pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Submission: On June 21 via api (June 21st 2023, 6:18:18 pm UTC) from TR — Scanned from DE

Summary HTTP 377 Redirects Behaviour Indicators

Summary

This website contacted 43 IPs in 4 countries across 49 domains to perform 377 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	72.246.168.124 72.246.168.124	16625 (AKAMAI-AS) (AKAMAI-AS)
20	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
78	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	52.222.208.154 52.222.208.154	16509 (AMAZON-02) (AMAZON-02)
20	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	13.32.119.77 13.32.119.77	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
2	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
14 50	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
7 13	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
5 8	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
4	34.98.64.218 34.98.64.218	() ()
4	23.32.185.35 23.32.185.35	16625 (AKAMAI-AS) (AKAMAI-AS)
43	2a00:1450:400... 2a00:1450:4001:810::2006	() ()
2	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	() ()
2 2	151.101.2.49 151.101.2.49	() ()
2 2	85.114.159.118 85.114.159.118	() ()
3 3	37.157.3.20 37.157.3.20	() ()
2	35.227.252.103 35.227.252.103	() ()
2 2	3.75.62.37 3.75.62.37	() ()
1 1	20.127.253.7 20.127.253.7	() ()
1	162.19.138.119 162.19.138.119	() ()
10	142.250.186.34 142.250.186.34	() ()
1 1	185.29.134.248 185.29.134.248	() ()
1 3	34.96.105.8 34.96.105.8	() ()
2 2	3.64.137.20 3.64.137.20	() ()
3 3	69.173.144.165 69.173.144.165	() ()
2 2	54.76.252.247 54.76.252.247	() ()
3 3	46.228.174.117 46.228.174.117	() ()
3	185.86.138.152 185.86.138.152	() ()
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	() ()
1 1	35.204.74.118 35.204.74.118	() ()
3 3	35.186.193.173 35.186.193.173	() ()
2	178.250.7.11 178.250.7.11	() ()
3 3	216.52.2.48 216.52.2.48	() ()
1 1	2600:9000:245... 2600:9000:2450:6c00:1b:5138:8a40:93a1	() ()
1 2	3.123.212.69 3.123.212.69	() ()
1 2	2606:4700::68... 2606:4700::6812:19ad	() ()
1 1	2a05:d018:d29... 2a05:d018:d29:3605:80dd:9dec:7ab0:1c1f	() ()
2 2	185.64.190.78 185.64.190.78	() ()
2 2	13.248.245.213 13.248.245.213	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:20::2040	() ()
1 2	54.155.194.178 54.155.194.178	() ()
377	43

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.246.168.124 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-246-168-124.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

78 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.208.154 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-208-154.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.119.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-119-77.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 142.250.186.98 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 185.80.39.216 (Canada) 7 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.172.123 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.64.218 (None, )

ASN- ()

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.32.185.35 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-35.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2a00:1450:4001:810::2006 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.49 (None, ) 2 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.118 (None, ) 2 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.3.20 (None, ) 3 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (None, ) 2 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (None, ) 1 redirects

ASN- ()

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.119 (None, )

ASN- ()

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.34 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.96.105.8 (None, ) 1 redirects

ASN- ()

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.64.137.20 (None, ) 2 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (None, ) 3 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.252.247 (None, ) 2 redirects

ASN- ()

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (None, ) 3 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.138.152 (None, )

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (None, ) 1 redirects

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.193.173 (None, ) 3 redirects

ASN- ()

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.7.11 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.52.2.48 (None, ) 3 redirects

ASN- ()

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2450:6c00:1b:5138:8a40:93a1 (None, ) 1 redirects

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.212.69 (None, ) 1 redirects

ASN- ()

d.adtriba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:80dd:9dec:7ab0:1c1f (None, ) 1 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (None, ) 2 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (None, ) 2 redirects

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2040 (None, )

ASN- ()

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.155.194.178 (None, ) 1 redirects

ASN- ()

unilever.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
121	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 133 ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 155	1002 KB
89	doubleclick.net 14 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 244 googleads4.g.doubleclick.net	453 KB
43	2mdn.net s0.2mdn.net	1 MB
43	ye-mek.net ye-mek.net — Cisco Umbrella Rank: 858491 cdn.ye-mek.net	651 KB
20	virgul.com static.virgul.com — Cisco Umbrella Rank: 63446 ng.virgul.com — Cisco Umbrella Rank: 55403 ng2.virgul.com — Cisco Umbrella Rank: 60888	233 KB
13	casalemedia.com 7 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 621 ssum-sec.casalemedia.com	9 KB
12	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 107 www.google.com — Cisco Umbrella Rank: 3	2 KB
8	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 249	9 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	391 KB
6	openx.net us-u.openx.net rtb.openx.net	938 B
4	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1404	652 B
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 357 aax.amazon-adsystem.com — Cisco Umbrella Rank: 444	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	lijit.com 3 redirects ap.lijit.com	2 KB
3	ctnsnet.com 3 redirects gcm.ctnsnet.com	1 KB
3	smartadserver.com ssbsync.smartadserver.com	225 B
3	rubiconproject.com 3 redirects pixel.rubiconproject.com	1 KB
3	blismedia.com 1 redirects tr.blismedia.com	691 B
3	yahoo.com 3 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	1 KB
3	adform.net 3 redirects c1.adform.net	2 KB
2	demdex.net 1 redirects unilever.demdex.net	2 KB
2	3lift.com 2 redirects eb2.3lift.com	951 B
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	adtriba.com 1 redirects d.adtriba.com	757 B
2	criteo.com dis.criteo.com	725 B
2	turn.com 1 redirects ad.turn.com r.turn.com	869 B
2	1rx.io 2 redirects sync.1rx.io	2 KB
2	360yield.com 2 redirects match.360yield.com	880 B
2	bidswitch.net 2 redirects x.bidswitch.net	1 KB
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	820 B
2	quantserve.com cms.quantserve.com	929 B
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 102765	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 1964 feed.pghub.io — Cisco Umbrella Rank: 2174	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13184	6 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 422 imasdk.googleapis.com — Cisco Umbrella Rank: 495	212 KB
2	cloakan.co www.cloakan.co	1 KB
1	dotomi.com dclk-match.dotomi.com	104 B
1	smaato.net 1 redirects s.ad.smaato.net	442 B
1	simpli.fi 1 redirects um.simpli.fi	713 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	617 B
1	mathtag.com 1 redirects sync.mathtag.com	771 B
1	id5-sync.com id5-sync.com	1 KB
1	inmobi.com 1 redirects sync.inmobi.com	711 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	21 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2353	361 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	47 KB
377	49

	Domain	Requested by
78	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com s0.2mdn.net ye-mek.net securepubads.g.doubleclick.net
50	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
43	s0.2mdn.net	pcloak.blob.core.windows.net s0.2mdn.net ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com ye-mek.net
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
35	tpc.googlesyndication.com	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com pcloak.blob.core.windows.net tpc.googlesyndication.com pagead2.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com pcloak.blob.core.windows.net
12	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com www.googletagservices.com pcloak.blob.core.windows.net
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
10	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
9	www.google.com	1 redirects ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com tpc.googlesyndication.com
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
8	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
8	ng.virgul.com	static.virgul.com ye-mek.net
7	www.googletagservices.com	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
5	ng2.virgul.com	ye-mek.net
4	sync.teads.tv	googleads.g.doubleclick.net
4	us-u.openx.net	googleads.g.doubleclick.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	ap.lijit.com	3 redirects
3	gcm.ctnsnet.com	3 redirects
3	ssbsync.smartadserver.com	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
3	pixel.rubiconproject.com	3 redirects
3	tr.blismedia.com	1 redirects ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
3	c1.adform.net	3 redirects
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	unilever.demdex.net	1 redirects
2	eb2.3lift.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	d.adtriba.com	1 redirects ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
2	dis.criteo.com	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
2	ssum-sec.casalemedia.com	2 redirects
2	sync.1rx.io	2 redirects
2	match.360yield.com	2 redirects
2	x.bidswitch.net	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	rtb.openx.net	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
2	dsp.adfarm1.adition.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	cms.quantserve.com	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	dclk-match.dotomi.com	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	s.tribalfusion.com	ye-mek.net
1	a.tribalfusion.com	1 redirects
1	s.ad.smaato.net	1 redirects
1	um.simpli.fi	1 redirects
1	r.turn.com	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
1	ad.turn.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	sync.mathtag.com	1 redirects
1	id5-sync.com	ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
1	sync.inmobi.com	1 redirects
1	imasdk.googleapis.com	c1.imgiz.com
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	www.google-analytics.com	www.googletagmanager.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
377	66

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-03-31` - `2023-06-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh

This page contains 45 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Frame ID: 77583B0179CC1D9C52281469E4041F0F
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 473A4DFA0D662320CBFC19119F6569C2
Requests: 95 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: 3F6BB5407A41BE733AC278E79CB694B7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230615/r20190131/zrt_lookup.html
Frame ID: E841F936E76E701DCE89A03CDF27493D
Requests: 1 HTTP requests in this frame

Frame: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D666B14D0A32C19F46B22EF432EBA2C5
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: C89E373F942127078670A54093B71FC8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687371493514&bpp=3&bdt=1061&idt=345&shv=r20230615&mjsv=m202306160401&ptt=9&saldr=aa&nras=1&correlator=6942882967528&frm=24&ife=1&pv=2&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759842%2C44759876%2C31075468%2C42532269%2C44788442%2C21065725&oid=2&pvsid=1579024527047855&tmod=1182908093&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.v1upmxx92am6&fsb=1&dtd=357
Frame ID: EB191ECB4ECC8EDBB213E73481B8AFDE
Requests: 1 HTTP requests in this frame

Frame: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: CE94ACD44320512B31ADC351E72AF356
Requests: 12 HTTP requests in this frame

Frame: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: F934E0FCD68A714AAB335D84E41DBBEA
Requests: 20 HTTP requests in this frame

Frame: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 3875A6F98E5FE8348B060E43A39AC8EC
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687371494374&bpp=8&bdt=156&idt=293&shv=r20230615&mjsv=m202306160901&ptt=9&saldr=aa&nras=1&correlator=7328782076432&frm=8&ife=1&pv=2&ga_vid=993773248.1687371495&ga_sid=1687371495&ga_hid=1760922722&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3833444451&scr_x=-12245933&scr_y=-12245933&eid=31075053%2C44759875%2C44759837%2C44759926%2C31075473%2C44785292%2C44788441&oid=2&pvsid=3826711246027727&tmod=2013439735&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.6o5m092zp32i&fsb=1&dtd=308
Frame ID: 491DFB7CA07E6D92EA62782C25699416
Requests: 1 HTTP requests in this frame

Frame: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 078A01E137D3B9170FAD64B1142C3465
Requests: 19 HTTP requests in this frame

Frame: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: EE50EA4B2E082FE4A4E7071AC6BD2702
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687371494382&bpp=2&bdt=164&idt=335&shv=r20230615&mjsv=m202306160901&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7328782076432&frm=8&ife=1&pv=1&ga_vid=993773248.1687371495&ga_sid=1687371495&ga_hid=1760922722&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3833444451&scr_x=-12245933&scr_y=-12245933&eid=31075053%2C44759875%2C44759837%2C44759926%2C31075473%2C44785292%2C44788441&oid=2&pvsid=3826711246027727&tmod=2013439735&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.9qsyhacn8ayo&fsb=1&dtd=338
Frame ID: D1CBBB94CB6996EBA527ECC24B814269
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjH07LlATAB&v=APEucNXVpv8xYKmnJfi5WdSyD_QM6KrH5jscaMOQrlU54_nFEmJ5h44UQ5o9apLB8QsZFVFkIW6AbBwWzGCUGcDFMQrctylStoESfhv6Ul6RtKAd_2Zx9_oF12fYVh8T9pOV1Gd2zcg9l1euA2qTvDgajAhRRapes1A1wZVPg1i8lAxwSjSVbD0
Frame ID: 11F0A7071BFB30DE0AF0768BD5130263
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNUSxBx_zAGRLkpZ_vYA1sHOHe5oksJxnXJFoFEbpf8MyvpDX2oCNtdooCTyvKUGtsGdRSGKw1N7hz9sk294WO3pm_gDtLhCxdXgmF-A7teHi-i4g9yL7E5ew-MrT6icy3cRqNGdSN7I1kEvpP93nxiEo4UADfSXstheZxzsGzgmeuI9-N8
Frame ID: 9ECDEF6AC17E14F4DD365EEE91406085
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYvZ2e3wEwAQ&v=APEucNW6cax8NZAlX1oxP5D3OfCuORO2sxjurdGli6w40JQLXVlfY2pfyLcrfAf1Qn9IfK8605XGaJHVtkdFf-6K9HwojXYq4rDdyF4MW1BNllJKUxpbVfqP1DoUUqLEAfu_9XaF-95oJyItmuqy1r47JgalzQqnsbCePi0565ocosk05_4u1lA
Frame ID: DDFBBEFC52B580BA7F89D17A617DF020
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNVaVq9Mi06-wtNe3vTiLwi6DdaXOW2Ry6qysQj31PVuLL1BTp9jXX4GDr-s0izdqlc8e8uBUpAB1RMBr8sfxj9bD1sATpfKObxmw64xw4PasqQBkrGBr2fyPtlUJWCT0BJVdbOaiTcIvUzq-OFGBrSvtbFo6Vd5mDe7Kp0P3Ai1UlHkqNo
Frame ID: 60BE73B814B9771DD606AAE179727C24
Requests: 5 HTTP requests in this frame

Frame: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 06DEC774C6085FCC8635FD13B2A54505
Requests: 20 HTTP requests in this frame

Frame: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: E82A09CC5A12F20BDBBDAE192BEF1E84
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EC1883D2BF6EB382B420BCF60CE4084E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1C2E872E778C2423B78D28665940A217
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 83924A9B4DECAC673734D1150D552517
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7F7BF65E2140A37A2329B0FE1AD95329
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COm_ExDK3oEBGPb58s4BMAE&v=APEucNVHQkaV2WxDMscqdVQOO97AYN8eXIwM8Hl_mmOdxkrtOnAjUffhuBBkC5dwXNJDhpMlH9nD4fQ_pp_rAqA9CYODcE0ED-3exRNa65t7H89eRZv2hi_XsswD723jO2rYvLQY6jJsesj6o5NniZ2qiqVTvF-VpKFtQMWztH-JdqlLetNv_SA
Frame ID: 1416FB6594B38DFCFCEB5689767234F0
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250
Frame ID: 82049B2891DDC6CD83FDC7B77651FFDA
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250
Frame ID: 3B291227AB6C3112CF118594C89CD991
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250
Frame ID: 7077BF05BA729C613947BCD3109A4FAD
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=D3tdDF3tnR&t=1&renderingType=2&ev=01_250
Frame ID: 60F8EAFDFA72B8E70CB20C4022C97761
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CC15FAA1CEA0C6EB98733CED3F6C36FA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 341298DE053225F443F1A3A8EC50AADB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2A518600D7077FCB3334E86467FA5E6F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 497C6F83EF52CDEC7F42F75CD008949B
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EDC15AD436053451F938470B12DF4362
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 600EAFB3208B2CF7BE5BA77CB44410ED
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D04907E6BAA4B77BA4506C356A392FF4
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DC64C904A2C6279EB1D44A9A09841ADD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3C9C8C09FE0F4632A4E338A2258F621C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A2519308840005694245DC4891CB8B07
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1759278523689238034/160x600.html?ev=01_250
Frame ID: AA2433E729B152C518F952A1EFD8D161
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js
Frame ID: BDB87FA4C750E501082D57B2334EDD9B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js
Frame ID: C0DF38ED9C2139E153C75F0890DBA940
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js
Frame ID: 701816460D038978DBB30E74F3EA1463
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8F30C22227CB28B43013F33398A5BAA9
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 83A5333BEFDDA64E36450605FEA9AA87
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

377
Requests

87 %
HTTPS

34 %
IPv6

49
Domains

66
Subdomains

43
IPs

4
Countries

4807 kB
Transfer

10860 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1

Request Chain 140

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJM.5kTZvP6SkGsr3.152QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1&google_hm=2

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEE24MVZky-r5u5AKL3jvpD4&google_cver=1

Request Chain 142

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D

Request Chain 143

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1

Request Chain 144

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJM.5kTZvP6SkGsr3.152QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1&google_hm=2

Request Chain 145

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEE24MVZky-r5u5AKL3jvpD4&google_cver=1

Request Chain 146

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D

Request Chain 147

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMkVlvz-aIRbrFaQ7vefaZw&google_cver=1

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEFv6e9ewnwpJ3wxECmNtnEo&google_cver=1

Request Chain 151

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMkVlvz-aIRbrFaQ7vefaZw&google_cver=1

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEFv6e9ewnwpJ3wxECmNtnEo&google_cver=1

Request Chain 211

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESED8zGRVZvYQUS4RVcSJNBFk&google_cver=1&google_push=ATf1kGOMs2Cj6zfhPvjEbcG7kY8J5IE530af17f7jmgAPeDlzUr02rjN_mGEt-ad9VswGENTdnYBj6m5ZxMJH57v4pc-gCXGAtF0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESED8zGRVZvYQUS4RVcSJNBFk&google_push=ATf1kGOMs2Cj6zfhPvjEbcG7kY8J5IE530af17f7jmgAPeDlzUr02rjN_mGEt-ad9VswGENTdnYBj6m5ZxMJH57v4pc-gCXGAtF0

Request Chain 212

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAtSbhafxGQntTPYeS0JUIg&google_cver=1&google_push=ATf1kGOjbbokzD2ovCiiRqRlaUg0A5zZrwZdk7zItaJQh_Kju__70i_x-viXALpHNDjUIZAX9gdZhuPUsZWmrQDNQbZu9U3l5Tfi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NzIwNTM4NzI1NjAwMjcxNA%3D%3D&google_push=ATf1kGOjbbokzD2ovCiiRqRlaUg0A5zZrwZdk7zItaJQh_Kju__70i_x-viXALpHNDjUIZAX9gdZhuPUsZWmrQDNQbZu9U3l5Tfi

Request Chain 213

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEE5qZ8dVM1MGSbtLRJ3-s3o&google_cver=1&google_push=ATf1kGNhx1ob7QxxMsdX7hB0u-uBR3LLkov6yeV-ldqt4iE_lNwnZIC_EkvzTwGppwyf5Xooht4X5QDFeMPkB4gMjGxzCh8PHPmb HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEE5qZ8dVM1MGSbtLRJ3-s3o&google_cver=1&google_push=ATf1kGNhx1ob7QxxMsdX7hB0u-uBR3LLkov6yeV-ldqt4iE_lNwnZIC_EkvzTwGppwyf5Xooht4X5QDFeMPkB4gMjGxzCh8PHPmb HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTUxNDY0ODE2NzEzMjYwOTc3&google_push=ATf1kGNhx1ob7QxxMsdX7hB0u-uBR3LLkov6yeV-ldqt4iE_lNwnZIC_EkvzTwGppwyf5Xooht4X5QDFeMPkB4gMjGxzCh8PHPmb

Request Chain 215

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEpFQ04o_Wqqho3iglVKoJ0&google_cver=1&google_push=ATf1kGP6uGladLDY1rhAt_Na2Y-LfK4NUV71XZrxYXgf-kK5x3O9hsaqjzcLbc2PuROK7t3Q0hmlfVlVQUzc02JuIjWdX43Pe1ii7A HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEpFQ04o_Wqqho3iglVKoJ0&google_cver=1&google_push=ATf1kGP6uGladLDY1rhAt_Na2Y-LfK4NUV71XZrxYXgf-kK5x3O9hsaqjzcLbc2PuROK7t3Q0hmlfVlVQUzc02JuIjWdX43Pe1ii7A&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1hOHc3T3FKRTJ1RkhQdXBjbTdzMU5jNUhTdVExS2JSb35B&google_push=ATf1kGP6uGladLDY1rhAt_Na2Y-LfK4NUV71XZrxYXgf-kK5x3O9hsaqjzcLbc2PuROK7t3Q0hmlfVlVQUzc02JuIjWdX43Pe1ii7A

Request Chain 216

https://sync.inmobi.com/gob?google_gid=CAESEK5dxBsorNEEDQUDbeNdsQg&google_cver=1&google_push=ATf1kGOuDtybDcMTADTIzxxzKZqHmzbNPJYQ-y76EmHqcvQG5JS_FKiM4qlYJtjTT639-aQasL3vAI6rtPMtrZ70l4gyMyqaa6MdQQ HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGOuDtybDcMTADTIzxxzKZqHmzbNPJYQ-y76EmHqcvQG5JS_FKiM4qlYJtjTT639-aQasL3vAI6rtPMtrZ70l4gyMyqaa6MdQQ

Request Chain 220

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIBVjy0kNlqzcaqkPvJFjgA&google_cver=1&google_push=ATf1kGMFyeFRQIrfwGSODYPhzyQueoxhH_Z41xQwwNU0si_ONoQ8AE9v5XkoGkYxwUUvvQokov5rJl2K3QRBwsWIgzHZwwXguSIMAZQzjdMQBjOdI1M6wmFl_Dum0Y_fRBVuLOfkytC7fL4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGMFyeFRQIrfwGSODYPhzyQueoxhH_Z41xQwwNU0si_ONoQ8AE9v5XkoGkYxwUUvvQokov5rJl2K3QRBwsWIgzHZwwXguSIMAZQzjdMQBjOdI1M6wmFl_Dum0Y_fRBVuLOfkytC7fL4

