
977591ed4b8a45e1a98302cf30f4ea828072be585e68c0407e513e6eda31b432
9830db003a000e65633dd45a93cdebb064f8522d1c2ad55d18cc50e1ba421033
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a9e0c3f2f8aa72179351f0b5edcde6cfcf708285785c4a358331e05da8bff5a3
abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a1f5bc34d81d22211a1921177d006232b2e93966ca58c67c4b3c1154ba1028
b205c033f2ca9d62a83796a7a23ae86b88809a6bd4620c8cfca2d755c76617cc
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b8c779f4fa5bf396269317b6ccc5bd0259ff6b28d9dc40eb75cf47aa245b0bde
bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c25e33aaf9d908bb036672ed26b9af74032d7cb464d5e3f3b9b67e868798290a
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
ca52a0eec13c48696bf05cbe5e76a0b67c73967c1f8825cfe4b733e24a775580
cb70a0b5ac2b1a8d8e5f0e0b91b99d95723392847800eb91f42673794ce38e5f
ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d41d07189295595e39267e87a880138ce04d72fe0ba272a91c07c735db7d2092
d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f
d4f6fbb124a841f96eea0f14a51f711f80d333a954250fc4c63e7f158109f019
d5544013c9c882cd032a4ed06f6f8338f6fce934e82311a1267f59b5e717c4c7
d5907d04f8aa7cc029868fb441fd2a02dce10b72e3a68d6294aa7a2debf90440
d966ecd46380ed5fdc36aadcd4b5a4bbd65ba852833ce5e834a4e37380ac9535
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
dff391a6b143e97e7a2694765c7855e5c33bed3cac080d39530ed5557a1ccfb4
e0332198df71b4738488edc775d650d6a2e417aab4d04050251415317fac69ef
e1cc41370e1b69755ee36781223eea182d5cf8b551996b83f1b66da60eba0cb0
e1d64dcce03bbb7c2bd033767a73cd36fd3d14f2f9f1424e1a184f37038938b0
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e47fe684eeb5978f6c7437edacdbe8f33a60d89a68403c3e58c0128bfe36a52d
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e8cd9f7f932e502b97e7ebd1194ba28e4b5a441b6100a07a09a6c02f102c8b55
eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d
eacf81f2aea7086efad6450a0e9b5d8d9ee63613d45a4520fd14c0d3c633002b
ec88c9de3a44165db5e410d072fee68874d371d17eeac4ea36c5325d485b3f7b
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3a33ac3568a1da234fcefa866780b66e4a325c49e24aba1c56a2e6966214129
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5a117cb6007e2642cb7f1b8d55a66a518d07a6d331b72b3640015ffe1f1d453
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f6c4f7a3d487b7ff022968992263a5783a6373fac408f2185053c4937fbb4fc1
f8b4d526d4d0cb39090c0def50a1bb5dadce76c9133f2a6d965c85c6f731b0b3
fb06e978921c555bd9771e8e389d545487b87d94b5b2443c39cf77ecb04b24d3
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

452 Requests

80 %HTTPS

35 %IPv6

55 Domains

79 Subdomains

51 IPs

4 Countries

5244 kBTransfer

13354 kBSize

12 Cookies

0 Outgoing links

Redirected requests

452 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

452
Requests

80 %
HTTPS

35 %
IPv6

55
Domains

79
Subdomains

51
IPs

4
Countries

5244 kB
Transfer

13354 kB
Size

12
Cookies

452 HTTP transactions
9 data transactions