Request Chain 222

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMaLUqkhDLEJhkbOdKIPzY8&google_cver=1&google_push=ATf1kGNfmIkEkeJ3XxDQhMJ2PGTUe6EbXALq50D-K4N12PYi-jSrUtH719O0fdo0nIz7E-TrEBZ1Wirb2bx874Z6aJ780nv2sdcxGjVKZxYEnrunq6WPmZ43-QfZO74us-H7qDhksyY-ZA HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEMaLUqkhDLEJhkbOdKIPzY8&google_cver=1&google_push=ATf1kGNfmIkEkeJ3XxDQhMJ2PGTUe6EbXALq50D-K4N12PYi-jSrUtH719O0fdo0nIz7E-TrEBZ1Wirb2bx874Z6aJ780nv2sdcxGjVKZxYEnrunq6WPmZ43-QfZO74us-H7qDhksyY-ZA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNfmIkEkeJ3XxDQhMJ2PGTUe6EbXALq50D-K4N12PYi-jSrUtH719O0fdo0nIz7E-TrEBZ1Wirb2bx874Z6aJ780nv2sdcxGjVKZxYEnrunq6WPmZ43-QfZO74us-H7qDhksyY-ZA&google_hm=CdRz_dz0TVaryPKdwMikQQ==

Request Chain 223

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGOD8b-vtwzmGM8WlgfptXM&google_cver=1&google_push=ATf1kGMaifAj24GGN3xHBN1w5VstNVPXKVivcU3XSKK5N7uDPmJMI63DxFIew-R1oe90zEnDIwjgGU0LZbFxq6Rb7vzRKMieRPaSebmh0wgzaBXgHYSkO2_MvU0kJhJucN6x9bY6HaWteME HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtMTUtSENQVg==&google_push=ATf1kGMaifAj24GGN3xHBN1w5VstNVPXKVivcU3XSKK5N7uDPmJMI63DxFIew-R1oe90zEnDIwjgGU0LZbFxq6Rb7vzRKMieRPaSebmh0wgzaBXgHYSkO2_MvU0kJhJucN6x9bY6HaWteME

Request Chain 224

https://match.360yield.com/match/ebda?google_gid=CAESEHjyeZ_B2IxbKDDoDAVzouo&google_cver=1&google_push=ATf1kGNZta3AiTckNTQLNHHWlOT6PEkDypKypyQ4isqDakL84AIoOoYrlw_z7NZmhCFc4Gfvd03OJht_m-pMNClIlfGoVLKXtZtxo4-C6FTDMU6zxupqHKUivgqJl9LGxtiMSvmbbo3ZOg HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEHjyeZ_B2IxbKDDoDAVzouo&google_cver=1&google_push=ATf1kGNZta3AiTckNTQLNHHWlOT6PEkDypKypyQ4isqDakL84AIoOoYrlw_z7NZmhCFc4Gfvd03OJht_m-pMNClIlfGoVLKXtZtxo4-C6FTDMU6zxupqHKUivgqJl9LGxtiMSvmbbo3ZOg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=l_hmQUjQT4KNiuWWrUEVug&google_push=ATf1kGNZta3AiTckNTQLNHHWlOT6PEkDypKypyQ4isqDakL84AIoOoYrlw_z7NZmhCFc4Gfvd03OJht_m-pMNClIlfGoVLKXtZtxo4-C6FTDMU6zxupqHKUivgqJl9LGxtiMSvmbbo3ZOg

Request Chain 225

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEGWmMV9UjjB2cj5od3TNa7I&google_cver=1&google_push=ATf1kGN5VMuJAvldFqzLwZs_9yUd0k2w78y1RhNKuiIOpMlXUnmN2gUnD-7yEO0_m3Kcc4ooRDYxbBk4wN3GjwTPNw1qELi41DASdxmVMFTskbNXCO00baTe_ehqtDSrCdQ7ri47nmRiZ7I HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGN5VMuJAvldFqzLwZs_9yUd0k2w78y1RhNKuiIOpMlXUnmN2gUnD-7yEO0_m3Kcc4ooRDYxbBk4wN3GjwTPNw1qELi41DASdxmVMFTskbNXCO00baTe_ehqtDSrCdQ7ri47nmRiZ7I&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1687371495632 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-47bb84bf-1e08-4636-9240-3e16fc743b6a-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGN5VMuJAvldFqzLwZs_9yUd0k2w78y1RhNKuiIOpMlXUnmN2gUnD-7yEO0_m3Kcc4ooRDYxbBk4wN3GjwTPNw1qELi41DASdxmVMFTskbNXCO00baTe_ehqtDSrCdQ7ri47nmRiZ7I%26google_hm%3DA0e7hL8eCEY2kkA-Fvx0O2o HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGN5VMuJAvldFqzLwZs_9yUd0k2w78y1RhNKuiIOpMlXUnmN2gUnD-7yEO0_m3Kcc4ooRDYxbBk4wN3GjwTPNw1qELi41DASdxmVMFTskbNXCO00baTe_ehqtDSrCdQ7ri47nmRiZ7I&google_hm=A0e7hL8eCEY2kkA-Fvx0O2o

Request Chain 228

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEEb3iVzcGLhpcqJfbeQ7moU&google_cver=1&google_push=ATf1kGOZYYovdbnExI5yvy8ExmGITsxdnJm_FjTc6UDHHJc581qrT5banU-Jh7wzhWo34IZgT4cj6W9uDO9J6Ctz6W8ajbjYn4zZSQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzUyMjMxMDM2MjExNDEwNTM4NQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEInqAG128hFrCPX0cEwZpCY&google_cver=1

Request Chain 230

https://um.simpli.fi/gp_match?google_gid=CAESEIKIsJTO7YAsMc2ZY2V6NbY&google_cver=1&google_push=ATf1kGNIZbx3gnp7nNS2ceiQs7PaBrb7dOCBDGKLr3kVavte41mo2x4qMdA4_zOMANMb0FtFRnRPm5hXRzBPRAFiK2mDcaPcT5Pc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C92EC5096E5C4F1F94AC1FB8DF7E9B03&google_push=ATf1kGNIZbx3gnp7nNS2ceiQs7PaBrb7dOCBDGKLr3kVavte41mo2x4qMdA4_zOMANMb0FtFRnRPm5hXRzBPRAFiK2mDcaPcT5Pc

Request Chain 231

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEELHAqKvzKNWInK99FJy8Z4&google_cver=1&google_push=ATf1kGMNXcNuoeLqNJkEdPNVrZ3eU2XzQ3ZANdl6c6wQtuzYujLwXQQ0__xXocdPxSOWuc1mmy6jyUomr9LrAGMBJVw_EpT6ydLEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NzIwNTM4NzI1NjQ2MTQ1Ng%3D%3D&google_push=ATf1kGMNXcNuoeLqNJkEdPNVrZ3eU2XzQ3ZANdl6c6wQtuzYujLwXQQ0__xXocdPxSOWuc1mmy6jyUomr9LrAGMBJVw_EpT6ydLEqg

Request Chain 232

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHTFg_WKkiBpwiSzC7Xq1VU&google_cver=1&google_push=ATf1kGM8lE5SKTtgd9xNvKLMs5HPPc0uQsSez4mntfN8M5D6Mo9rwLfPnh7OEvtDVLLKvkjpw3rIECp2Q_Iq5JCZX0Y_RuY6its2RA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtMU0tSkNOUQ==&google_push=ATf1kGM8lE5SKTtgd9xNvKLMs5HPPc0uQsSez4mntfN8M5D6Mo9rwLfPnh7OEvtDVLLKvkjpw3rIECp2Q_Iq5JCZX0Y_RuY6its2RA

Request Chain 233

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECc5bR2Ki8tAmhZPVsCNuNc&google_cver=1&google_push=ATf1kGO6NGOUoA2SNx4nWKOmJq1US1--7rmI592rsK8j3Edd8NzbvZpe_ik9R-_PIv6aZkYqraU9W1_VS2pN7fO-_gLSCEIC7vUEFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECc5bR2Ki8tAmhZPVsCNuNc&google_hm=ZJM-5kTZvP6SkGsr3-152QAABG8AAAIB&google_nid=index&google_push=ATf1kGO6NGOUoA2SNx4nWKOmJq1US1--7rmI592rsK8j3Edd8NzbvZpe_ik9R-_PIv6aZkYqraU9W1_VS2pN7fO-_gLSCEIC7vUEFA

Request Chain 236

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESED2eECyggE3QHIvQTiMy-rc&google_cver=1&google_push=ATf1kGPfMOZRInUFV8DqWqVjah69vjAEgAeWfisKG0lhT-k-q0_dv5HrF0ejH451SifRH-ylwIf1EmCgy-xvwLOdM7GtiXAAemiK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPfMOZRInUFV8DqWqVjah69vjAEgAeWfisKG0lhT-k-q0_dv5HrF0ejH451SifRH-ylwIf1EmCgy-xvwLOdM7GtiXAAemiK&google_hm=sTOaA4leQd-2CopGWCTopqs

Request Chain 240

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDsKjuyLnsnlcczdbjLwlOQ&google_cver=1&google_push=ATf1kGNoSEyuDE0UY4FMGlwMgRy3sq-jchVr-IXPAoOeosdyTjKxhxSOImEKt6R2NhrqTQiAFk7CJBgttPvTAZRp3tm-O_nG_XY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtSy1LQVg5&google_push=ATf1kGNoSEyuDE0UY4FMGlwMgRy3sq-jchVr-IXPAoOeosdyTjKxhxSOImEKt6R2NhrqTQiAFk7CJBgttPvTAZRp3tm-O_nG_XY

Request Chain 241

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMRkdtbEt-H9XvBj7FQnkIs&google_cver=1&google_push=ATf1kGNt10kCoz5urMpmohjS5MH7Tu6lcNAhHgYZdKJtquhLuHduf5XvXkttu3aitvOg_WRloxb1ImxG7tn6FEOD-VWIHUdiYkaq HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMRkdtbEt-H9XvBj7FQnkIs&google_cver=1&google_push=ATf1kGNt10kCoz5urMpmohjS5MH7Tu6lcNAhHgYZdKJtquhLuHduf5XvXkttu3aitvOg_WRloxb1ImxG7tn6FEOD-VWIHUdiYkaq&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNt10kCoz5urMpmohjS5MH7Tu6lcNAhHgYZdKJtquhLuHduf5XvXkttu3aitvOg_WRloxb1ImxG7tn6FEOD-VWIHUdiYkaq&google_hm=G2qqtGZHJtTMqg97R3us-LDB

Request Chain 242

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEFl0sdaOA_HQDvENahdgt9I&google_cver=1&google_push=ATf1kGPCMfaGc4GolKlIAfdCRWpuLPVHP50XKIurp9aBuNsppC4vgBMyZiwJGq6NlOxndSrY75P1F2yvdiGZ1pE2wVMuPq9v4R58 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPCMfaGc4GolKlIAfdCRWpuLPVHP50XKIurp9aBuNsppC4vgBMyZiwJGq6NlOxndSrY75P1F2yvdiGZ1pE2wVMuPq9v4R58

Request Chain 250

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202305_es_nothilfe_dv_pros_367777976&atb_dpuid=di_dv&gdpr=&gdpr_consent= HTTP 302
https://d.adtriba.com/px.gif

Request Chain 267

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHlfbXWatr-_X3amLMTBuaY&google_cver=1

Request Chain 268

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJM.5kTZvP6SkGsr3.152QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHlfbXWatr-_X3amLMTBuaY&google_cver=1&google_hm=2

Request Chain 269

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBpE41nE_pzy_nBhcIolPnQ&google_cver=1

Request Chain 270

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D

Request Chain 294

https://a.tribalfusion.com/i.match?p=b6&u=CAESEK19EjivmO6NefnDr6yodos&google_cver=1&google_push=ATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-rf&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-rf%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK19EjivmO6NefnDr6yodos&google_cver=1&google_push=ATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-rf&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-rf%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 295

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEKVak0aB_ej6NPdlQrxAZNU&google_cver=1&google_push=ATf1kGPrqIJ2LJwOqjApKu24RNTg4Z0aLqCn_pFAdvAnkuV9AqDJeJzqDHQuFygASR_L0iS7bU50_esQE9qVbbtULz74EElTNbif HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkpNXzV3QVRrenBwWndCYQ==&google_gid=CAESEKVak0aB_ej6NPdlQrxAZNU&google_cver=1&google_push=ATf1kGPrqIJ2LJwOqjApKu24RNTg4Z0aLqCn_pFAdvAnkuV9AqDJeJzqDHQuFygASR_L0iS7bU50_esQE9qVbbtULz74EElTNbif

Request Chain 296

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESELJyemjfNVzC5mWPtCBPHtE&google_cver=1&google_push=ATf1kGMEIwVFhWurdhLjRhE9Z9nwdFc2qkYcXnDVpKsl-6U_jgZ1102Xi4VFXnJve5A5_PXpWloIQlXNXfQ5bw2nlSNrrIHyFaea HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMEIwVFhWurdhLjRhE9Z9nwdFc2qkYcXnDVpKsl-6U_jgZ1102Xi4VFXnJve5A5_PXpWloIQlXNXfQ5bw2nlSNrrIHyFaea&google_hm=sTOaA4leQd-2CopGWCTopqs

Request Chain 297

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEKj7lpjeqq9TGweznOH25Js&google_cver=1&google_push=ATf1kGPz7q8FBEEm8Iy6H1d1HOxAQMsV3vPzFlPuou9wxV68SXNX4N6rp6JOXmPuqeJELB6bSk8uoZ22yR5F7cnnMGlImyOWTtYz HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=ATf1kGPz7q8FBEEm8Iy6H1d1HOxAQMsV3vPzFlPuou9wxV68SXNX4N6rp6JOXmPuqeJELB6bSk8uoZ22yR5F7cnnMGlImyOWTtYz&google_hm=hmSTPucBH7gV62GyrA&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D64933EE7011FB815EB61B2ACBLIS

Request Chain 298

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENc_YNlPduAKa4yb9B-gDGc&google_cver=1&google_push=ATf1kGN3cPOrtZIrS6qBMaspNKkLoxK2z968omnI_S-IkfTBAlpzaFYqrBcS2IxhQxphjR3CP6KsDqGVXZqIR1atN8m69ovjt3Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGN3cPOrtZIrS6qBMaspNKkLoxK2z968omnI_S-IkfTBAlpzaFYqrBcS2IxhQxphjR3CP6KsDqGVXZqIR1atN8m69ovjt3Y&google_hm=eS1GT2FKTkoxRTJwR0p5eGs0QlFXemJEcTJkS3VFeXplen5B

Request Chain 299

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEuyqZBaxkqhnWPwkuGGCJ8&google_cver=1&google_push=ATf1kGOCcXo2TV-ca6a0pptW-hrupbGKtducE5S5M7Fa4_qMAVNL-oICuJxBZ-AKvM-POjWnZMelKCKC-t3kSSqVl3JCHb-o1Hfx HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEuyqZBaxkqhnWPwkuGGCJ8&google_cver=1&google_push=ATf1kGOCcXo2TV-ca6a0pptW-hrupbGKtducE5S5M7Fa4_qMAVNL-oICuJxBZ-AKvM-POjWnZMelKCKC-t3kSSqVl3JCHb-o1Hfx&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DuqWW-InSMWOqbc_ER2G3A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGOCcXo2TV-ca6a0pptW-hrupbGKtducE5S5M7Fa4_qMAVNL-oICuJxBZ-AKvM-POjWnZMelKCKC-t3kSSqVl3JCHb-o1Hfx

Request Chain 300

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEClGNtEjNCx1Le8fdduwSo0&google_cver=1&google_push=ATf1kGMYcGbP5WuYCRn5r7Rdf31rfLknbh9gctclyFoiUs2HuLaGggd3_SWTMEvrV_225DIB2aZGaCahKYYkNF_HUg0e109al56X HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGMYcGbP5WuYCRn5r7Rdf31rfLknbh9gctclyFoiUs2HuLaGggd3_SWTMEvrV_225DIB2aZGaCahKYYkNF_HUg0e109al56X&google_gid=CAESEClGNtEjNCx1Le8fdduwSo0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzgyMTY1NzQ2OTk4ODQyNjE3NjYyNw%3D%3D&google_push=ATf1kGMYcGbP5WuYCRn5r7Rdf31rfLknbh9gctclyFoiUs2HuLaGggd3_SWTMEvrV_225DIB2aZGaCahKYYkNF_HUg0e109al56X

Request Chain 302

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 315

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEP_6SGzFb_NsUcdQcY_XBws&google_cver=1&google_push=ATf1kGO9CEJ_z2YSJPWay0UcW4CtqGinP30uAAr1JOqEYBS7kittnBwKy-cTpKqUgEbF-eFUgvfZdb7RTc3-2GUaFqeHB9VvoS4SV3udNlOz99YDyxRInNdkPStDytDS1p543NC3EZXWIZo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGO9CEJ_z2YSJPWay0UcW4CtqGinP30uAAr1JOqEYBS7kittnBwKy-cTpKqUgEbF-eFUgvfZdb7RTc3-2GUaFqeHB9VvoS4SV3udNlOz99YDyxRInNdkPStDytDS1p543NC3EZXWIZo&google_hm=sTOaA4leQd-2CopGWCTopqs

Request Chain 317

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHxg-msoUuGBT_x5Of6LiKQ&google_cver=1&google_push=ATf1kGPY3TsIzYChysmm-TWE4w6MSn4mAEVKjwKqhWvZvB1gE9EjuLacPBljqrATgcoDzWG2--yJhaNS7iarDJs8GCTrgLnSq69rSESxy5fqUdtqgknGtD53BxYZ3JXjpZhdvCkYBFBRBq8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTUxNDY0ODE2NzEzMjYwOTc3&google_push=ATf1kGPY3TsIzYChysmm-TWE4w6MSn4mAEVKjwKqhWvZvB1gE9EjuLacPBljqrATgcoDzWG2--yJhaNS7iarDJs8GCTrgLnSq69rSESxy5fqUdtqgknGtD53BxYZ3JXjpZhdvCkYBFBRBq8

Request Chain 318

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFfs0vkQdxhEDCpwOomlZN4&google_cver=1&google_push=ATf1kGOEaK9VDwJBIOLRXvrQg3cvQ-AsljAfKD2Lhehm8-6Xer8Z2vAtEl6GgSg0zA1gWFsgcIQ2konfzxjEh7UCx0Kw7Jujd4rKgWyb-UW2MUTFE388CZa_xLruWJSghxs6nYjEC30WtH2Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFfs0vkQdxhEDCpwOomlZN4&google_hm=ZJM-5kTZvP6SkGsr3-152QAABG8AAAIB&google_nid=index&google_push=ATf1kGOEaK9VDwJBIOLRXvrQg3cvQ-AsljAfKD2Lhehm8-6Xer8Z2vAtEl6GgSg0zA1gWFsgcIQ2konfzxjEh7UCx0Kw7Jujd4rKgWyb-UW2MUTFE388CZa_xLruWJSghxs6nYjEC30WtH2Y

Request Chain 319

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPgqANzZzQiGUONrdPuxV5A&google_cver=1&google_push=ATf1kGNWJKm3fIgm1a6jSLkQR5SgCNkCWdKvlY9hiFgocsp7W3qo6ZGO1bKYsmGCuc0Ox-wDTKc7J3N63YwtVpZyeMxLKx7M1NurRyUkPvhDj7ZpTB6f4S7r6VmIhtZb6myB53xBtIZsijEG HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNWJKm3fIgm1a6jSLkQR5SgCNkCWdKvlY9hiFgocsp7W3qo6ZGO1bKYsmGCuc0Ox-wDTKc7J3N63YwtVpZyeMxLKx7M1NurRyUkPvhDj7ZpTB6f4S7r6VmIhtZb6myB53xBtIZsijEG&google_hm=G2qqtGZHJtTMqg97R3us-LDB

Request Chain 382

https://unilever.demdex.net/event?d_sid=25453995&cs=1687371497792 HTTP 302
https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687371497792

377 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x69807j0b5.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 430ms
102ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1318
Content-MD5: +Dz/d7Mp2GQfilgWrAkqiw==
Content-Type: text/html
Date: Wed, 21 Jun 2023 18:18:10 GMT
ETag: 0x8DB5ED0599CC10C
Last-Modified: Sat, 27 May 2023 16:35:15 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: fa9953d7-201e-0074-086c-a476fd000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 103ms
101ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-request-id: fa995431-201e-0074-546c-a476fd000000
Date: Wed, 21 Jun 2023 18:18:10 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 304ms
98ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 21 Jun 2023 18:18:11 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: fa9954db-201e-0074-616c-a476fd000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 204ms
101ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 21 Jun 2023 18:18:11 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: fa995472-201e-0074-0c6c-a476fd000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 255ms
92ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x69807j0b5
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:08 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 197ms
92ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:09 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 473A 77 KB
77 KB 258ms
57ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c5476874ca5ddcb0143951cc2199c753f6b43ef0f73bb8e1e0470b219468958b

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79033
content-type: text/html; charset=utf-8
date: Wed, 21 Jun 2023 18:18:11 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 473A 90 KB
91 KB 125ms
40ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 18:18:28 GMT
x-content-type-options: nosniff
age: 431984
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92629
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Jun 2024 18:18:28 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 473A 10 KB
2 KB 80ms
80ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Wed, 21 Jun 2023 18:18:11 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 473A 40 KB
12 KB 357ms
7ms Stylesheet
text/css 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 5562039
x-accel-date: 1681809453
x-77-nzt: AcO1qhFlhnj/t95UAA
x-accel-expires: @1713345453
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 4c156224557790c5e43e936422e0f62f
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 473A 120 KB
47 KB 131ms
47ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

791d49454d155e924522a06bf7fc34420c240237b74895d6d73466ce25a47e60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47666
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 21 Jun 2023 18:18:12 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame 473A 23 KB
23 KB 44ms
44ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Wed, 21 Jun 2023 18:18:11 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Sat, 04 May 2024 23:14:43 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 473A 542 B
896 B 12ms
12ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5562104
x-accel-date: 1681809388
content-length: 542
x-77-nzt: AcO1qhEVD17/+N5UAA
x-accel-expires: @1713345388
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 4c156224557790c5e43e93643be5d630
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 473A 2 KB
2 KB 22ms
18ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5562039
x-accel-date: 1681809453
content-length: 1651
x-77-nzt: AcO1qhH57Cj/t95UAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 4c156224557790c5e43e936415d29431
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kayisi-peltesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 473A 10 KB
10 KB 23ms
18ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/kayisi-peltesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4fdc5391bf7f26b8640e050ae3e95ff1ea315746f0062053a894101b910f4049

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 70473
x-accel-date: 1687301019
content-length: 9934
x-77-nzt: AcO1qhE2pqX/SRMBAA
x-accel-expires: @1718837019
last-modified: Tue, 20 Jun 2023 22:25:01 GMT
server: CDN77-Turbo
etag: "6492273d-26ce"
x-77-nzt-ray: 4c156224557790c5e43e9364220d9931
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 seftalili-magnolia-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 473A 11 KB
12 KB 26ms
20ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/seftalili-magnolia-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e200e1462094eecba53812ae0d8063ebaf38162d7cde36194b196df1da860ab2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 156050
x-accel-date: 1687215442
content-length: 11651
x-77-nzt: AcO1qhFWd2D/kmECAA
x-accel-expires: @1718751442
last-modified: Mon, 19 Jun 2023 22:31:31 GMT
server: CDN77-Turbo
etag: "6490d743-2d83"
x-77-nzt-ray: 4c156224557790c5e43e936452cf9c31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yufkasiz-pirasa-boregi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 473A 15 KB
15 KB 28ms
23ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/yufkasiz-pirasa-boregi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5a74bd20eb2f78f5a088be7f2c5afe1b623a98f6bf5cbe2537e5c187d393afc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 244830
x-accel-date: 1687126662
content-length: 15139
x-77-nzt: AcO1qhE3vBP/XrwDAA
x-accel-expires: @1718662662
last-modified: Sun, 18 Jun 2023 21:55:21 GMT
server: CDN77-Turbo
etag: "648f7d49-3b23"
x-77-nzt-ray: 4c156224557790c5e43e936492f2a031
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 semizotlu-kasik-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 473A 16 KB
17 KB 31ms
25ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/semizotlu-kasik-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e83e8632256c5072bcc9d126fd31fc4e8bfa323231f1d212e745dab97d90895c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 331749
x-accel-date: 1687039743
content-length: 16634
x-77-nzt: AcO1qhF5YJj/5Q8FAA
x-accel-expires: @1718575743
last-modified: Sat, 17 Jun 2023 21:43:42 GMT
server: CDN77-Turbo
etag: "648e290e-40fa"
x-77-nzt-ray: 4c156224557790c5e43e93644696a531
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 topalak-yemegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 473A 15 KB
15 KB 34ms
28ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/topalak-yemegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9b38d88b1023d2badd893cbb744210baf4a8f01a2c36f2efa8799dd86440cf2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561878
x-accel-date: 1681809614
content-length: 15156
x-77-nzt: AcO1qhH5HXz/Ft5UAA
x-accel-expires: @1713345614
last-modified: Sun, 03 Apr 2022 23:51:26 GMT
server: CDN77-Turbo
etag: "624a32fe-3b34"
x-77-nzt-ray: 4c156224557790c5e43e9364aab4aa31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavada-tavuk-sis-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/07/ Frame 473A 15 KB
16 KB 34ms
29ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/07/tavada-tavuk-sis-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4bff962fb085bc7a7d81b7a59a2dceb2a6dd7f44a6d25af7040fd62f86393a05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561726
x-accel-date: 1681809766
content-length: 15765
x-77-nzt: AcO1qhEcf6f/ft1UAA
x-accel-expires: @1713345766
last-modified: Wed, 01 May 2019 22:26:43 GMT
server: CDN77-Turbo
etag: "5cca1d23-3d95"
x-77-nzt-ray: 4c156224557790c5e43e93643dc6ae31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/02/ Frame 473A 13 KB
13 KB 34ms
29ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/02/nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561124
x-accel-date: 1681810368
content-length: 13272
x-77-nzt: AcO1qhFRwRr/JNtUAA
x-accel-expires: @1713346368
last-modified: Wed, 01 May 2019 22:22:18 GMT
server: CDN77-Turbo
etag: "5cca1c1a-33d8"
x-77-nzt-ray: 4c156224557790c5e43e9364aa6bb131
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 besni-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 473A 18 KB
18 KB 36ms
31ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/besni-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 599bb6748f60ecce39049c7c6feed7bfd65e9ba09ef478ff0661381840117a9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561372
x-accel-date: 1681810120
content-length: 18119
x-77-nzt: AcO1qhHi++j/HNxUAA
x-accel-expires: @1713346120
last-modified: Wed, 29 Mar 2023 22:35:22 GMT
server: CDN77-Turbo
etag: "6424bd2a-46c7"
x-77-nzt-ray: 4c156224557790c5e43e9364617bb431
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 orijinal-kibris-tatlisi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 473A 15 KB
15 KB 36ms
31ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/orijinal-kibris-tatlisi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5232d54f552f36dea15ac9afdc160e549cb4e8eb52dd9da5f048eaf9264449a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561454
x-accel-date: 1681810038
content-length: 15360
x-77-nzt: AcO1qhH62s3/btxUAA
x-accel-expires: @1713346038
last-modified: Sun, 17 Apr 2022 12:57:04 GMT
server: CDN77-Turbo
etag: "625c0ea0-3c00"
x-77-nzt-ray: 4c156224557790c5e43e93644e0db731
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 erzurum-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame 473A 11 KB
12 KB 36ms
31ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/erzurum-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ce1d83c141c0efd469c46097a827914115fb3f663b722b4ac8923d00234552c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561518
x-accel-date: 1681809974
content-length: 11700
x-77-nzt: AcO1qhGlJVP/rtxUAA
x-accel-expires: @1713345974
last-modified: Tue, 18 Feb 2020 23:09:17 GMT
server: CDN77-Turbo
etag: "5e4c6e9d-2db4"
x-77-nzt-ray: 4c156224557790c5e43e93644e6ab931
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-patlican-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/05/ Frame 473A 15 KB
15 KB 36ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/05/firinda-patlican-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: fe665a455aceb9598500cae8ccd808cbffe5a3525c32cdc7bcbaa0e83a58ac0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561616
x-accel-date: 1681809876
content-length: 15015
x-77-nzt: AcO1qhFoYoD/EN1UAA
x-accel-expires: @1713345876
last-modified: Wed, 01 May 2019 22:25:01 GMT
server: CDN77-Turbo
etag: "5cca1cbd-3aa7"
x-77-nzt-ray: 4c156224557790c5e43e93647c52bb31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 macar-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame 473A 14 KB
15 KB 37ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/macar-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 68bbcab002cfe978fe70454b240f442046de6170bdef247b98f4819f1e7f2417

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5562051
x-accel-date: 1681809441
content-length: 14810
x-77-nzt: AcO1qhEwFaj/w95UAA
x-accel-expires: @1713345441
last-modified: Fri, 24 Apr 2020 23:44:43 GMT
server: CDN77-Turbo
etag: "5ea379eb-39da"
x-77-nzt-ray: 4c156224557790c5e43e9364ffd0bd31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-et-yemegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/03/ Frame 473A 17 KB
17 KB 37ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/03/firinda-et-yemegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4c5deb00f38b73c0882d773ade1a2084150544c3129128fc0655f419ef157e93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5557532
x-accel-date: 1681813960
content-length: 17033
x-77-nzt: AcO1qhHF6tD/HM1UAA
x-accel-expires: @1713349960
last-modified: Sat, 19 Mar 2022 23:39:57 GMT
server: CDN77-Turbo
etag: "623669cd-4289"
x-77-nzt-ray: 4c156224557790c5e43e9364c0acbf31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 belen-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 473A 17 KB
17 KB 37ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/belen-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5a890b96bb00fd6a96f4b5e43fa646fb4b331d9c55b88bf6ca5dafd2bf1bf184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5559382
x-accel-date: 1681812110
content-length: 17356
x-77-nzt: AcO1qhEteor/VtRUAA
x-accel-expires: @1713348110
last-modified: Wed, 13 May 2020 21:44:39 GMT
server: CDN77-Turbo
etag: "5ebc6a47-43cc"
x-77-nzt-ray: 4c156224557790c5e43e9364a15dc131
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sultan-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/08/ Frame 473A 13 KB
14 KB 37ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/08/sultan-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561165
x-accel-date: 1681810327
content-length: 13608
x-77-nzt: AcO1qhEd+z//TdtUAA
x-accel-expires: @1713346327
last-modified: Wed, 01 May 2019 22:27:29 GMT
server: CDN77-Turbo
etag: "5cca1d51-3528"
x-77-nzt-ray: 4c156224557790c5e43e93643970c331
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tencerede-izmir-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/04/ Frame 473A 13 KB
14 KB 37ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/04/tencerede-izmir-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 68f8702c1d3fb44f6df07969952f51be1ce1a0be2dbf71c1831f0ccca70085d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561546
x-accel-date: 1681809946
content-length: 13539
x-77-nzt: AcO1qhECzEz/ytxUAA
x-accel-expires: @1713345946
last-modified: Wed, 01 May 2019 23:47:34 GMT
server: CDN77-Turbo
etag: "5cca3016-34e3"
x-77-nzt-ray: 4c156224557790c5e43e9364f10dc531
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-tavuk-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 473A 15 KB
15 KB 37ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/lokanta-usulu-tavuk-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d6350ccbc96e6f4089866ba29b8e2fcdf961c3c5b428e8611226d39922e1fce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561726
x-accel-date: 1681809766
content-length: 15502
x-77-nzt: AcO1qhEYKoz/ft1UAA
x-accel-expires: @1713345766
last-modified: Tue, 17 May 2022 22:25:33 GMT
server: CDN77-Turbo
etag: "628420dd-3c8e"
x-77-nzt-ray: 4c156224557790c5e43e9364e728c731
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-but-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame 473A 17 KB
17 KB 37ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/firinda-tavuk-but-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 96aa3667db041dd0f9351d85ca19b7485bf1dad1832ae2099c65cd5a11841275

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561726
x-accel-date: 1681809766
content-length: 17402
x-77-nzt: AcO1qhEm53X/ft1UAA
x-accel-expires: @1713345766
last-modified: Tue, 09 Nov 2021 21:00:38 GMT
server: CDN77-Turbo
etag: "618ae176-43fa"
x-77-nzt-ray: 4c156224557790c5e43e9364a6f5c831
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-kereviz-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/10/ Frame 473A 12 KB
12 KB 37ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/10/tavuklu-kereviz-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4c6847d6c187314e234ace1a963c78c659d2429c0790444c674b5d72180822bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 4405657
x-accel-date: 1682965835
content-length: 12025
x-77-nzt: AcO1qhHnx0n/mTlDAA
x-accel-expires: @1714501835
last-modified: Wed, 09 Oct 2019 22:00:21 GMT
server: CDN77-Turbo
etag: "5d9e5875-2ef9"
x-77-nzt-ray: 4c156224557790c5e43e9364cdaaca31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 473A 15 KB
16 KB 37ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 1715614
x-accel-date: 1685655878
content-length: 15552
x-77-nzt: AcO1qhGT0Jj/ni0aAA
x-accel-expires: @1717191878
last-modified: Thu, 01 Jun 2023 21:24:53 GMT
server: CDN77-Turbo
etag: "64790ca5-3cc0"
x-77-nzt-ray: 4c156224557790c5e43e93644fa6cc31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tepside-kumpir-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/10/ Frame 473A 14 KB
14 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/10/tepside-kumpir-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 510b186e641d8ac1c76d3c1d9df86920af3704e9d910a011b09f6ba8d98dd08f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5554759
x-accel-date: 1681816733
content-length: 13846
x-77-nzt: AcO1qhEIYmj/R8JUAA
x-accel-expires: @1713352733
last-modified: Wed, 01 May 2019 23:24:34 GMT
server: CDN77-Turbo
etag: "5cca2ab2-3616"
x-77-nzt-ray: 4c156224557790c5e43e93641d42ce31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yunan-usulu-kabak-kizartmasi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/06/ Frame 473A 15 KB
16 KB 38ms
34ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/06/yunan-usulu-kabak-kizartmasi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 88df0b2490a5a1cf2163d628d9a01a1828e026c98d49a0a5e21c433fbe1acbfc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561387
x-accel-date: 1681810105
content-length: 15707
x-77-nzt: AcO1qhGV/WT/K9xUAA
x-accel-expires: @1713346105
last-modified: Sun, 21 Jun 2020 23:45:09 GMT
server: CDN77-Turbo
etag: "5eeff105-3d5b"
x-77-nzt-ray: 4c156224557790c5e43e93640b07d031
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanakli-mantarli-yumurta-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ Frame 473A 11 KB
11 KB 38ms
34ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ispanakli-mantarli-yumurta-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2216e20f57afc7e5430a4a51e5bd5a8995763a95bd03d67cd519395fb82e75dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5560751
x-accel-date: 1681810741
content-length: 11247
x-77-nzt: AcO1qhEd5tX/r9lUAA
x-accel-expires: @1713346741
last-modified: Wed, 01 May 2019 23:29:21 GMT
server: CDN77-Turbo
etag: "5cca2bd1-2bef"
x-77-nzt-ray: 4c156224557790c5e43e936477b6d131
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 brokoli-mucver-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/02/ Frame 473A 13 KB
13 KB 38ms
34ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/02/brokoli-mucver-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a9f2bdacd4951b5e28dcd417c660d0e84dd2d82c09b81d4ff3f22e0bd3b20cb0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5559056
x-accel-date: 1681812436
content-length: 13059
x-77-nzt: AcO1qhHuNsL/ENNUAA
x-accel-expires: @1713348436
last-modified: Wed, 01 May 2019 23:31:01 GMT
server: CDN77-Turbo
etag: "5cca2c35-3303"
x-77-nzt-ray: 4c156224557790c5e43e93646011d431
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-mercimek-corbasi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/11/ Frame 473A 10 KB
11 KB 38ms
34ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/11/lokanta-usulu-mercimek-corbasi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0c28128d4531849e77a1f8f5e29ebd5a3f84e41521c4ec3b6c14173600e5d541

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561726
x-accel-date: 1681809766
content-length: 10524
x-77-nzt: AcO1qhEW4tn/ft1UAA
x-accel-expires: @1713345766
last-modified: Wed, 01 May 2019 23:26:55 GMT
server: CDN77-Turbo
etag: "5cca2b3f-291c"
x-77-nzt-ray: 4c156224557790c5e43e9364c4fbd531
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 unlu-yogurt-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/08/ Frame 473A 13 KB
13 KB 38ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/08/unlu-yogurt-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 95ad298529b351217d8c00e83841c52f8692a206c581566b0293cb15475bae7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5559854
x-accel-date: 1681811638
content-length: 12869
x-77-nzt: AcO1qhHNcX3/LtZUAA
x-accel-expires: @1713347638
last-modified: Thu, 04 Aug 2022 20:45:01 GMT
server: CDN77-Turbo
etag: "62ec2fcd-3245"
x-77-nzt-ray: 4c156224557790c5e43e936491a8d731
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karnabahar-yapragi-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 473A 14 KB
14 KB 38ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/karnabahar-yapragi-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3f064267c64c1eeca604b20f9d60538c32c14e90528441d0524c2f30161f8b47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3786027
x-accel-date: 1683585465
content-length: 14031
x-77-nzt: AcO1qhEwru3/K8U5AA
x-accel-expires: @1715121465
last-modified: Mon, 08 May 2023 22:19:39 GMT
server: CDN77-Turbo
etag: "6459757b-36cf"
x-77-nzt-ray: 4c156224557790c5e43e93649377d931
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 girar-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 473A 13 KB
13 KB 38ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/girar-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 038c545ef084b3fe9e6c446e8080e4d6be85650256a782e67219ab547aa65c82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561076
x-accel-date: 1681810416
content-length: 13420
x-77-nzt: AcO1qhEZ6mH/9NpUAA
x-accel-expires: @1713346416
last-modified: Fri, 17 Mar 2023 20:01:37 GMT
server: CDN77-Turbo
etag: "6414c721-346c"
x-77-nzt-ray: 4c156224557790c5e43e9364ac18db31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hosmerim-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/10/ Frame 473A 9 KB
10 KB 39ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/10/hosmerim-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 42957ef601fd013119bccbb5d1a6a656f89851c80a3e5a1482315b87251f53be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5560492
x-accel-date: 1681811000
content-length: 9683
x-77-nzt: AcO1qhGe5Fr/rNhUAA
x-accel-expires: @1713347000
last-modified: Tue, 04 Oct 2022 22:04:12 GMT
server: CDN77-Turbo
etag: "633caddc-25d3"
x-77-nzt-ray: 4c156224557790c5e43e93642c11dd31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yalanci-cezerye-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/03/ Frame 473A 15 KB
16 KB 39ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/03/yalanci-cezerye-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dad1692887061cb942576328b5127f62da25c508422e4ed34262bde21f957708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5560496
x-accel-date: 1681810996
content-length: 15823
x-77-nzt: AcO1qhEx8mX/sNhUAA
x-accel-expires: @1713346996
last-modified: Sat, 05 Mar 2022 22:59:05 GMT
server: CDN77-Turbo
etag: "6223eb39-3dcf"
x-77-nzt-ray: 4c156224557790c5e43e9364d2a4de31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 carkifelek-tatlisi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame 473A 13 KB
14 KB 39ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/carkifelek-tatlisi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4ada1ab36d79498691a5e1f161485d0aefa6f6611160e9183963d67e977a7690

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5561463
x-accel-date: 1681810029
content-length: 13755
x-77-nzt: AcO1qhHHi9v/d9xUAA
x-accel-expires: @1713346029
last-modified: Fri, 07 Apr 2023 22:48:19 GMT
server: CDN77-Turbo
etag: "64309db3-35bb"
x-77-nzt-ray: 4c156224557790c5e43e9364b98de031
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kremali-cilekli-tart-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ Frame 473A 16 KB
16 KB 39ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/04/kremali-cilekli-tart-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5a350f676b9e830d9ff457f61ecaa1f23f902f0888f1856bfd7186fb28011557

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3132850
x-accel-date: 1684238642
content-length: 16044
x-77-nzt: AcO1qhH76Db/ss0vAA
x-accel-expires: @1715774642
last-modified: Wed, 01 May 2019 22:40:15 GMT
server: CDN77-Turbo
etag: "5cca204f-3eac"
x-77-nzt-ray: 4c156224557790c5e43e93649180e231
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kabartma-tozlu-omlet-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/10/ Frame 473A 15 KB
15 KB 39ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/10/kabartma-tozlu-omlet-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 16c7b8b533b32046de7ecf38b4cf274ceb592b3240a3ee4474943b41e953a874

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5558972
x-accel-date: 1681812520
content-length: 15242
x-77-nzt: AcO1qhEdB7v/vNJUAA
x-accel-expires: @1713348520
last-modified: Wed, 13 Oct 2021 21:54:43 GMT
server: CDN77-Turbo
etag: "616755a3-3b8a"
x-77-nzt-ray: 4c156224557790c5e43e9364531ce531
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kahvaltilik-tuzlu-kek-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/03/ Frame 473A 15 KB
15 KB 39ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/03/kahvaltilik-tuzlu-kek-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0b2d8fd4a6161ad906bafc22e940f877457b9204dea59e49d2d2c1f170919696

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5560270
x-accel-date: 1681811222
content-length: 15152
x-77-nzt: AcO1qhEmeJf/ztdUAA
x-accel-expires: @1713347222
last-modified: Fri, 18 Mar 2022 22:42:13 GMT
server: CDN77-Turbo
etag: "62350ac5-3b30"
x-77-nzt-ray: 4c156224557790c5e43e9364e28fe731
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavada-misir-ekmegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame 473A 11 KB
12 KB 39ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/tavada-misir-ekmegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e0af3bcc630cabf949c3027d9f025e361b5951dc903d6b3a1edd3925b608f231

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5560463
x-accel-date: 1681811029
content-length: 11638
x-77-nzt: AcO1qhFOOaT/j9hUAA
x-accel-expires: @1713347029
last-modified: Fri, 05 Mar 2021 23:02:20 GMT
server: CDN77-Turbo
etag: "6042b87c-2d76"
x-77-nzt-ray: 4c156224557790c5e43e9364cf69e931
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-yogurtlu-ekmek-pizzasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame 473A 15 KB
15 KB 39ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/firinda-yogurtlu-ekmek-pizzasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: eba2bad63eb3b81e948f61dfa0aa09d221c44ae7d66047fde64fcea8bbc96412

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5559330
x-accel-date: 1681812162
content-length: 15319
x-77-nzt: AcO1qhG9Nxr/ItRUAA
x-accel-expires: @1713348162
last-modified: Sun, 27 Dec 2020 23:15:39 GMT
server: CDN77-Turbo
etag: "5fe9159b-3bd7"
x-77-nzt-ray: 4c156224557790c5e43e9364a005eb31
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 473A 5 KB
6 KB 74ms
15ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:12 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1687371492.cds314.am5.hn,1687371492.cds292.am5.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 473A 56 B
361 B 82ms
12ms Script
text/javascript 72.246.168.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.246.168.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a72-246-168-124.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Jun 2023 18:18:12 GMT
server: Oracle API Gateway
opc-request-id: /4F2F9C8AB21F01AD1B3F3CC1EFA04872/2051E289979B10DDBA80E0E5CEC3BEFC
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 473A 465 B
585 B 76ms
17ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:12 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1687371492.cds314.am5.hn,1687371492.cds214.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 473A 75 KB
26 KB 384ms
49ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 704a70e745cff94e4cc43046e5918dceace2f1234b2e0b4b8f4df872f9e574f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 07:42:53 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 473A 3 KB
2 KB 32ms
8ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

18260dc8dc16f99903631522e2ba967455d572108de3f0c677dfc43131630451

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Jun 2023 18:18:12 GMT
content-md5: 1uVXbK4GxMvjcmggThu7ew==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-debug: sEcjtBuT9NOi1dVz+Z1WwGpK3hdYtMqKGfAYcMzsjGQtkOGoj1+VtC7cvfUMroaoLk82SlvaW5ETz1eyYLs74A==
x-fb-trip-id: 1679558926
x-fb-content-md5: 44257414b5df1c314db6b5a81535fcc0
cross-origin-opener-policy: same-origin-allow-popups
etag: "668b9aff99fb401db0f2a511f47bb48e"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:37:03 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 473A 21 KB
21 KB 36ms
35ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 18:18:12 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5562039
x-accel-date: 1681809453
content-length: 21525
x-77-nzt: AcO1qhG3WK3/t95UAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 4c156224557790c5e43e936459c4ec31
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 473A 307 KB
87 KB 25ms
9ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=350f08a0d6b34f2fabcd97bc71411b47

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1fcd17fc2a42eb16185e2f5e4b7e93be06351b4c051d25332acb73758c565bab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Jun 2023 18:18:12 GMT
content-md5: R6bSQZUXsmWCavpd0B+o+w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88817
x-fb-debug: HBx0VtLd8Mv4JaPZRPl+4x25l5lHQsW0nE1WYr+Bwr0Nes14T5DMj6MSy+Igv2RTtVMUspZuBjfjXsR2N52Mxw==
x-fb-content-md5: 7b50751f2910f12d0b9f98b59e20fb42
cross-origin-opener-policy: same-origin-allow-popups
etag: "4f727a5f23a842ca8fae66d71fe97ff8"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 20 Jun 2024 18:17:03 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 473A 52 KB
21 KB 127ms
38ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Jun 2023 16:35:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6170
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 21 Jun 2023 18:35:22 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 473A 77 KB
26 KB 234ms
142ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76d65574289f862740c28c1532cdc2ed68d13d532aafbbd1ed764703f526a078

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26436
x-xss-protection: 0
server: cafe
etag: 677 / 19529 / m202306140101 / config-hash: 13361936451535775382
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:13 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 473A 120 B
306 B 46ms
46ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame 3F6B 891 B
1 KB 51ms
51ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Wed, 21 Jun 2023 18:18:13 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 473A 138 KB
47 KB 194ms
101ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e4d53cad654575a4462422bc00255a7d228a2fbc163691982db7a506c0a701d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48055
x-xss-protection: 0
server: cafe
etag: 18100319354529987832
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:13 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 473A 489 KB
182 KB 52ms
51ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 473A 236 KB
58 KB 37ms
8ms Script
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:00:18 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront), 1.1 69cc5dd318e02cb1a7e8cb9951f553d8.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jun 2023 18:14:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P3
age: 1076
etag: W/"9352f20e556bff9fea6fd0461aac850d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: zSGI4pf7YK585tAfBAVeoF-KPShvca3_bTl8Qt7JJ2sEjdTZxwHDow==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 473A 37 KB
7 KB 449ms
106ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1687371493256&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.42825371555691083
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 49d93b68b0ddde1d793f88463efa0304075fe8e1c487d224d2472714853cb98f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 473A 12 KB
2 KB 46ms
46ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19529
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 473A 50 KB
5 KB 398ms
58ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468714
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d6a2996a3bc075d168368e0ad02d3e6c0793e1547693c5ab021189872209869a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 473A 0
305 B 9ms
8ms XHR
text/plain 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 15:46:19 GMT
via: 1.1 69cc5dd318e02cb1a7e8cb9951f553d8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 9113
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: _4-WJ-izbVC0suHatSvBfHOOTop4xLn00WckX6oFanCvbo7WaOsuZg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 473A 6 KB
3 KB 25ms
9ms XHR
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding: gzip
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
date: Wed, 21 Jun 2023 06:32:15 GMT
x-amz-cf-pop: FRA56-P3
age: 53256
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 26 May 2023 01:35:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: u-0pvOo-j3urRlf-xRwGT4snZcZfESkT2-wqbE2ZQ2vgc2ywm49Xtg==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306160401/ Frame 473A 355 KB
119 KB 191ms
112ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306160401/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075468

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af3dab84f0ebb621020554e0ba42f2bb6d44dbb753fd15a0a379ed1eb0d6e524

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121488
x-xss-protection: 0
server: cafe
etag: 1510365379298536310
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:13 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230615/r20190131/ Frame E841 10 KB
5 KB 121ms
37ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230615/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 73862
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 21:47:11 GMT
etag: 15057649708203361565
expires: Tue, 04 Jul 2023 21:47:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/ Frame 473A 408 KB
126 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b70d8eb19ca32d244e29e759e816c343be893232978532c9d5943f838e60e0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 11:36:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24109
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129045
x-xss-protection: 0
server: cafe
etag: 16806126990728334555
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 20 Jun 2024 11:36:24 GMT

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 473A 10 KB
3 KB 46ms
46ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 473A 23 B
459 B 372ms
338ms XHR
text/javascript 13.32.119.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=5gyuRgW1cUTmf&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15336621728129623web_yemeknet_masthead%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_masthead%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.119.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-119-77.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: A2QM75HTER02HC7HZXZQ
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: D-uR4ok9zNXZK_4elky9nkWXhz_OPHNjCrlGthEglle_P3w5X15yxQ==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 473A 11 KB
5 KB 47ms
46ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468714
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 473A 17 KB
5 KB 67ms
14ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19529
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 17:18:36 GMT
content-encoding: gzip
age: 3577
x-guploader-uploadid: ADPycdtV9BAlRhNJMlwW9pr53i9_Gr9OqY3xE4EByIkTle2QDqZFm99ZMKC38N2qmc_vt0bkRGuWCkyiPfy6AjLJkyzBCH5d7_T-
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 473A 0
209 B 47ms
47ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687371493715&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.669762658628507
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:13 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 473A 107 B
456 B 131ms
44ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 473A 27 KB
11 KB 409ms
409ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1579024527047855&correlator=3037984022320378&eid=31074948%2C21065725&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687371493256%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet71e134b9-14f3-4e8c-9ce0-6167885a39a1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet71e134b914f34e8c9ce06167885a39a1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687371493748&lmt=1687371493&dlt=1687371492453&idt=1205&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ezt7appo7kwp&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aafd932c0cbef5ed1ccb1bb8c831e8ed6bdcb98a43efbcd2a66b13a23cdf2add

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11628
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583933
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D666 6 KB
3 KB 161ms
46ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:13 GMT
expires: Thu, 20 Jun 2024 18:18:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 473A 7 KB
3 KB 321ms
45ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19529
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Wed, 28 Jun 2023 18:18:14 GMT

GET
H2 200 zoneview
ng.virgul.com/ Frame 473A 0
209 B 46ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687371493788&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.45628779716928003
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:13 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame C89E 13 B
257 B 81ms
25ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Wed, 21 Jun 2023 18:18:13 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EB19 603 B
218 B 178ms
178ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687371493514&bpp=3&bdt=1061&idt=345&shv=r20230615&mjsv=m202306160401&ptt=9&saldr=aa&nras=1&correlator=6942882967528&frm=24&ife=1&pv=2&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759842%2C44759876%2C31075468%2C42532269%2C44788442%2C21065725&oid=2&pvsid=1579024527047855&tmod=1182908093&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.v1upmxx92am6&fsb=1&dtd=357

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306160401/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075468

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 473A 361 KB
121 KB 135ms
47ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19529

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 473A 398 KB
128 KB 49ms
49ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/21/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19529
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Wed, 28 Jun 2023 18:18:14 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 473A 107 B
165 B 44ms
44ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 473A 23 KB
11 KB 458ms
458ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1579024527047855&correlator=3422781750581233&eid=31074948%2C21065725&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=3&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687371493256%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet71e134b9-14f3-4e8c-9ce0-6167885a39a1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet71e134b914f34e8c9ce06167885a39a1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687371494124&lmt=1687371494&dlt=1687371492453&idt=1205&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ga707nwkwz1k&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3bd4256e24644470c1507a005b41ab30b7c9c0e2460c57fb294a76061f63f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10876
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 473A 23 KB
11 KB 478ms
477ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1579024527047855&correlator=641095890125037&eid=31074948%2C21065725&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=4&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687371493256%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet71e134b9-14f3-4e8c-9ce0-6167885a39a1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet71e134b914f34e8c9ce06167885a39a1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687371494127&lmt=1687371494&dlt=1687371492453&idt=1205&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=6oyub2nrevzz&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

753efabef73a07a700ba8c82dc7c1098baf31aaad0f8ac476c98cc2cc74506f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11028
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 473A 23 KB
11 KB 872ms
872ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1579024527047855&correlator=2017131701538615&eid=31074948%2C21065725&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=5&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687371493256%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet71e134b9-14f3-4e8c-9ce0-6167885a39a1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet71e134b914f34e8c9ce06167885a39a1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687371494131&lmt=1687371494&dlt=1687371492453&idt=1205&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=r16ivsnp3368&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1d01474eae883861e56002864fb1d8b1e5edfa274e73a50e56654f96d0c679d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11207
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 473A 23 KB
11 KB 444ms
444ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1579024527047855&correlator=44933224559753&eid=31074948%2C21065725&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%7C300x250%7C468x60%7C250x250%7C200x200%7C160x160%7C640x205&fluid=height&ifi=6&adks=3050045420&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687371493256%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet71e134b9-14f3-4e8c-9ce0-6167885a39a1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet71e134b914f34e8c9ce06167885a39a1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687371494133&lmt=1687371494&dlt=1687371492453&idt=1205&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=s43b37mi7aa4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=996x0&msz=996x0&fws=388&ohw=1600&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0321c1e3db4074eb2e01d603cd6b2de37a5c73e5b87fdb30c6fad653a9d6cbfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11141
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 473A 112 KB
41 KB 893ms
891ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1579024527047855&correlator=2798096084802996&eid=31074948%2C21065725&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687371493256%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet71e134b9-14f3-4e8c-9ce0-6167885a39a1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet71e134b914f34e8c9ce06167885a39a1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687371494136&lmt=1687371494&dlt=1687371492453&idt=1205&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=seuuat9gdj59&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab400f5a211f612039eb6dfec40978bdcf37d4f0cee4b0343033cb6d782f90d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41454
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 473A 23 KB
11 KB 489ms
488ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1579024527047855&correlator=1250926863280965&eid=31074948%2C21065725&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=8&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687371493256%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet71e134b9-14f3-4e8c-9ce0-6167885a39a1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet71e134b914f34e8c9ce06167885a39a1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687371494139&lmt=1687371494&dlt=1687371492453&idt=1205&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=g7j0e5v1w2jx&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f466d57e24e570ed50999ffc06b6ab3a0be9fc96a14496b1cdafd9071e11de2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11267
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CE94 6 KB
3 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:13 GMT
expires: Thu, 20 Jun 2024 18:18:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame CE94 24 KB
7 KB 129ms
39ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:25:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 535958
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 14 Jun 2024 13:25:36 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CE94 138 KB
47 KB 92ms
91ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fb192ee9f4113cb388d1d230d447ddf19e841c6486cfe8b084af7572ffff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Origin: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48206
x-xss-protection: 0
server: cafe
etag: 10264981780992234573
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CE94 178 KB
56 KB 152ms
62ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90980421e3762accc4e39e6d786c4fbf9cfc9b1e6bfc4a02550ef3fbbfc585f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57058
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687274360908795"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CE94 0
0 76ms
76ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsttMmraEdElcGnI2qsrNmmKnFG_3ntqkUC58MMvZT2HnSOiC-eRtdIqE1NIFxBPwfe9kcjwYkuPz0ay_ZVZ3yUYiedMfJAQaA5CZo6cUOtJZu_LmcIcdR5oe8PixXxCSjjoAcVvvS5hwwTLX2bOKOO--MFR2QIvcca0n-OUX-VE8ZClzcah3AlKTgNJLbl569rRs08gwU3Mm29LPczdjscJ7XeAXJMxWWbixUPc65m98xQCY3anfzcyjOVu1eD9BfoSyxChwK2C6PJrYgGmot6zMRGt6mndfcSQrAmmry93es7_hhkJ9UGMKxnHP73GZmWxqEBKuxRVcDKFxKgo72Pc0NwPhZtgFqIo_2DqUyqWDWszkcZcC8TBmw&sai=AMfl-YRvTsytjbT5hdQItJYmRCUZ8aURrLRCR7JK--Zw1-FVaFQTCUsuaGTJVEKIfDMobFoujehVpSy44iJwW23zrjjzJU35Te4zMHwF_NJ9qmg&sig=Cg0ArKJSzPJyTs0d6zz4EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306160901/ Frame CE94 356 KB
119 KB 105ms
104ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306160901/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com&bust=31075473

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28af08d8ab914af2c5165d53ea62e2f19b6f2d969b790073e6723bfdd2ec87fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122032
x-xss-protection: 0
server: cafe
etag: 11212633741693870648
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
DATA 200
OK truncated
/ Frame CE94 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90a50eb981a4e8530d8ec3ea334dc774448c5e0b7faf3f37cd64bc7674bd371

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F934 6 KB
3 KB 41ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:13 GMT
expires: Thu, 20 Jun 2024 18:18:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5ed7638be4b07a92411bbffe
ng2.virgul.com/tck/imp/ Frame 473A 0
209 B 146ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7638be4b07a92411bbffe?g=1&t=gb&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687371493256&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:14 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 container.html Show response
ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3875 6 KB
3 KB 38ms
38ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:13 GMT
expires: Thu, 20 Jun 2024 18:18:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame CE94 107 B
122 B 48ms
47ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306160901/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com&bust=31075473

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 491D 0
16 B 391ms
390ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687371494374&bpp=8&bdt=156&idt=293&shv=r20230615&mjsv=m202306160901&ptt=9&saldr=aa&nras=1&correlator=7328782076432&frm=8&ife=1&pv=2&ga_vid=993773248.1687371495&ga_sid=1687371495&ga_hid=1760922722&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3833444451&scr_x=-12245933&scr_y=-12245933&eid=31075053%2C44759875%2C44759837%2C44759926%2C31075473%2C44785292%2C44788441&oid=2&pvsid=3826711246027727&tmod=2013439735&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.6o5m092zp32i&fsb=1&dtd=308

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 078A 6 KB
3 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:13 GMT
expires: Thu, 20 Jun 2024 18:18:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EE50 6 KB
3 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:13 GMT
expires: Thu, 20 Jun 2024 18:18:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D1CB 436 B
232 B 440ms
440ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687371494382&bpp=2&bdt=164&idt=335&shv=r20230615&mjsv=m202306160901&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7328782076432&frm=8&ife=1&pv=1&ga_vid=993773248.1687371495&ga_sid=1687371495&ga_hid=1760922722&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3833444451&scr_x=-12245933&scr_y=-12245933&eid=31075053%2C44759875%2C44759837%2C44759926%2C31075473%2C44785292%2C44788441&oid=2&pvsid=3826711246027727&tmod=2013439735&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.9qsyhacn8ayo&fsb=1&dtd=338

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114499ed68c9cdf734ef7400fbf244eb4229e6f581e1905762a6b7553bba1f0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 11F0 624 B
242 B 79ms
75ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjH07LlATAB&v=APEucNXVpv8xYKmnJfi5WdSyD_QM6KrH5jscaMOQrlU54_nFEmJ5h44UQ5o9apLB8QsZFVFkIW6AbBwWzGCUGcDFMQrctylStoESfhv6Ul6RtKAd_2Zx9_oF12fYVh8T9pOV1Gd2zcg9l1euA2qTvDgajAhRRapes1A1wZVPg1i8lAxwSjSVbD0

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F934 78 KB
27 KB 114ms
113ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F934 42 B
63 B 75ms
72ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ADaYa6ouUYmGSzl1aS8RJLEaE_y75Hc_d2kPSWxEtvSJuBUFOdh42nd-cT2aiBplON00UHxygh8YXnaRISIzp5-_lwCqPNEt6S5-1ONWf5gskbO6E

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F934 0
20 B 76ms
73ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11182830353131389771&x=1&ct=76

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame F934 3 KB
1 KB 52ms
43ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28077
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 10:30:17 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame F934 19 KB
8 KB 46ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 16:10:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7638
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 16:10:56 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F934 0
0 142ms
47ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSoYPKhXwanO2qo9e15e6fzcYc68ngmBl_vxHEmRtkzj3NaKRtNmfLCH-HPFiWvbusiVV6lZeweY_MIB0UOoXpfnERklA
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F934 178 KB
56 KB 68ms
59ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90980421e3762accc4e39e6d786c4fbf9cfc9b1e6bfc4a02550ef3fbbfc585f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57058
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687274360908795"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9ECD 624 B
242 B 84ms
77ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNUSxBx_zAGRLkpZ_vYA1sHOHe5oksJxnXJFoFEbpf8MyvpDX2oCNtdooCTyvKUGtsGdRSGKw1N7hz9sk294WO3pm_gDtLhCxdXgmF-A7teHi-i4g9yL7E5ew-MrT6icy3cRqNGdSN7I1kEvpP93nxiEo4UADfSXstheZxzsGzgmeuI9-N8

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3875 78 KB
27 KB 157ms
152ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3875 42 B
63 B 77ms
72ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B1jCP2Hmfd2lr8rDh_CCyhdrvEIcv7KP1iv-J1vX_yy7Q1lPtfWU8bgCL48T6SsFJzijfFAl_vr_ECKrNGKjivAbn8s6ZWwYJ42gMiLxAqsrCuWw4

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3875 0
20 B 78ms
73ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3704984583653351614&x=1&ct=76

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 3875 3 KB
1 KB 55ms
50ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28077
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 10:30:17 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 3875 19 KB
8 KB 49ms
45ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 16:10:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7638
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 16:10:56 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3875 0
0 132ms
45ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQlEsTvl7PRs0j6EPfxO4fVdSljcD-I8YErHsrc9LGUJ_QLg6ykbAZQ-KMv0p6-E8XjB-g2-OTLD-9ufx7LiVZq7ZCQgg
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3875 178 KB
56 KB 137ms
135ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90980421e3762accc4e39e6d786c4fbf9cfc9b1e6bfc4a02550ef3fbbfc585f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57058
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687274360908795"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DDFB 640 B
262 B 82ms
80ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYvZ2e3wEwAQ&v=APEucNW6cax8NZAlX1oxP5D3OfCuORO2sxjurdGli6w40JQLXVlfY2pfyLcrfAf1Qn9IfK8605XGaJHVtkdFf-6K9HwojXYq4rDdyF4MW1BNllJKUxpbVfqP1DoUUqLEAfu_9XaF-95oJyItmuqy1r47JgalzQqnsbCePi0565ocosk05_4u1lA

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 078A 78 KB
27 KB 145ms
144ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 078A 42 B
63 B 73ms
72ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C3Xs8teU14MUMNf1nAHH-cHFTxrWnV55E0GkiTcVYl5RyECfB-CzsmNPrItXY7o1ZMpmn4OuA4yXCDeEes_TK-C3dCeHUaMvEpzkaCPXhTyjBvVWI

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 078A 0
20 B 72ms
71ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=18335770602875573555&x=1&ct=76

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 078A 3 KB
1 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28077
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 10:30:17 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 078A 19 KB
8 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 16:10:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7638
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 16:10:56 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 078A 0
0 117ms
48ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT0IoPVIR6Ck2653MbmxvJjJTsmvxQ1AcuGpwxUAKyvbxVkFISL8cErWnFou-w0foqY6IEQH43FLubjojnbFi-gBnkFLg
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 078A 178 KB
56 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90980421e3762accc4e39e6d786c4fbf9cfc9b1e6bfc4a02550ef3fbbfc585f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57058
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687274360908795"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 60BE 640 B
262 B 79ms
78ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNVaVq9Mi06-wtNe3vTiLwi6DdaXOW2Ry6qysQj31PVuLL1BTp9jXX4GDr-s0izdqlc8e8uBUpAB1RMBr8sfxj9bD1sATpfKObxmw64xw4PasqQBkrGBr2fyPtlUJWCT0BJVdbOaiTcIvUzq-OFGBrSvtbFo6Vd5mDe7Kp0P3Ai1UlHkqNo

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EE50 78 KB
27 KB 137ms
136ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE50 42 B
63 B 72ms
71ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AiMyG_uGH7vqIAlsklI3nVOhKRxgCA08ZBbBFagxIXMquDGVokepQxvl2Ll20b-R9GGH4CdZvULohm0zlI-vLUecJZvzVWPClw8FvHcB1Q1kO62J0

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE50 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15420849320084080503&x=1&ct=76

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame EE50 3 KB
1 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28077
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 10:30:17 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame EE50 19 KB
8 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 16:10:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7638
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 16:10:56 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame EE50 0
0 112ms
46ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRL0WyUXxOAeVFfa808YZT5O2X26NSO4rAbWTeVhy9rod6bjFyrAbFpG6gYZ9hBFCVvmNW7FzfxOSQiGfKW7YvkQAubAA
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EE50 178 KB
56 KB 92ms
92ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90980421e3762accc4e39e6d786c4fbf9cfc9b1e6bfc4a02550ef3fbbfc585f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57058
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687274360908795"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 11F0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1

43 B
766 B

12ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjH07LlATAB&v=APEucNXVpv8xYKmnJfi5WdSyD_QM6KrH5jscaMOQrlU54_nFEmJ5h44UQ5o9apLB8QsZFVFkIW6AbBwWzGCUGcDFMQrctylStoESfhv6Ul6RtKAd_2Zx9_oF12fYVh8T9pOV1Gd2zcg9l1euA2qTvDgajAhRRapes1A1wZVPg1i8lAxwSjSVbD0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:14 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 11F0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJM.5kTZvP6SkGsr3.152QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1&google_hm=2

43 B
632 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjH07LlATAB&v=APEucNXVpv8xYKmnJfi5WdSyD_QM6KrH5jscaMOQrlU54_nFEmJ5h44UQ5o9apLB8QsZFVFkIW6AbBwWzGCUGcDFMQrctylStoESfhv6Ul6RtKAd_2Zx9_oF12fYVh8T9pOV1Gd2zcg9l1euA2qTvDgajAhRRapes1A1wZVPg1i8lAxwSjSVbD0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:15 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 11F0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEE24MVZky-r5u5AKL3jvpD4&google_cver=1

43 B
1 KB

7ms
7ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEE24MVZky-r5u5AKL3jvpD4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjH07LlATAB&v=APEucNXVpv8xYKmnJfi5WdSyD_QM6KrH5jscaMOQrlU54_nFEmJ5h44UQ5o9apLB8QsZFVFkIW6AbBwWzGCUGcDFMQrctylStoESfhv6Ul6RtKAd_2Zx9_oF12fYVh8T9pOV1Gd2zcg9l1euA2qTvDgajAhRRapes1A1wZVPg1i8lAxwSjSVbD0

Protocol

HTTP/1.1

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:15 GMT
AN-X-Request-Uuid: 0062a05d-8e41-4ec1-b474-6937e0b67bc4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.171; 185.213.155.171; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEE24MVZky-r5u5AKL3jvpD4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 11F0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D

170 B
232 B

107ms
107ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 21 Jun 2023 18:18:14 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.171; 185.213.155.171; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: ae8c3f56-3af4-4ac2-9194-6383e2fc620e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9ECD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1

43 B
766 B

11ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNUSxBx_zAGRLkpZ_vYA1sHOHe5oksJxnXJFoFEbpf8MyvpDX2oCNtdooCTyvKUGtsGdRSGKw1N7hz9sk294WO3pm_gDtLhCxdXgmF-A7teHi-i4g9yL7E5ew-MrT6icy3cRqNGdSN7I1kEvpP93nxiEo4UADfSXstheZxzsGzgmeuI9-N8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:15 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9ECD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJM.5kTZvP6SkGsr3.152QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1&google_hm=2

43 B
632 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNUSxBx_zAGRLkpZ_vYA1sHOHe5oksJxnXJFoFEbpf8MyvpDX2oCNtdooCTyvKUGtsGdRSGKw1N7hz9sk294WO3pm_gDtLhCxdXgmF-A7teHi-i4g9yL7E5ew-MrT6icy3cRqNGdSN7I1kEvpP93nxiEo4UADfSXstheZxzsGzgmeuI9-N8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:15 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK31u2Wsgaab02GX_x1ivdc&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 9ECD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEE24MVZky-r5u5AKL3jvpD4&google_cver=1

43 B
1 KB

7ms
7ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEE24MVZky-r5u5AKL3jvpD4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNUSxBx_zAGRLkpZ_vYA1sHOHe5oksJxnXJFoFEbpf8MyvpDX2oCNtdooCTyvKUGtsGdRSGKw1N7hz9sk294WO3pm_gDtLhCxdXgmF-A7teHi-i4g9yL7E5ew-MrT6icy3cRqNGdSN7I1kEvpP93nxiEo4UADfSXstheZxzsGzgmeuI9-N8

Protocol

HTTP/1.1

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:15 GMT
AN-X-Request-Uuid: 8ea67ae8-16d4-4f39-95b0-70c915b57dfc
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.171; 185.213.155.171; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEE24MVZky-r5u5AKL3jvpD4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9ECD
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D

170 B
243 B

97ms
97ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 21 Jun 2023 18:18:14 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.171; 185.213.155.171; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 21aadf88-e4d1-48ab-b2ec-68a6502c05fd
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame DDFB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMkVlvz-aIRbrFaQ7vefaZw&google_cver=1

43 B
105 B

104ms
104ms

Image
image/gif

34.98.64.218

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMkVlvz-aIRbrFaQ7vefaZw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYvZ2e3wEwAQ&v=APEucNW6cax8NZAlX1oxP5D3OfCuORO2sxjurdGli6w40JQLXVlfY2pfyLcrfAf1Qn9IfK8605XGaJHVtkdFf-6K9HwojXYq4rDdyF4MW1BNllJKUxpbVfqP1DoUUqLEAfu_9XaF-95oJyItmuqy1r47JgalzQqnsbCePi0565ocosk05_4u1lA
Protocol: H2
Server: 34.98.64.218 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMkVlvz-aIRbrFaQ7vefaZw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame DDFB 43 B
111 B 195ms
124ms Image
image/gif 34.98.64.218

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYvZ2e3wEwAQ&v=APEucNW6cax8NZAlX1oxP5D3OfCuORO2sxjurdGli6w40JQLXVlfY2pfyLcrfAf1Qn9IfK8605XGaJHVtkdFf-6K9HwojXYq4rDdyF4MW1BNllJKUxpbVfqP1DoUUqLEAfu_9XaF-95oJyItmuqy1r47JgalzQqnsbCePi0565ocosk05_4u1lA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame DDFB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEFv6e9ewnwpJ3wxECmNtnEo&google_cver=1

23 B
163 B

48ms
47ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEFv6e9ewnwpJ3wxECmNtnEo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYvZ2e3wEwAQ&v=APEucNW6cax8NZAlX1oxP5D3OfCuORO2sxjurdGli6w40JQLXVlfY2pfyLcrfAf1Qn9IfK8605XGaJHVtkdFf-6K9HwojXYq4rDdyF4MW1BNllJKUxpbVfqP1DoUUqLEAfu_9XaF-95oJyItmuqy1r47JgalzQqnsbCePi0565ocosk05_4u1lA
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Wed, 21 Jun 2023 18:18:15 GMT
pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEFv6e9ewnwpJ3wxECmNtnEo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame DDFB 23 B
163 B 156ms
87ms Image
image/gif 23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYvZ2e3wEwAQ&v=APEucNW6cax8NZAlX1oxP5D3OfCuORO2sxjurdGli6w40JQLXVlfY2pfyLcrfAf1Qn9IfK8605XGaJHVtkdFf-6K9HwojXYq4rDdyF4MW1BNllJKUxpbVfqP1DoUUqLEAfu_9XaF-95oJyItmuqy1r47JgalzQqnsbCePi0565ocosk05_4u1lA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Wed, 21 Jun 2023 18:18:15 GMT
pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 60BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMkVlvz-aIRbrFaQ7vefaZw&google_cver=1

43 B
97 B

131ms
130ms

Image
image/gif

34.98.64.218

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMkVlvz-aIRbrFaQ7vefaZw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNVaVq9Mi06-wtNe3vTiLwi6DdaXOW2Ry6qysQj31PVuLL1BTp9jXX4GDr-s0izdqlc8e8uBUpAB1RMBr8sfxj9bD1sATpfKObxmw64xw4PasqQBkrGBr2fyPtlUJWCT0BJVdbOaiTcIvUzq-OFGBrSvtbFo6Vd5mDe7Kp0P3Ai1UlHkqNo
Protocol: H2
Server: 34.98.64.218 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMkVlvz-aIRbrFaQ7vefaZw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 60BE 43 B
295 B 171ms
103ms Image
image/gif 34.98.64.218

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNVaVq9Mi06-wtNe3vTiLwi6DdaXOW2Ry6qysQj31PVuLL1BTp9jXX4GDr-s0izdqlc8e8uBUpAB1RMBr8sfxj9bD1sATpfKObxmw64xw4PasqQBkrGBr2fyPtlUJWCT0BJVdbOaiTcIvUzq-OFGBrSvtbFo6Vd5mDe7Kp0P3Ai1UlHkqNo
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 60BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEFv6e9ewnwpJ3wxECmNtnEo&google_cver=1

23 B
163 B

52ms
52ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEFv6e9ewnwpJ3wxECmNtnEo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNVaVq9Mi06-wtNe3vTiLwi6DdaXOW2Ry6qysQj31PVuLL1BTp9jXX4GDr-s0izdqlc8e8uBUpAB1RMBr8sfxj9bD1sATpfKObxmw64xw4PasqQBkrGBr2fyPtlUJWCT0BJVdbOaiTcIvUzq-OFGBrSvtbFo6Vd5mDe7Kp0P3Ai1UlHkqNo
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Wed, 21 Jun 2023 18:18:15 GMT
pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEFv6e9ewnwpJ3wxECmNtnEo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 60BE 23 B
163 B 109ms
40ms Image
image/gif 23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNVaVq9Mi06-wtNe3vTiLwi6DdaXOW2Ry6qysQj31PVuLL1BTp9jXX4GDr-s0izdqlc8e8uBUpAB1RMBr8sfxj9bD1sATpfKObxmw64xw4PasqQBkrGBr2fyPtlUJWCT0BJVdbOaiTcIvUzq-OFGBrSvtbFo6Vd5mDe7Kp0P3Ai1UlHkqNo
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Wed, 21 Jun 2023 18:18:14 GMT
pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F934 0
20 B 72ms
72ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3348390274759&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F934 0
20 B 73ms
71ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3348390274759&version=m202301230201&ct=76&x=1&cor=11182830353131389000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F934 87 KB
36 KB 95ms
86ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B6xHHPXVn-gOlxK9K7o2JZZAMM89nmHyDIqidKbLWDD365oYDyNliMHPhytxWgnhRXiPE9VJsMUkNmkIJjSSkOKH6KXVn8gGbT6g_40tPU9vGyfOD_qE3_fev70GrO53s1r21e4wf3klj__q005uKyqPDdo6p__6Dlk_6Wm0tU-Q3dT4M&dbm_d=AKAmf-CMOsB518n_k0ImVAB5rVvS35Kan0j6aMHPGrukdvTBjNOcDZZ0x5Upu2pj72Bdrz1qdg3XB_d3SyiW7jX9lmIyIgu-dlX2ETFCUhAZ-aHTV6mCBtLDesR1F-aKueFrGq88bbj4kZtPw_zABDAitoKvuyYN3ADSp-W0voQIh9agDqtl6SA7v4dPXO6UrlOrSRU_JwtfvRgsP5NAszuVMfuAUWeV6ztoOhckm0Hx7p1Z-lESq9wlaMfltH0onFTOXoYsEbGn0tHChPzkKOLKqQioG4LUb55Qv_7Qm9QirdsXu_lo1X9PA57NUxsJdk51qxTdtfK8gvAwB5JYY2eIlhOIfCs2hB8kp4n_HTKPZ4bX_RQcdnkgKYRjji9sHAAWJU5hzbPkJJ9FtJ2ybr4wtrUfOHyoC-P42jdioK93LJvkoQNzaCzBL3aUbvTGqip2eJZgKtIc9tzoKnH6zebUH-kys35nxQKo68-bvr0BRRNaINnL-d5Asu_jAlSb3TpJl_Ysna6G2RJVA9JwhCJjW5sKwqQY4X5K-uusNjbR2_LmHtPqpFH3uO2WIN84to-iEmN2vm56ckF8TkE4lYIQuzTUEfuqFgYMh9ZjFIsiJuFhY7eYF85FGlaRJL8-szc5_jQcaySi6FliiHHHpkQrS3TnFcAaMo86A0dlaUQ-lrHUyFMHAcAn5YNAeuWQ5lbo57vvnFhacLH90fCSe6UpbQagxP4miP6RyNRUVGwAteoyR1qI46K44Daajrr1p10CowuLKWbATRmfxvm9F5Pi-8v9ZB_t0BuoT8qZYn0EH7dBsF_BPHsl253-xdAwBC7V9GUKihoUMDq31TjFQpLB3MttTFFMEmIyBF0U13kuvrXpW6iWTMeRyyh8Z1GqXLx0a-H32NyFhFzUwAyq1ZEcOl9KROGX7nJLI2jSiEVW83wPr-mydumKfP71fxJpqcHfj476CfcktKdtCUd3OG2p-6hKqC0hllk5mOlrNO2eheSrqKTWWY-LcV_zLAuSGWKrxkiuO5gRSOJ-wWRfKIP6ECqcZM9h4aN56tR8mgkdS9bxjlsZ7YOXrjWIsfI0ne38uavHdOEjmws0YXScej_eg0vcCNgjC0q5q0n9zcDwcxPEKHJg_eK5JkNMMPzSIIZKwU3Thr7faibcNPJ9aWoExsjkyJn20Z9Tsqosalpg0HlT3zNYhDskV2-AnbLNrZl6A449RM9EUO1otKd6h6WLpDT9lrEAg83ulbY86XvSd68m8GgyLcVVQGlg6acdJ44pX5MlC8S9a9pRSk--txWjt6Az_ezxkDpOtVPJ3OtoGWFrJUdmaDk3MR4seXYFnvDfaguazws_qq7cNLNTCx0kLyVVGcx8tKK7wbniIHWFlZ5xovq7bJx6tn_OggB61NEYOmNDzPXrXFs7fCWeMNUwC12vvdlvVezbh5ryoVldrGjpV3k5FYE4wBFKoFjHHnbQ4j5Ga_0FplIvsG-Lx5acpHzaglABh8uLWMw_e8jTQffWN1J6Mv6n_ssixt1fQQRl5b6zv-B3l9C4hP_5ke3YahxxZ8lVRtk5FvjYnuYYu8QkkzaT0KWQ6jPGF8uCbYkOFwZ_GHn9QHIDQ7fSmflAmknhgPSuQtB64iHnGIYQxfDgh_cUrcdOd42lMEC3-tqEqptZSK9GXmFN5a0X7bmviZtOTrAzIiprkDOH9CrVln3Z2Q4PckoySjvobIwOMq-xZpu4tafWlrXXmS7FPEORzI2k-UQEhsgzsBcTIywMdLYoAh9BpHSHGDGgy9rt9eCA7od4VSvaX6gAAwl4gO18E9micYBGkw7z0kq-5zJeHWXR0HUyQgflOxqKPXqpy5SOJkacA2HmTaqgS7kHo9emC45CxqNZfCseUONOLGq20p3eBkdF2sEeLeuw5bNcE2xa8k_yCoAcHrE0bPJxAxrTFbIJaqzB6Z-DqGqPnZ2AgTihI_l1IXLkzFo0GzlK39HtgnzxJwv5njdK_-NcIL3YJSxSB00G4hLqxu-ga3QA1ZGhJuX_-ecN0Pvz5Mxp74UBLz7pUx-MYX9bR_Liqixm7iNaok3gE5Rh50QMs1NWXkkVLjfjxxvSW-Y6KdDElBRsQ6ezf454LamjS753L79sRwoHzGr-Hs0XeQeqhpVoHR-HDxUbDcm6h0KPWSvzGScGdh2B-y-xL8ur-RKrQVD41pkJgUePw3D28ic9MbHm10Uhq1183bcY-XzBVmnrlCKq4dvOAXsobqyZcOECobL3Oco3gdbDVsGOM8rHoXzBBAxAb8SlQa9GMSrOuuhX92H-LWw-6AitnOh2iuIvSAhv9JvyzjM9PLqJ8k3QEeO1OkLW2scIyGFBzNvv1ikYbyKW4KyrkynIZ8sOYezFsPMZPS7kUqsLAFQxOP0Lx1BbMiWv9phC-0eTLXwQjJKEC0stG_Au2DE5SATpmfxoKVyRmP6Cy9lGEr4Em6WR9N4RqXW2xC2AE1lvfMYqrVqOodSNzKOrTE6LSxfEG48j3800pjf8o23JOyQvGotgxs4S8bcsu43dxb3dTf88gTLfsRd5-cpW9EdkqS4oL_HdKA5s8gitg3TMJ9tgUFlRoprBWxlKraPnUP_k1JTXUr_76qL5WgeokYbEaCAPb1gPJ99nfbzjKs2UwhvPZRT6RkdIe8jOlcf97gSMP_IL-5epgUky_PNt6wCII5OGD2jzR3CPdC_O1jJxaOwA3RccEFeYb8vcLpmpbs9F6CdNdtP2RWc9_z8TjctkY-vzztSTlj2BxI2CjSU18NQk9sbub8IVAsiiT4e0VxMwbnxczRBzowlnP_IsD0z5MPpxNeMStQFJxt-Zj2PbGRmAxlTeX1yiNqjxyyRsZLQaBjLU3XOpkkt5jDRmlVCIT8W5nG1DFGp9aUK7TU4gyeBVDB1FrRuQYRLfugiuQ5_h2kjfYC6sbAgZiWAxmooKMVKnHWi_SJL0_qGp0PKZXg-Jzmn3BevCaasxs6zGeTxradUbSFtSg4nr9TQiohkPT7kXGkS6975ScFcsfrTTJFUNYcrE7AEOIsV-4iwCeCNb6Q_bzilFy3eDI8oG89R4PxaiCb8FOJ9sg8P5aE0cUINrY6099KE2b_i1t0n8Y1pPiidule_Gk-l0S8fbLOi5aA7XJxydDvqw90SfmDsdKTAxDz57Q9_6VLtXjLZsRW23PYl7vCNCF0hFZCElM93MIPoWEcWW5j1Ts8fwqGXQunlTniLQ4UFzHBuGFOfzD8xQy3-D0Hd0NJ0BKcJ1lQsQte_r35EOUxHkzLPW8Qeippt2xUd-CypS-K6rOc16cN9ZEFcHMtNixTnzDy6FzaHIW2stvdGLbTrBWvyqAw7ZmPY9cxrficy3ZQx8L400fFoLCNawfnLUcZE8hTVZpIDIsBKum7u1oMa_KTNo0t3TssMXY69yllNn-ssD0AT3TI4455f9NLQEvBXoywTX9OaErz2r-7LE4H1ZBMNagcTsN9T33qDMdTt1uCCOhrwE_2iFj2T5u1IFFUIhCYfYJq5kZUiSbyw99DUU7LoX70nQBidvdGQZt8vkR8AyXT7TPW931QxwK9-tTrYXc1I2KNTyew0jtdgaPi4ZosDV-5dlvQ&cid=CAQSOwBygQiDRN2sdc971cln06EbbmCxj-ejsRpJZAzs03h3VoB20e2DBj2A8McrQq6lmxVkiQ8DEnRS7Dd3GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=11182830353131389000&adk=3887872403&idt=121&cac=0&dtd=45

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

619a9ed8c728439b3f30fe45b5fb4b63ed7ed3ee796453ea760c953c0a8a3201

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36874
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3875 0
20 B 72ms
71ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3235154992696&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3875 0
20 B 72ms
72ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3235154992696&version=m202301230201&ct=76&x=1&cor=3704984583653351400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3875 87 KB
36 KB 98ms
98ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CiTKU8RHOaaXe1JUUaHUrqXJD_6ym-DRCByeGK0PN0i3Ho65mKk7CnXZ3peSi_p_OfY0pFf_b-Tit2nLoGQbBGtWcegAc_XLTGhxS1LEQEqC_0phdhDBLaaUjvhnB6PNYnMnCmrn69ET46qiX9vQYwBKGHchKfQWm_mbhsijAYNjADxiM&dbm_d=AKAmf-Aguq4n6iqiQ_ljwwASno5_K-y3ASZORiwj2wrgrDUIWNNgvLo4gsJ-PY3uUg-0QYOngw3hr5IbS5ww33b0bsBy5La147kuThwa1RVw7w6GXqchzwEgTuUkAVjEjkUkwBUbO62YG1RCZ4gyKdH-sz3wJqBHimAn6MwEE5HuoW35kwEie8jU3d1o-6HC573ODBqVVTK6TCNfj0-MHHcIcmnqoYCj1B2H4moUEZFBMM5_vvaTDmUkoM3LEHyeA0KwjOzKLCLIaGVQQvekiaqBUry07svlxwIlhN11__t2YeDuKZf7tqa05NhsQx_mUTbFddkYkIDmNgAHGwyPrqezPq7sN73t8XgTsbFcNf3vgxV3ggHKbGf0DQOmXjoOcmhJTT4JiP54dHqMzSq6njPwYOtRPqVSE__jyECaNvHdnyxSGuAVT5IQKhQt_AUCiZ01ExflZaRzBnE6x4398-XlBhinpUuI3U9Zs0Ma_pbTV9OsY_DRM1ePWA5YcKa15cuO8UAK5LAjDyDhhxt6_kqHzdRlsT_GszOZJ7oA4liawHvnEHhe9zM9NckjYCGbm2nUA5fDR4G_oJybkGr02awWMPSoZdxhupYC5NYYBQJylLvfQ63ZM4GJ21wTJJ5A02oEBsTjswkO1RHyhFKQyDLxPttzq3FSGwxs77p00_deAfNPj0GPHF9owVc36Mmo-fIk4Xh_lvyW-4D_Ezpk2lEyK7Uz6plwSJ0VajAn7Z9EtKwGa49MVwYEdb3O4Y9HF7vmJPvh9JDDwlKUhAzHQc71_2P5_aKheAqei4sAyPag5hmvncOvF_kr-ISRAVIyivG0sIS6YJyVrKh7xKLWqqlH1y60l4tHaAAcYZBxD5TVIAC0I4Ht9BxloTvdJu0xzENCDLlYYl2z0EdOfckSmkVkZ0Px_p06u_Y2UkdyDWtOoYpEFnV4BVNHpFdPCZ_0EdJ0ZUJFg9wXPTEl2ok1UxAT5sWM4fYYk9Vl4d6w87nSmeI87r8CLJ191vTRyxzCBg5CmKJX3BOIxjNcMMCKPQxBksHiCDI-jh1fPZep2g2DEpwrxXavnH8jvgH87k4A333vOP57nbzwI8tt6iPd3Llgjisc0OMHTKs37kiXJeE7EkuFuuIgBHhi-mMHS_96D9Wxwh1_3BAeH8nliSDRGEf5vfficx0qsWe1bht9DQdySlHGhrvmyWAOHcP4hKqEP0l8lJMdE40EDimG701TmFiiQkd7UQdT7yRRGBLqu_yiPBx5sfwTgOFiMP4r-xHmiw9y4JbriR3TVYWXj0UCqCKDpEdsmym8dduCavW-tZbtaYnCaq5w0OzhPoFggC7WktQWpP3XBEUrCHVrtkYxlnvSIREqIZNqxAXo3fwwAqNzNuu1rvt1Bipxq5gnyOW_fUdyKZYoeQz0tIZ3MwFf0H9HWRVYV5NT0TM8Jl9tKwsJOEi4F16G3lpVTQ8QuWnaWWbBSh7SAvw22R3l3M7SDg4Gj1Cyukje714lLz7JiNk8yKz9ekbTtb7N58E5VO5rOy9ArDeySMRtW9uLOTO-6O5m838e9I3drYpS5S983Aaw6kS89pvLfXfD6IgKmvnBjjJLDRyG523YQq4ntHcluJhVSojgIY3Udh1Eqih6cp8xvVdyhm4BS9iQAuSGmYHdqvICCS1Dn996iLic9jHlGSWVYAr4JgZvbf1uPHv7KWa1xiYxfnTdMlJoizOCyVXY0ZQW2xWfBKP5_ztlFFRWjM5pUxNc46cg8xtwVTdGhj9u_9f8YqfiJzGn_NRa02feyaxkDxDPhOH2nomDOSYM7SjE-ThuskEkWRocUewZYTzI2CzvxUWCecBnWE2QA5bqCfBH7snK1zgx2WkO5G1MnDha7TEv_1xvB35gW23qVGsIeKdF_P97Sk75goSH3PnBiY813I6TpRGyO3ECm7uPi6ptdgTPEr9qDQ48U3hdlMb5lcAax988NMSdQwTU3NlOwamSc7_zxRvthdKyctO3DW-LPzPjl6Pzhr77K_B0OAjZ-270y3t8hy31mZqtVe5UDg10XAFY7eA_1LmVBgxXn3Rrxd-x0Wm-MUytR5QJQO1RlM_zfbj7vn3SAH18wwaPrcrgL8vZl-0x_hQkWXjnmJC72X7MghpvcgEwcKfRoTZnistTAIQo--iTjlLv0454es9aYUF-dF59VpneZjunQCz_eRkP6suLsTGAhOkiPOs4Jt51z6AQTubpN4gV_10_hxGArxna_15Ms5UnVBTgoaq6jBpKl8vK7BQrOYqEuIo0Be_S77jMqS0_EIx0AU4USjySmqJSly98i39qOnttFTQnfp49NUEQgdHEt-YZIDrl7rWO13L5zKH8dCt-_HG1Z0V-sxWwrAjutftGXzZ-YW3Q3wI64CGh7bv8SpUU9E6zryYC_iKA8JHzdXKESZRb5tkLvK1xZd14S-MoxbuBzCmBLtLanowoPGPxqwyTXXFNJ-daoQCPHpTVeY_wOxw6EoGO9OhVN1NJss3m_-HQ_NUw7QqjbGJONh-czk3FGGJxcFw_bi04jTxjJDfZkUxmyUFBHtQLocYSzCn8w5YZjdrVNz_RsDxPpTbEyKabUFGYn2xvul2qAZW5QzE6ymxbqLhcId8212HH50lwSKzIiE8jK8MkOdjsjkHhbkN-3Q2-acrv_h9x_duQft3pgepRRa_T1vc83In7WdP5XTtEpZQ140duenfcU8uWDAxgo-OUtgvGzPbQ1pjgWQ4d60K2dB0H_o9Osv3O3vvmUSNqEGZ8RFpL8WVgx6p7_X8bOo_D_PdoRs7w8nAEkSoKz7BwFq6NzEkuxf-Bw5cGFwuxCKlmEyB3cJG_Bjsxgx8Of4KzWbVoJ6wzvpdPPfBOFa3n5vm6SPoxxZynnzS2I8jJhhfapoernNF0an9qbeeCZu_f_ZgGz9VUJ94tol7dY4hjM4ZQx_109loP-7XjWSJ7O8ztycmMUsxm1loJwbWbgnTO7-IfIZ59cWeufDncPZV6f916h2ngFFTFQOjdTwHh_OmBM1lS0GXdrGE-Dq_prBqhv_C2Z5XJ4JfSJBjlLYyzpjnzlB8AVKJsOfSKl5BuSjGkcYGnncN3v8VlSEtTeraNvfykVVQFpw-IbgioU-0jpx-eDggnKlllHNL7QziRBvJb_QXZijYr1mhRPkJeXxA2HNVvwUdb8IRWWmRP0JNh0owQRTBcuu_Sk4MxaemCMGY9saVp5DLuXxvTY-AJ8ofQgTHY833pvLI2jR8zpZmfLoe5Oej5upNg-NYK3SfbI5yoSFl0ESpTkXQq2psBGnXgYaAsYshrSIS9_cZBUHhiyyZVg3GYnXsoxU62Wu00vGUVkMs24RAYhg&cid=CAQSOwBygQiDkehJKdS_f6m9nFAvM5fk_hoqGwXXLBd9ovv-9zk7tELMBugt2U84CYQ--oc_CDHSlGGPbCWvGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=3704984583653351400&adk=1599433117&idt=172&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0868589a1cd281a24b6ffbfb487f717067c8e52c1a290fc7f87cee172fec2889

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36958
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE50 0
20 B 72ms
71ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=185318171594&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE50 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=185318171594&version=m202301230201&ct=76&x=1&cor=15420849320084080000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EE50 88 KB
36 KB 107ms
107ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BAWNEnDJwKkC5nvfbpuEKWYWUtI3mne8Jfkzj1nXMKcftZ2enYj_Od9J5Pju6PU2DOWKjrQkl9fPtx0sUTz4fafuJ_mJDBiJJjVczqK8g3_zKwG4FR4h2bNnnKjTPl9HbgleCbpKuNSGRxaLPvbKkKuXcSjha5UNR1U62Oa6OOkXILZc8&dbm_d=AKAmf-AnMHx1H66D-xGR_9b9w7eHuEk3FCA_XwFwGbb4d3sdP3EDZhRXz3GOj1Sya5M8jqk4ubZQV18VR9OKFUt289vygGzWp3vUWMlfubA6Ig_UI8eAVfwuYrO5Dk8hnlmyX3Ar_RQTJRvwkb3G0j8-i26lO80ez2jV8JPha6gvehtDSmEi5bnTMdRr_NKff7HcjFumdBFf8ZupPILG0nF7k6ETa56s1hmv3x3ws7cH6ang-oPjNqrVXAbW7-CjKkMiuTzP3VEkhVkh-MVKy6cfwUNxNlEnQ-5zcuRtjO7S-IsT2f6y8bHTqEuZkmms2w2dunIE_JpvwC04tSYA5xX9UeP9ZkiLS3p98smjtkVA_aMzv7JOBK2Cgj8V2np0i15yI1aPJXD4pbRp_AgX4dPZh3sz45GawpgRVThVjpSx7TmQzXpSAv6Va4opK2kJGZcdYNBqT6BXyfrwOfNMaat9C6EZUNc6hBEGVP9q3qR44O6qqSFMD-NsSjyNiRZOahS7Hp46ekdL5djZqiUCz9Gpaor8Wsu6F_PYgQZi2NeKyOI-O_EQTVvSUKgtzG9okBYMx-lLTyFA7QKyzXdDM8Q_Y-p9StzR1PdREzJvr-GINRVaQ2a_1I4s7nwCmljhcXgaJRRZ4BO6F55TZTQFYiLC_krfWPns_fZb8v_L8y36j4rOS3Nedjo5Wh8AeX_54TnkWkuNgdJyb9z6uEb1tMfCpEQtiz3y5hk9oTA7R5eVdlUuA9OSL2q__G8UCHHFf4Hz5GZ3aNzc266_mR0wt3YwSbXnnaeG9nud823iQl9tkdmlnJinBGfSFISbOz94flE0YcDOdLt4Kgo0oZE_d1jcMpdFv6FikzIhgAuBqIZJhb1kkEDLlowQ-SaIBVtMJboZmNBQoPzMbysntW8T0IA3o_Fa8K_NuH_tFlUgat0NXifzUIxqrYO0yN3oCGY7CydR6oen1Sco9sqI65dbyNSzAeQWdo2RwYAZFJUs2NoY7FDySzjIRXpbAbaFSw0uNUCQsHTLayGKrZsbHyYpgg0vNkmgVTyluxyCWM9rYMGCLWo_uAwJy3x2T_YjDRKuuiQwrwsICv1LHyXDVR33LfexBqCq0n-sC_a28OkJU2jzUr3JatxK3YbpBcbw4NAjLuG675f7T_j4qOxAUFIXpxlD16o8MFnDAz8M6lCfGalvKUBjqKC2klP4JDr_m-am4MbzNOprKNkFbhd9w2v1BicqyFdC2NbNtM32gnqGb1rHRPtZ0BffDjo4RPsYGa4098N3orOB-CAujc9U2LXnX-DALFNkp6xbvZ4RPpF-gB6ot7AAZE_Z7qAL0DxhCdyL1FS0GS9Jx2ivW99lzLjy0YRQToIf5CxfNTwepNCVTPGz-HlStxbJtkq5Xg2jWKnSp1Qw6_pZ_AAB5ONzY5ah6vSP-hFYYFjyAS09ZoDx1IaEqWMc8siBGuIPjvvSQt1fwKzD41OXNn0goIXxCeN2iY1m2Oadn1_72o5ehgSYuBIawgsiXfDkEDRvCVC9cM7Pgt_4D4u6_0krEAjMEvdufjdFwuO-lr3gs40ZM36IHMxw7JEJ6ihezKa9tHEO7lVjUKCU-ly5t05NEaDTOtOfPjh8nI_rFp89boNvUkG-RmK0OuxOceZvPaMASz1Og5JWMY7Z41Lyn3FGKNl97VlyYzhb-XYMbiIudqXId-kExVsh67soqaxYLQ1UxqksObs58y1SXM8HLlYgSqFAgUjREDXLgAT0_tUyAWWFXv12NW6mPWPdSiova3aEEb5Y9y_cpsVQudnnvltVqpGNim4qv-hSb1wfGUWJGVG3-d8d_mPjZ-2U7NvbHW4iJXtr1dhMixh1Gjku-I-KZTIaZsBJHvTy8YGhguYEbJ6-pjRX7fS-P8ltOtWa2iv_XGR-hgN7WqQrfmH-ZL9WHJ_R5JFq-P-eSWpmRPfTSYl2wtq7_f_zAhhV403ARcfaKc3wCFipy21cql7RpqN4PLHxildT_pE_qv7BA3OuR-5GtQNfV9gaDTCMcE-74q0MqFU4HNKKfcuZd-fCHwr79FJDe94aqwHXcBFqbkvX9mwFNkutZFSEwhzQBCja5Kyhnrna4p501Nyd1Lnmng09DHqHaOu0odF3WMHvb0jVys-_F4vdRN0qNJApZKnx6bMn2-3gAb8XQ0T0PcmbLrCGqjqMbntlXF70qWk66fONwVyr02QopNCdBWYExDFXwvpxAuVCJIeVPyFk-w-lMc3OYn2Rn5c_OOPXvGDW7gJiKHlTYkkpw0C8U9n1LXLgQ9KI8CGrt8PTd97zAJWUsaK_A5Is5qsO70f8paTpbRL8zTwPywdX-R89uH55-u6JDkAjbcn6PjpBnOZz0GaW9dnYQykw9gqJpZ_7nKJe2N0z4diw1ZpfXx56nXg5iy8MDnUhA9TaZzRIeMfBcWl2ux1DJDh0_5dL0K7YTU8aBltjxvF9-a5oYEf8-PiP5z_PvKf88DE1hc1F-76WPQjC2gEX2vkXv1xwMJQswUZiEoIHbuiUPxgkBBD9PNVgOIL4oHecbRAqDGSbPQ_U8LjK2G4gFRXU_xvjQUHN9UqJ6GnXplSPKb7GVAes046p8iL76TBRofZlEw2vhfMTLjOIWOUZwxiw3_pDcuqXpPveSCRrUAeeK7ruCQM6SGI-yR3AJbl7czcxEi5joW1JEi1JRqB2qqKOZelZIrtdG9ug_oGimEqJIkuwapnsUQo8SNhZqc5lMBSP77eL7GydG4DK507SsVkDLYFPBoS68Z3BqMzYDkYJAQH75IBLKVHqSerCStMzuy0lWEBzGWwizFpQ41FldU4wqtqNZ0PfdaazvNcyjbAXobhFOaS0OF-b6LWzCWMyuzzOhTCjV_qZNN-Tz7REDtG1YQaZnCfW5Au9UaACUCTxocZnC9qWY6OI0VVc-vVYIj1QDvTv9pDHksCGCs6W8RV1qQtPYTusT6_AOU5sAeOMlqNAp3oinKItZusl9Im_CrD51OcmIIbXQbTFAtWSaoa6KA7vXfB9B92AYMspF926Y6oEhdQk17RXrk5FIfXqrCREGGKdPv5QapRzyd-DZ7ZbpjYIOw8TNZZyBCztmQrJn7zh3vELLfePdpI1Z37ra6diwaej0RN90BoTyeYHOUfEW4KXqbpcJ2rtBu1uSIIJHjcTH7MifU0onFJ1dX_KVZ3vr4_28zvUDfJtWSeVprWRGu8sUDabqT2TmNCL4FifAu8TB3M7ckmpBvOHPuQ0i8m5lBFQ02CyNJRGFNWoHbO1nllsYUOWzwXRZiRDFBHo-7GYA7OWcuuMob7_InQe947oJ8k13bEyRNHkmRIpvmVE4C6M7U6dtNZus36Wd8BIgt1r0mNk_jc-2Kf0kiyKckSjIEsOIdvNbXLQCLT-&cid=CAQSOwBygQiD0ZGEYVvhzmPsxhxstxhmLGAO5RKycenU2aM5ifIjuEWs2RAooeomoe40kF4QeOFJOa_JZKGZGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=15420849320084080000&adk=212707235&idt=152&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfac102aeba2cde9ae1b7e53725e99ad00bf50da474b1927c92187564ff1b907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37082
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 078A 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8086946754322&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 078A 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8086946754322&version=m202301230201&ct=76&x=1&cor=18335770602875574000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 078A 86 KB
36 KB 115ms
115ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CMW-JnXXSq65zTPJ3PKmqdolJlGDLPMP5ydHw3jBGklcYqINXiziJFy1q3O4KKy7p8Ppf9PeSwCR4fhlNBS2FLSX3SlQ&cry=1&dbm_d=AKAmf-AO-B8ieslB2MtNO22ZOgkj6maiiVl8m1oGjZW7ItvSy-HPO-hh0lJjAJ5tnm6EII-dVgub6lbsbGaJvBxW-fglqc65HPz4M0w0R1HUztBcC79ojknEbzzkxGNnaaeXlSxkP2W7i0NC48X4Gb9iTZrrzU2T6kI1ZQ6GX6oSzdij_Sjl6seQi7wLADEJ01WJLTtemnBjzTkr-YGBxvmsQEIQW1lMdAQetu17BcOk70g4hmCrf3g-yD6_ioG-HE4bYGwdmeEcQaYs13jZNY_NLjo8_EThN5JgFXGk3Zia8GhrxLfUlaOm-Ie-RmOpnHMVTaItzPQZQRMn5UHPNzl5bduxBROdNRx9U8gOAcoAJCr38g2svtW6t29zycvQfaZstuY4I2fgPhIVJVsGV4dJlZGQDlOduY5_WdU10aAXGqX15Lzysmedb9jWmm47zDJ7xDp4FDNEyb-stRwFPNsjGQHOUc8iWKayIJD8-GNLehEjObXWFRxi_3jBsMrpSc2JD43JCq9j5VX76oc_LJuE5HlYSyCdlmMB6pCV5wKkVCXH98NpZeyTgWddVFpYfoEz9-ILJ1Qf3JFxhZpFyz4xd4j6v__m-awMdwUyuU5erUTTo-UY2XJSk4Z4K7-IVZ4AP2WMSXqiCVlAYpvdq6-n1ERpdGBNZSNdHnLCWq_LIBd2BFY6uyI9j-aJk6pYin4Akk5kkJY6iZZvBWac26L9ywJcrN-lo2enSUmuRqREETZ9srk7eQz4aDt474OO83MJOCCgujS33JSJGXZgJDxHJ8NhVzYztWM-B1eKwwSt1ZY5H3gWTSoG79A75urMzW2w1og9m8ES8-1tIyPmrzXE-MBON1XrNT6Plp9I2N9VLOOxGQmrw3GUIu6ckwVjjIwNS_GnvXp42mqf1o-CRKaiNkwv6hj79-mDgBGAl1lgDOxDz3aicllnrmLUK23178GGPQWrrMN9W1wBZqeBJPiJO-hSCv3nL98iyj5B8FWg0dmXkrHsjriFP_j7YCm6l1ynxRZKKsg8KV-MOHA5mP5vdXZAIr-rFl-WgMdwXcgYZ_-1WW5j1TlnxFlFrsddGL0HgJevWkWUdXIo_VgrjIJYAMK82kh6Zy98HuLrFJLbGqv6oQpbFKXw_fKzppuKs8HyXRVnvj64tqAI_5By5ydsO1Ik1mMEocnKy5cNV72RCjFhe2NTR0m-FebhhZ5obbM098yeNRwmcagkB1R2IvUXB1FZY6m3xvhr_DG7snnEur2_yJKbw4-Tl-ykMGRMHNGTJcgdOBtkjebTjisrI0NDtsLMRz8_ZK6AbiAEQ10QDArvn8HEN8nVAmGk7fH4JmZN47vLAxMuuNvFb_EHxwDtZGI5fTmGhtod6Tfs0rscAL7rqwx_8dj_qEa9llIlUj6iukeZgP3F3FYE9mgM0MAamDav1WU470S07DqfWKhEf7q7LLI_KYXyQ1kPYWFUJ1MPrt_79x5o6sIugiMsdyCaYXrY-3aAWKxKSA7F2R2N41_B6LiqwO709FMyWZWx8LnnZEgGpeMHKqEOm4HMzBXJOUy3s-60dVQsQ4f37WXSEJnaZJGyPYZeg7agltSlHOXGyNMZwJy8obc5kgu1BseWnEcLyK3UAJtPeHDiDttqHZG7R_07u72nsnZVE0hPY2Q2vX7CQMWkCd3XpQCw9kQ-ZzOEQ99fwBmTOkPkpsxRBLfNBQKH6ClLOMyQBfZ3s9HUCDZUCRlUqbowIkwTiSs4lodwD1zIRHKlQSbfxwMnxyxTpfrShpOUVRVAFFiYj14ZbZVsqLnzKTVKgN_F41j30mz4VTLAHypy_Silz35QSB_3k_MvjYizh5Mt6kLjoPVLmN7aGqrMWbT4huWk_Ps-v-wjgrpPgCtxaNMfhfdb1WZBGDmosSnhSODJuIaiONw35oV1bubrJQ6_Ko_itMutf0diDYGNN_V2xh9ZQhEtBWviT-jIxHp0Qz8Qf8SwqO9pgFpyN2BPnMA_oY3VI86BT2ex12msevFdJ3xPPqKnwHopS0IEBq8JRQz7VUShjCCWMoshEIN9mpJ4FXZaOTMegjEyd-8Yt8HVewT1YoX5VelGN5Z4v1yQG3_Wvg-FzbBKN-guo9Nr0UP7sU-bB6C3Y8iGGJIRp0PjmMj24GmX_y_hsaFHtwMBfkadfpTRMZxjZsWANlXslsWlYPZfsctcPhy9C1oYcIJ8IjwBdhf5mddrPqdsHJnd12oLQbvrJ4f2pEj3-uKu6m5pHG9Qs4Hf8v5bqbTMst9tcZhL5Fhymz6uX567bYssqlhiKdVa4y7akc4vxMvJ4zq8eqHkUH__C4ctR8uOJxSn5A2uPEZQahxTmwaJN42ldc8Vwey6tfRGR5q50eBPPAQObQRNbbJPiRcZEIEsHcYwit1mnNobCUDLxSMHSqE0SawfiEcNwUAMdy7NEM9x2d-WNJvswl96JAzb4tfOgG-PWAx8sIpKdIHIwYprUBfty0JdE8zuQ5r2_KsAolr_3ggkH1RYuYEAcTYHYI8Tpb05mO7XZzAOMcpHQK6LyePRVpQtDQUz0axETR6IP16seP_cpxlK5hbhuI4cxG5epi0zm6PPWW7xhJCqEB0KlEw5ujzQec3qwBP0A54eyyAKLuE7An3C0DfXzwL2fRcd3RWLAZVzPSAN-qkhtJOFrDwu9ZiDP1EWjYbN-9GjkgowrKgiVnk76E_G1UX_y1y-9Yh8O8SUf20umx8WuAW8SM3v8mq1fKs-qnV7EaTlnhRstoO6OMqUquZgcaz308qEHdUG6VtE_12yDBqgGm3kK44hXcH9R4IH55kxBHRGznUfELodf-C9m-0Pd-3A14r8rcaXhptKGTrr23bK4wOGYS3uq0Xm-8MTLn8nOFDWupudAt5oDQDl3RQYR2iB25YR8yi2QWXhbcCBl_P_QbebXth3G1vgwMa8PnaJup0RJwz2t5S_LJ88hbqIJsnA4utXHC2zzocDK0XU3tdCf5KGT_QX9-rfioQLmdYbMiE_9oKjxqqnG8lpCsjIP_02czKPU9RAxlfnwHru6TfIfxZO87ZXi0pG3mTNG1CbvNs0rP8-NgEDb4ybzBa1dXcphHRZvGrkvHWnqVhz8jbd2XNe54etgygn3la2xdJFbCCQxjYwrB_aBWq1aHtgxrkTGFW3HhAOxYeIvm8IpxeGopweRj3JrpW1vnvSt3vEdcSyxmwkYBvE8AGr2LyVPj_X1OQ2528xQ557tYKQUgKyt_cLrVzZHrDjxHHm0BzODFqLAJy_La0BxW4IZ2Iyx-GgWxM50IYgnvPPqZqOAw5eaAhGTkQ_IY5YExnJc8JecCF8VqGrsaBXECTlyalBTjUesdQdu-21qdfaXuzkUDD9DjKAHooJArcQJto9obZyzvvlcWy89__HOX3Z2RLvoAS17DRiUsyeh9HP18X_xsVEYS3c93DtE-mScx0179fgkcVW5tQLu8EWsL7J4PkIGWgFyGm-fimF5qILbctLNnWiBfXfPf0waOqLWwTC5hvkZcnCcvWBq4phtx2AYMNcQoOB8z0RXA&cid=CAQSOwBygQiDwHzkza8PFn8X2mgzneTiWJAep7v885XJBm8yMENTNZiNF1j28GuzMSyJI7YjxH_lkhce0fjIGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=18335770602875574000&adk=2465470143&idt=161&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

34a5f36a5a799174b828ea875d1ee664cf0397285db23ee040442ca7f7297e17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36776
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 06DE 6 KB
3 KB 53ms
40ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:13 GMT
expires: Thu, 20 Jun 2024 18:18:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E82A 6 KB
3 KB 53ms
42ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:13 GMT
expires: Thu, 20 Jun 2024 18:18:13 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F934 172 KB
60 KB 215ms
83ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Origin: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28851
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame F934 11 KB
4 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B6xHHPXVn-gOlxK9K7o2JZZAMM89nmHyDIqidKbLWDD365oYDyNliMHPhytxWgnhRXiPE9VJsMUkNmkIJjSSkOKH6KXVn8gGbT6g_40tPU9vGyfOD_qE3_fev70GrO53s1r21e4wf3klj__q005uKyqPDdo6p__6Dlk_6Wm0tU-Q3dT4M&dbm_d=AKAmf-CMOsB518n_k0ImVAB5rVvS35Kan0j6aMHPGrukdvTBjNOcDZZ0x5Upu2pj72Bdrz1qdg3XB_d3SyiW7jX9lmIyIgu-dlX2ETFCUhAZ-aHTV6mCBtLDesR1F-aKueFrGq88bbj4kZtPw_zABDAitoKvuyYN3ADSp-W0voQIh9agDqtl6SA7v4dPXO6UrlOrSRU_JwtfvRgsP5NAszuVMfuAUWeV6ztoOhckm0Hx7p1Z-lESq9wlaMfltH0onFTOXoYsEbGn0tHChPzkKOLKqQioG4LUb55Qv_7Qm9QirdsXu_lo1X9PA57NUxsJdk51qxTdtfK8gvAwB5JYY2eIlhOIfCs2hB8kp4n_HTKPZ4bX_RQcdnkgKYRjji9sHAAWJU5hzbPkJJ9FtJ2ybr4wtrUfOHyoC-P42jdioK93LJvkoQNzaCzBL3aUbvTGqip2eJZgKtIc9tzoKnH6zebUH-kys35nxQKo68-bvr0BRRNaINnL-d5Asu_jAlSb3TpJl_Ysna6G2RJVA9JwhCJjW5sKwqQY4X5K-uusNjbR2_LmHtPqpFH3uO2WIN84to-iEmN2vm56ckF8TkE4lYIQuzTUEfuqFgYMh9ZjFIsiJuFhY7eYF85FGlaRJL8-szc5_jQcaySi6FliiHHHpkQrS3TnFcAaMo86A0dlaUQ-lrHUyFMHAcAn5YNAeuWQ5lbo57vvnFhacLH90fCSe6UpbQagxP4miP6RyNRUVGwAteoyR1qI46K44Daajrr1p10CowuLKWbATRmfxvm9F5Pi-8v9ZB_t0BuoT8qZYn0EH7dBsF_BPHsl253-xdAwBC7V9GUKihoUMDq31TjFQpLB3MttTFFMEmIyBF0U13kuvrXpW6iWTMeRyyh8Z1GqXLx0a-H32NyFhFzUwAyq1ZEcOl9KROGX7nJLI2jSiEVW83wPr-mydumKfP71fxJpqcHfj476CfcktKdtCUd3OG2p-6hKqC0hllk5mOlrNO2eheSrqKTWWY-LcV_zLAuSGWKrxkiuO5gRSOJ-wWRfKIP6ECqcZM9h4aN56tR8mgkdS9bxjlsZ7YOXrjWIsfI0ne38uavHdOEjmws0YXScej_eg0vcCNgjC0q5q0n9zcDwcxPEKHJg_eK5JkNMMPzSIIZKwU3Thr7faibcNPJ9aWoExsjkyJn20Z9Tsqosalpg0HlT3zNYhDskV2-AnbLNrZl6A449RM9EUO1otKd6h6WLpDT9lrEAg83ulbY86XvSd68m8GgyLcVVQGlg6acdJ44pX5MlC8S9a9pRSk--txWjt6Az_ezxkDpOtVPJ3OtoGWFrJUdmaDk3MR4seXYFnvDfaguazws_qq7cNLNTCx0kLyVVGcx8tKK7wbniIHWFlZ5xovq7bJx6tn_OggB61NEYOmNDzPXrXFs7fCWeMNUwC12vvdlvVezbh5ryoVldrGjpV3k5FYE4wBFKoFjHHnbQ4j5Ga_0FplIvsG-Lx5acpHzaglABh8uLWMw_e8jTQffWN1J6Mv6n_ssixt1fQQRl5b6zv-B3l9C4hP_5ke3YahxxZ8lVRtk5FvjYnuYYu8QkkzaT0KWQ6jPGF8uCbYkOFwZ_GHn9QHIDQ7fSmflAmknhgPSuQtB64iHnGIYQxfDgh_cUrcdOd42lMEC3-tqEqptZSK9GXmFN5a0X7bmviZtOTrAzIiprkDOH9CrVln3Z2Q4PckoySjvobIwOMq-xZpu4tafWlrXXmS7FPEORzI2k-UQEhsgzsBcTIywMdLYoAh9BpHSHGDGgy9rt9eCA7od4VSvaX6gAAwl4gO18E9micYBGkw7z0kq-5zJeHWXR0HUyQgflOxqKPXqpy5SOJkacA2HmTaqgS7kHo9emC45CxqNZfCseUONOLGq20p3eBkdF2sEeLeuw5bNcE2xa8k_yCoAcHrE0bPJxAxrTFbIJaqzB6Z-DqGqPnZ2AgTihI_l1IXLkzFo0GzlK39HtgnzxJwv5njdK_-NcIL3YJSxSB00G4hLqxu-ga3QA1ZGhJuX_-ecN0Pvz5Mxp74UBLz7pUx-MYX9bR_Liqixm7iNaok3gE5Rh50QMs1NWXkkVLjfjxxvSW-Y6KdDElBRsQ6ezf454LamjS753L79sRwoHzGr-Hs0XeQeqhpVoHR-HDxUbDcm6h0KPWSvzGScGdh2B-y-xL8ur-RKrQVD41pkJgUePw3D28ic9MbHm10Uhq1183bcY-XzBVmnrlCKq4dvOAXsobqyZcOECobL3Oco3gdbDVsGOM8rHoXzBBAxAb8SlQa9GMSrOuuhX92H-LWw-6AitnOh2iuIvSAhv9JvyzjM9PLqJ8k3QEeO1OkLW2scIyGFBzNvv1ikYbyKW4KyrkynIZ8sOYezFsPMZPS7kUqsLAFQxOP0Lx1BbMiWv9phC-0eTLXwQjJKEC0stG_Au2DE5SATpmfxoKVyRmP6Cy9lGEr4Em6WR9N4RqXW2xC2AE1lvfMYqrVqOodSNzKOrTE6LSxfEG48j3800pjf8o23JOyQvGotgxs4S8bcsu43dxb3dTf88gTLfsRd5-cpW9EdkqS4oL_HdKA5s8gitg3TMJ9tgUFlRoprBWxlKraPnUP_k1JTXUr_76qL5WgeokYbEaCAPb1gPJ99nfbzjKs2UwhvPZRT6RkdIe8jOlcf97gSMP_IL-5epgUky_PNt6wCII5OGD2jzR3CPdC_O1jJxaOwA3RccEFeYb8vcLpmpbs9F6CdNdtP2RWc9_z8TjctkY-vzztSTlj2BxI2CjSU18NQk9sbub8IVAsiiT4e0VxMwbnxczRBzowlnP_IsD0z5MPpxNeMStQFJxt-Zj2PbGRmAxlTeX1yiNqjxyyRsZLQaBjLU3XOpkkt5jDRmlVCIT8W5nG1DFGp9aUK7TU4gyeBVDB1FrRuQYRLfugiuQ5_h2kjfYC6sbAgZiWAxmooKMVKnHWi_SJL0_qGp0PKZXg-Jzmn3BevCaasxs6zGeTxradUbSFtSg4nr9TQiohkPT7kXGkS6975ScFcsfrTTJFUNYcrE7AEOIsV-4iwCeCNb6Q_bzilFy3eDI8oG89R4PxaiCb8FOJ9sg8P5aE0cUINrY6099KE2b_i1t0n8Y1pPiidule_Gk-l0S8fbLOi5aA7XJxydDvqw90SfmDsdKTAxDz57Q9_6VLtXjLZsRW23PYl7vCNCF0hFZCElM93MIPoWEcWW5j1Ts8fwqGXQunlTniLQ4UFzHBuGFOfzD8xQy3-D0Hd0NJ0BKcJ1lQsQte_r35EOUxHkzLPW8Qeippt2xUd-CypS-K6rOc16cN9ZEFcHMtNixTnzDy6FzaHIW2stvdGLbTrBWvyqAw7ZmPY9cxrficy3ZQx8L400fFoLCNawfnLUcZE8hTVZpIDIsBKum7u1oMa_KTNo0t3TssMXY69yllNn-ssD0AT3TI4455f9NLQEvBXoywTX9OaErz2r-7LE4H1ZBMNagcTsN9T33qDMdTt1uCCOhrwE_2iFj2T5u1IFFUIhCYfYJq5kZUiSbyw99DUU7LoX70nQBidvdGQZt8vkR8AyXT7TPW931QxwK9-tTrYXc1I2KNTyew0jtdgaPi4ZosDV-5dlvQ&cid=CAQSOwBygQiDRN2sdc971cln06EbbmCxj-ejsRpJZAzs03h3VoB20e2DBj2A8McrQq6lmxVkiQ8DEnRS7Dd3GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=11182830353131389000&adk=3887872403&idt=121&cac=0&dtd=45

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82721
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame F934 30 KB
11 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82619
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F934 41 KB
15 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 536345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EC18 1 KB
643 B 49ms
39ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Thu, 22 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F934 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ac84623d4ead2886499106fd1fc56db67f55cbbdbfeb8821aa5ca460ce409686

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 3875 172 KB
60 KB 196ms
104ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Origin: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28851
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame 3875 11 KB
4 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CiTKU8RHOaaXe1JUUaHUrqXJD_6ym-DRCByeGK0PN0i3Ho65mKk7CnXZ3peSi_p_OfY0pFf_b-Tit2nLoGQbBGtWcegAc_XLTGhxS1LEQEqC_0phdhDBLaaUjvhnB6PNYnMnCmrn69ET46qiX9vQYwBKGHchKfQWm_mbhsijAYNjADxiM&dbm_d=AKAmf-Aguq4n6iqiQ_ljwwASno5_K-y3ASZORiwj2wrgrDUIWNNgvLo4gsJ-PY3uUg-0QYOngw3hr5IbS5ww33b0bsBy5La147kuThwa1RVw7w6GXqchzwEgTuUkAVjEjkUkwBUbO62YG1RCZ4gyKdH-sz3wJqBHimAn6MwEE5HuoW35kwEie8jU3d1o-6HC573ODBqVVTK6TCNfj0-MHHcIcmnqoYCj1B2H4moUEZFBMM5_vvaTDmUkoM3LEHyeA0KwjOzKLCLIaGVQQvekiaqBUry07svlxwIlhN11__t2YeDuKZf7tqa05NhsQx_mUTbFddkYkIDmNgAHGwyPrqezPq7sN73t8XgTsbFcNf3vgxV3ggHKbGf0DQOmXjoOcmhJTT4JiP54dHqMzSq6njPwYOtRPqVSE__jyECaNvHdnyxSGuAVT5IQKhQt_AUCiZ01ExflZaRzBnE6x4398-XlBhinpUuI3U9Zs0Ma_pbTV9OsY_DRM1ePWA5YcKa15cuO8UAK5LAjDyDhhxt6_kqHzdRlsT_GszOZJ7oA4liawHvnEHhe9zM9NckjYCGbm2nUA5fDR4G_oJybkGr02awWMPSoZdxhupYC5NYYBQJylLvfQ63ZM4GJ21wTJJ5A02oEBsTjswkO1RHyhFKQyDLxPttzq3FSGwxs77p00_deAfNPj0GPHF9owVc36Mmo-fIk4Xh_lvyW-4D_Ezpk2lEyK7Uz6plwSJ0VajAn7Z9EtKwGa49MVwYEdb3O4Y9HF7vmJPvh9JDDwlKUhAzHQc71_2P5_aKheAqei4sAyPag5hmvncOvF_kr-ISRAVIyivG0sIS6YJyVrKh7xKLWqqlH1y60l4tHaAAcYZBxD5TVIAC0I4Ht9BxloTvdJu0xzENCDLlYYl2z0EdOfckSmkVkZ0Px_p06u_Y2UkdyDWtOoYpEFnV4BVNHpFdPCZ_0EdJ0ZUJFg9wXPTEl2ok1UxAT5sWM4fYYk9Vl4d6w87nSmeI87r8CLJ191vTRyxzCBg5CmKJX3BOIxjNcMMCKPQxBksHiCDI-jh1fPZep2g2DEpwrxXavnH8jvgH87k4A333vOP57nbzwI8tt6iPd3Llgjisc0OMHTKs37kiXJeE7EkuFuuIgBHhi-mMHS_96D9Wxwh1_3BAeH8nliSDRGEf5vfficx0qsWe1bht9DQdySlHGhrvmyWAOHcP4hKqEP0l8lJMdE40EDimG701TmFiiQkd7UQdT7yRRGBLqu_yiPBx5sfwTgOFiMP4r-xHmiw9y4JbriR3TVYWXj0UCqCKDpEdsmym8dduCavW-tZbtaYnCaq5w0OzhPoFggC7WktQWpP3XBEUrCHVrtkYxlnvSIREqIZNqxAXo3fwwAqNzNuu1rvt1Bipxq5gnyOW_fUdyKZYoeQz0tIZ3MwFf0H9HWRVYV5NT0TM8Jl9tKwsJOEi4F16G3lpVTQ8QuWnaWWbBSh7SAvw22R3l3M7SDg4Gj1Cyukje714lLz7JiNk8yKz9ekbTtb7N58E5VO5rOy9ArDeySMRtW9uLOTO-6O5m838e9I3drYpS5S983Aaw6kS89pvLfXfD6IgKmvnBjjJLDRyG523YQq4ntHcluJhVSojgIY3Udh1Eqih6cp8xvVdyhm4BS9iQAuSGmYHdqvICCS1Dn996iLic9jHlGSWVYAr4JgZvbf1uPHv7KWa1xiYxfnTdMlJoizOCyVXY0ZQW2xWfBKP5_ztlFFRWjM5pUxNc46cg8xtwVTdGhj9u_9f8YqfiJzGn_NRa02feyaxkDxDPhOH2nomDOSYM7SjE-ThuskEkWRocUewZYTzI2CzvxUWCecBnWE2QA5bqCfBH7snK1zgx2WkO5G1MnDha7TEv_1xvB35gW23qVGsIeKdF_P97Sk75goSH3PnBiY813I6TpRGyO3ECm7uPi6ptdgTPEr9qDQ48U3hdlMb5lcAax988NMSdQwTU3NlOwamSc7_zxRvthdKyctO3DW-LPzPjl6Pzhr77K_B0OAjZ-270y3t8hy31mZqtVe5UDg10XAFY7eA_1LmVBgxXn3Rrxd-x0Wm-MUytR5QJQO1RlM_zfbj7vn3SAH18wwaPrcrgL8vZl-0x_hQkWXjnmJC72X7MghpvcgEwcKfRoTZnistTAIQo--iTjlLv0454es9aYUF-dF59VpneZjunQCz_eRkP6suLsTGAhOkiPOs4Jt51z6AQTubpN4gV_10_hxGArxna_15Ms5UnVBTgoaq6jBpKl8vK7BQrOYqEuIo0Be_S77jMqS0_EIx0AU4USjySmqJSly98i39qOnttFTQnfp49NUEQgdHEt-YZIDrl7rWO13L5zKH8dCt-_HG1Z0V-sxWwrAjutftGXzZ-YW3Q3wI64CGh7bv8SpUU9E6zryYC_iKA8JHzdXKESZRb5tkLvK1xZd14S-MoxbuBzCmBLtLanowoPGPxqwyTXXFNJ-daoQCPHpTVeY_wOxw6EoGO9OhVN1NJss3m_-HQ_NUw7QqjbGJONh-czk3FGGJxcFw_bi04jTxjJDfZkUxmyUFBHtQLocYSzCn8w5YZjdrVNz_RsDxPpTbEyKabUFGYn2xvul2qAZW5QzE6ymxbqLhcId8212HH50lwSKzIiE8jK8MkOdjsjkHhbkN-3Q2-acrv_h9x_duQft3pgepRRa_T1vc83In7WdP5XTtEpZQ140duenfcU8uWDAxgo-OUtgvGzPbQ1pjgWQ4d60K2dB0H_o9Osv3O3vvmUSNqEGZ8RFpL8WVgx6p7_X8bOo_D_PdoRs7w8nAEkSoKz7BwFq6NzEkuxf-Bw5cGFwuxCKlmEyB3cJG_Bjsxgx8Of4KzWbVoJ6wzvpdPPfBOFa3n5vm6SPoxxZynnzS2I8jJhhfapoernNF0an9qbeeCZu_f_ZgGz9VUJ94tol7dY4hjM4ZQx_109loP-7XjWSJ7O8ztycmMUsxm1loJwbWbgnTO7-IfIZ59cWeufDncPZV6f916h2ngFFTFQOjdTwHh_OmBM1lS0GXdrGE-Dq_prBqhv_C2Z5XJ4JfSJBjlLYyzpjnzlB8AVKJsOfSKl5BuSjGkcYGnncN3v8VlSEtTeraNvfykVVQFpw-IbgioU-0jpx-eDggnKlllHNL7QziRBvJb_QXZijYr1mhRPkJeXxA2HNVvwUdb8IRWWmRP0JNh0owQRTBcuu_Sk4MxaemCMGY9saVp5DLuXxvTY-AJ8ofQgTHY833pvLI2jR8zpZmfLoe5Oej5upNg-NYK3SfbI5yoSFl0ESpTkXQq2psBGnXgYaAsYshrSIS9_cZBUHhiyyZVg3GYnXsoxU62Wu00vGUVkMs24RAYhg&cid=CAQSOwBygQiDkehJKdS_f6m9nFAvM5fk_hoqGwXXLBd9ovv-9zk7tELMBugt2U84CYQ--oc_CDHSlGGPbCWvGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=3704984583653351400&adk=1599433117&idt=172&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82721
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 3875 30 KB
11 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82619
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3875 41 KB
15 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 536345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame EE50 172 KB
60 KB 205ms
121ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Origin: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28851
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame EE50 11 KB
4 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BAWNEnDJwKkC5nvfbpuEKWYWUtI3mne8Jfkzj1nXMKcftZ2enYj_Od9J5Pju6PU2DOWKjrQkl9fPtx0sUTz4fafuJ_mJDBiJJjVczqK8g3_zKwG4FR4h2bNnnKjTPl9HbgleCbpKuNSGRxaLPvbKkKuXcSjha5UNR1U62Oa6OOkXILZc8&dbm_d=AKAmf-AnMHx1H66D-xGR_9b9w7eHuEk3FCA_XwFwGbb4d3sdP3EDZhRXz3GOj1Sya5M8jqk4ubZQV18VR9OKFUt289vygGzWp3vUWMlfubA6Ig_UI8eAVfwuYrO5Dk8hnlmyX3Ar_RQTJRvwkb3G0j8-i26lO80ez2jV8JPha6gvehtDSmEi5bnTMdRr_NKff7HcjFumdBFf8ZupPILG0nF7k6ETa56s1hmv3x3ws7cH6ang-oPjNqrVXAbW7-CjKkMiuTzP3VEkhVkh-MVKy6cfwUNxNlEnQ-5zcuRtjO7S-IsT2f6y8bHTqEuZkmms2w2dunIE_JpvwC04tSYA5xX9UeP9ZkiLS3p98smjtkVA_aMzv7JOBK2Cgj8V2np0i15yI1aPJXD4pbRp_AgX4dPZh3sz45GawpgRVThVjpSx7TmQzXpSAv6Va4opK2kJGZcdYNBqT6BXyfrwOfNMaat9C6EZUNc6hBEGVP9q3qR44O6qqSFMD-NsSjyNiRZOahS7Hp46ekdL5djZqiUCz9Gpaor8Wsu6F_PYgQZi2NeKyOI-O_EQTVvSUKgtzG9okBYMx-lLTyFA7QKyzXdDM8Q_Y-p9StzR1PdREzJvr-GINRVaQ2a_1I4s7nwCmljhcXgaJRRZ4BO6F55TZTQFYiLC_krfWPns_fZb8v_L8y36j4rOS3Nedjo5Wh8AeX_54TnkWkuNgdJyb9z6uEb1tMfCpEQtiz3y5hk9oTA7R5eVdlUuA9OSL2q__G8UCHHFf4Hz5GZ3aNzc266_mR0wt3YwSbXnnaeG9nud823iQl9tkdmlnJinBGfSFISbOz94flE0YcDOdLt4Kgo0oZE_d1jcMpdFv6FikzIhgAuBqIZJhb1kkEDLlowQ-SaIBVtMJboZmNBQoPzMbysntW8T0IA3o_Fa8K_NuH_tFlUgat0NXifzUIxqrYO0yN3oCGY7CydR6oen1Sco9sqI65dbyNSzAeQWdo2RwYAZFJUs2NoY7FDySzjIRXpbAbaFSw0uNUCQsHTLayGKrZsbHyYpgg0vNkmgVTyluxyCWM9rYMGCLWo_uAwJy3x2T_YjDRKuuiQwrwsICv1LHyXDVR33LfexBqCq0n-sC_a28OkJU2jzUr3JatxK3YbpBcbw4NAjLuG675f7T_j4qOxAUFIXpxlD16o8MFnDAz8M6lCfGalvKUBjqKC2klP4JDr_m-am4MbzNOprKNkFbhd9w2v1BicqyFdC2NbNtM32gnqGb1rHRPtZ0BffDjo4RPsYGa4098N3orOB-CAujc9U2LXnX-DALFNkp6xbvZ4RPpF-gB6ot7AAZE_Z7qAL0DxhCdyL1FS0GS9Jx2ivW99lzLjy0YRQToIf5CxfNTwepNCVTPGz-HlStxbJtkq5Xg2jWKnSp1Qw6_pZ_AAB5ONzY5ah6vSP-hFYYFjyAS09ZoDx1IaEqWMc8siBGuIPjvvSQt1fwKzD41OXNn0goIXxCeN2iY1m2Oadn1_72o5ehgSYuBIawgsiXfDkEDRvCVC9cM7Pgt_4D4u6_0krEAjMEvdufjdFwuO-lr3gs40ZM36IHMxw7JEJ6ihezKa9tHEO7lVjUKCU-ly5t05NEaDTOtOfPjh8nI_rFp89boNvUkG-RmK0OuxOceZvPaMASz1Og5JWMY7Z41Lyn3FGKNl97VlyYzhb-XYMbiIudqXId-kExVsh67soqaxYLQ1UxqksObs58y1SXM8HLlYgSqFAgUjREDXLgAT0_tUyAWWFXv12NW6mPWPdSiova3aEEb5Y9y_cpsVQudnnvltVqpGNim4qv-hSb1wfGUWJGVG3-d8d_mPjZ-2U7NvbHW4iJXtr1dhMixh1Gjku-I-KZTIaZsBJHvTy8YGhguYEbJ6-pjRX7fS-P8ltOtWa2iv_XGR-hgN7WqQrfmH-ZL9WHJ_R5JFq-P-eSWpmRPfTSYl2wtq7_f_zAhhV403ARcfaKc3wCFipy21cql7RpqN4PLHxildT_pE_qv7BA3OuR-5GtQNfV9gaDTCMcE-74q0MqFU4HNKKfcuZd-fCHwr79FJDe94aqwHXcBFqbkvX9mwFNkutZFSEwhzQBCja5Kyhnrna4p501Nyd1Lnmng09DHqHaOu0odF3WMHvb0jVys-_F4vdRN0qNJApZKnx6bMn2-3gAb8XQ0T0PcmbLrCGqjqMbntlXF70qWk66fONwVyr02QopNCdBWYExDFXwvpxAuVCJIeVPyFk-w-lMc3OYn2Rn5c_OOPXvGDW7gJiKHlTYkkpw0C8U9n1LXLgQ9KI8CGrt8PTd97zAJWUsaK_A5Is5qsO70f8paTpbRL8zTwPywdX-R89uH55-u6JDkAjbcn6PjpBnOZz0GaW9dnYQykw9gqJpZ_7nKJe2N0z4diw1ZpfXx56nXg5iy8MDnUhA9TaZzRIeMfBcWl2ux1DJDh0_5dL0K7YTU8aBltjxvF9-a5oYEf8-PiP5z_PvKf88DE1hc1F-76WPQjC2gEX2vkXv1xwMJQswUZiEoIHbuiUPxgkBBD9PNVgOIL4oHecbRAqDGSbPQ_U8LjK2G4gFRXU_xvjQUHN9UqJ6GnXplSPKb7GVAes046p8iL76TBRofZlEw2vhfMTLjOIWOUZwxiw3_pDcuqXpPveSCRrUAeeK7ruCQM6SGI-yR3AJbl7czcxEi5joW1JEi1JRqB2qqKOZelZIrtdG9ug_oGimEqJIkuwapnsUQo8SNhZqc5lMBSP77eL7GydG4DK507SsVkDLYFPBoS68Z3BqMzYDkYJAQH75IBLKVHqSerCStMzuy0lWEBzGWwizFpQ41FldU4wqtqNZ0PfdaazvNcyjbAXobhFOaS0OF-b6LWzCWMyuzzOhTCjV_qZNN-Tz7REDtG1YQaZnCfW5Au9UaACUCTxocZnC9qWY6OI0VVc-vVYIj1QDvTv9pDHksCGCs6W8RV1qQtPYTusT6_AOU5sAeOMlqNAp3oinKItZusl9Im_CrD51OcmIIbXQbTFAtWSaoa6KA7vXfB9B92AYMspF926Y6oEhdQk17RXrk5FIfXqrCREGGKdPv5QapRzyd-DZ7ZbpjYIOw8TNZZyBCztmQrJn7zh3vELLfePdpI1Z37ra6diwaej0RN90BoTyeYHOUfEW4KXqbpcJ2rtBu1uSIIJHjcTH7MifU0onFJ1dX_KVZ3vr4_28zvUDfJtWSeVprWRGu8sUDabqT2TmNCL4FifAu8TB3M7ckmpBvOHPuQ0i8m5lBFQ02CyNJRGFNWoHbO1nllsYUOWzwXRZiRDFBHo-7GYA7OWcuuMob7_InQe947oJ8k13bEyRNHkmRIpvmVE4C6M7U6dtNZus36Wd8BIgt1r0mNk_jc-2Kf0kiyKckSjIEsOIdvNbXLQCLT-&cid=CAQSOwBygQiD0ZGEYVvhzmPsxhxstxhmLGAO5RKycenU2aM5ifIjuEWs2RAooeomoe40kF4QeOFJOa_JZKGZGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=15420849320084080000&adk=212707235&idt=152&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82721
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame EE50 30 KB
11 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82619
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EE50 41 KB
15 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 536345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 078A 111 KB
39 KB 113ms
37ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Origin: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:17:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28869
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 10:17:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame 078A 11 KB
4 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CMW-JnXXSq65zTPJ3PKmqdolJlGDLPMP5ydHw3jBGklcYqINXiziJFy1q3O4KKy7p8Ppf9PeSwCR4fhlNBS2FLSX3SlQ&cry=1&dbm_d=AKAmf-AO-B8ieslB2MtNO22ZOgkj6maiiVl8m1oGjZW7ItvSy-HPO-hh0lJjAJ5tnm6EII-dVgub6lbsbGaJvBxW-fglqc65HPz4M0w0R1HUztBcC79ojknEbzzkxGNnaaeXlSxkP2W7i0NC48X4Gb9iTZrrzU2T6kI1ZQ6GX6oSzdij_Sjl6seQi7wLADEJ01WJLTtemnBjzTkr-YGBxvmsQEIQW1lMdAQetu17BcOk70g4hmCrf3g-yD6_ioG-HE4bYGwdmeEcQaYs13jZNY_NLjo8_EThN5JgFXGk3Zia8GhrxLfUlaOm-Ie-RmOpnHMVTaItzPQZQRMn5UHPNzl5bduxBROdNRx9U8gOAcoAJCr38g2svtW6t29zycvQfaZstuY4I2fgPhIVJVsGV4dJlZGQDlOduY5_WdU10aAXGqX15Lzysmedb9jWmm47zDJ7xDp4FDNEyb-stRwFPNsjGQHOUc8iWKayIJD8-GNLehEjObXWFRxi_3jBsMrpSc2JD43JCq9j5VX76oc_LJuE5HlYSyCdlmMB6pCV5wKkVCXH98NpZeyTgWddVFpYfoEz9-ILJ1Qf3JFxhZpFyz4xd4j6v__m-awMdwUyuU5erUTTo-UY2XJSk4Z4K7-IVZ4AP2WMSXqiCVlAYpvdq6-n1ERpdGBNZSNdHnLCWq_LIBd2BFY6uyI9j-aJk6pYin4Akk5kkJY6iZZvBWac26L9ywJcrN-lo2enSUmuRqREETZ9srk7eQz4aDt474OO83MJOCCgujS33JSJGXZgJDxHJ8NhVzYztWM-B1eKwwSt1ZY5H3gWTSoG79A75urMzW2w1og9m8ES8-1tIyPmrzXE-MBON1XrNT6Plp9I2N9VLOOxGQmrw3GUIu6ckwVjjIwNS_GnvXp42mqf1o-CRKaiNkwv6hj79-mDgBGAl1lgDOxDz3aicllnrmLUK23178GGPQWrrMN9W1wBZqeBJPiJO-hSCv3nL98iyj5B8FWg0dmXkrHsjriFP_j7YCm6l1ynxRZKKsg8KV-MOHA5mP5vdXZAIr-rFl-WgMdwXcgYZ_-1WW5j1TlnxFlFrsddGL0HgJevWkWUdXIo_VgrjIJYAMK82kh6Zy98HuLrFJLbGqv6oQpbFKXw_fKzppuKs8HyXRVnvj64tqAI_5By5ydsO1Ik1mMEocnKy5cNV72RCjFhe2NTR0m-FebhhZ5obbM098yeNRwmcagkB1R2IvUXB1FZY6m3xvhr_DG7snnEur2_yJKbw4-Tl-ykMGRMHNGTJcgdOBtkjebTjisrI0NDtsLMRz8_ZK6AbiAEQ10QDArvn8HEN8nVAmGk7fH4JmZN47vLAxMuuNvFb_EHxwDtZGI5fTmGhtod6Tfs0rscAL7rqwx_8dj_qEa9llIlUj6iukeZgP3F3FYE9mgM0MAamDav1WU470S07DqfWKhEf7q7LLI_KYXyQ1kPYWFUJ1MPrt_79x5o6sIugiMsdyCaYXrY-3aAWKxKSA7F2R2N41_B6LiqwO709FMyWZWx8LnnZEgGpeMHKqEOm4HMzBXJOUy3s-60dVQsQ4f37WXSEJnaZJGyPYZeg7agltSlHOXGyNMZwJy8obc5kgu1BseWnEcLyK3UAJtPeHDiDttqHZG7R_07u72nsnZVE0hPY2Q2vX7CQMWkCd3XpQCw9kQ-ZzOEQ99fwBmTOkPkpsxRBLfNBQKH6ClLOMyQBfZ3s9HUCDZUCRlUqbowIkwTiSs4lodwD1zIRHKlQSbfxwMnxyxTpfrShpOUVRVAFFiYj14ZbZVsqLnzKTVKgN_F41j30mz4VTLAHypy_Silz35QSB_3k_MvjYizh5Mt6kLjoPVLmN7aGqrMWbT4huWk_Ps-v-wjgrpPgCtxaNMfhfdb1WZBGDmosSnhSODJuIaiONw35oV1bubrJQ6_Ko_itMutf0diDYGNN_V2xh9ZQhEtBWviT-jIxHp0Qz8Qf8SwqO9pgFpyN2BPnMA_oY3VI86BT2ex12msevFdJ3xPPqKnwHopS0IEBq8JRQz7VUShjCCWMoshEIN9mpJ4FXZaOTMegjEyd-8Yt8HVewT1YoX5VelGN5Z4v1yQG3_Wvg-FzbBKN-guo9Nr0UP7sU-bB6C3Y8iGGJIRp0PjmMj24GmX_y_hsaFHtwMBfkadfpTRMZxjZsWANlXslsWlYPZfsctcPhy9C1oYcIJ8IjwBdhf5mddrPqdsHJnd12oLQbvrJ4f2pEj3-uKu6m5pHG9Qs4Hf8v5bqbTMst9tcZhL5Fhymz6uX567bYssqlhiKdVa4y7akc4vxMvJ4zq8eqHkUH__C4ctR8uOJxSn5A2uPEZQahxTmwaJN42ldc8Vwey6tfRGR5q50eBPPAQObQRNbbJPiRcZEIEsHcYwit1mnNobCUDLxSMHSqE0SawfiEcNwUAMdy7NEM9x2d-WNJvswl96JAzb4tfOgG-PWAx8sIpKdIHIwYprUBfty0JdE8zuQ5r2_KsAolr_3ggkH1RYuYEAcTYHYI8Tpb05mO7XZzAOMcpHQK6LyePRVpQtDQUz0axETR6IP16seP_cpxlK5hbhuI4cxG5epi0zm6PPWW7xhJCqEB0KlEw5ujzQec3qwBP0A54eyyAKLuE7An3C0DfXzwL2fRcd3RWLAZVzPSAN-qkhtJOFrDwu9ZiDP1EWjYbN-9GjkgowrKgiVnk76E_G1UX_y1y-9Yh8O8SUf20umx8WuAW8SM3v8mq1fKs-qnV7EaTlnhRstoO6OMqUquZgcaz308qEHdUG6VtE_12yDBqgGm3kK44hXcH9R4IH55kxBHRGznUfELodf-C9m-0Pd-3A14r8rcaXhptKGTrr23bK4wOGYS3uq0Xm-8MTLn8nOFDWupudAt5oDQDl3RQYR2iB25YR8yi2QWXhbcCBl_P_QbebXth3G1vgwMa8PnaJup0RJwz2t5S_LJ88hbqIJsnA4utXHC2zzocDK0XU3tdCf5KGT_QX9-rfioQLmdYbMiE_9oKjxqqnG8lpCsjIP_02czKPU9RAxlfnwHru6TfIfxZO87ZXi0pG3mTNG1CbvNs0rP8-NgEDb4ybzBa1dXcphHRZvGrkvHWnqVhz8jbd2XNe54etgygn3la2xdJFbCCQxjYwrB_aBWq1aHtgxrkTGFW3HhAOxYeIvm8IpxeGopweRj3JrpW1vnvSt3vEdcSyxmwkYBvE8AGr2LyVPj_X1OQ2528xQ557tYKQUgKyt_cLrVzZHrDjxHHm0BzODFqLAJy_La0BxW4IZ2Iyx-GgWxM50IYgnvPPqZqOAw5eaAhGTkQ_IY5YExnJc8JecCF8VqGrsaBXECTlyalBTjUesdQdu-21qdfaXuzkUDD9DjKAHooJArcQJto9obZyzvvlcWy89__HOX3Z2RLvoAS17DRiUsyeh9HP18X_xsVEYS3c93DtE-mScx0179fgkcVW5tQLu8EWsL7J4PkIGWgFyGm-fimF5qILbctLNnWiBfXfPf0waOqLWwTC5hvkZcnCcvWBq4phtx2AYMNcQoOB8z0RXA&cid=CAQSOwBygQiDwHzkza8PFn8X2mgzneTiWJAep7v885XJBm8yMENTNZiNF1j28GuzMSyJI7YjxH_lkhce0fjIGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=18335770602875574000&adk=2465470143&idt=161&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82721
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 078A 30 KB
11 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82619
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 078A 41 KB
15 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 536345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1C2E 1 KB
643 B 48ms
41ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Thu, 22 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame EE50 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a81ba6ea845f7cab298d213fc139e3aa1838d5cc9864bde51fe35d01842b30d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8392 1 KB
643 B 43ms
41ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Thu, 22 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 078A 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89bbf4fab3f4a9f46c61a009ae320d458a58958adff4763b44271c1702d2e5e9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7F7B 1 KB
643 B 40ms
38ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Thu, 22 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3875 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90e8bd697e0668761364bcfd732338fb0f0767eb5696a872e3c179051abf2ee3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1416 624 B
242 B 313ms
78ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COm_ExDK3oEBGPb58s4BMAE&v=APEucNVHQkaV2WxDMscqdVQOO97AYN8eXIwM8Hl_mmOdxkrtOnAjUffhuBBkC5dwXNJDhpMlH9nD4fQ_pp_rAqA9CYODcE0ED-3exRNa65t7H89eRZv2hi_XsswD723jO2rYvLQY6jJsesj6o5NniZ2qiqVTvF-VpKFtQMWztH-JdqlLetNv_SA

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 06DE 78 KB
27 KB 127ms
122ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06DE 42 B
63 B 85ms
80ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DjpdQahtc8nVWpLRizbGrkivodgCtG08CQtRZFJj4FFsmAXonIZ5GCe0Xml8HXo1Qa6DGHmHI3ut52-44n1clpNoA-JeHhDvGB4BagI5iwHXwjRa8

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06DE 0
20 B 102ms
96ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5006476504175487612&x=1&ct=76

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 06DE 3 KB
1 KB 63ms
59ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28078
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 10:30:17 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 06DE 19 KB
8 KB 64ms
60ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 16:10:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7639
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 16:10:56 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 06DE 0
0 78ms
74ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQQgvzkiNTe7QV6ZFjvwaD_f_q5wVNhDfc8jYXInbnCAmTL93COUka7mxGicmkzviZfrCeumsDMQRed5eWvNHcZHDgnOQ
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 06DE 178 KB
56 KB 87ms
83ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90980421e3762accc4e39e6d786c4fbf9cfc9b1e6bfc4a02550ef3fbbfc585f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57058
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687274360908795"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame E82A 34 KB
13 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1515e0490cf1557ede2b5ec3dc6406900a887f5c9266d862a6ceed337260dd8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 16:18:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13544
x-xss-protection: 0
server: cafe
etag: 12864964378178089087
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 16:18:31 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame E82A 24 KB
6 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:25:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 535959
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 14 Jun 2024 13:25:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E82A 178 KB
56 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90980421e3762accc4e39e6d786c4fbf9cfc9b1e6bfc4a02550ef3fbbfc585f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57058
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687274360908795"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/ Frame E82A 22 KB
9 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/abg_lite_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f3f19a91993489b6d73ffcd539452bc07a9f58bb6d7494c3669364350ca8406

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 16:09:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7738
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9004
x-xss-protection: 0
server: cafe
etag: 14649824622339250880
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 16:09:17 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame E82A 3 KB
1 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28078
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 10:30:17 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame E82A 19 KB
8 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 16:10:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7639
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 16:10:56 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E82A 0
0 47ms
47ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSHLktyhf7l0knrgPLTFzYiqdHskCRPGZaSUbaIw1AoOGyZp4rJtd2EVCsyf6-XJZsOa2cCA8oLrDt62W18qh5PkwcdJw
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CE94 0
0 151ms
74ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvkufuydA4HJOH8J4BnANW5bsB_kqJ_ihhNKwvPGXWcYjoZ89YSS888dyrxHT2kcbLjbuzi3Ea2MIPjoxG5p-l_uzYLTU3oaqXjofmIstMTOiDXhTetkqhdyGcGpcWExaL3iyYTQv6r0Gg6GKJ6KaxOHf5byhQrT7k0gbQJ-BKSIWIbSdvRZzdb689i0Xc95CjtOfR9ydF82deVwNPTbBZC0Yvp5BmhpHufnLGSHQOTubNg1nobZyhR7QqrM5idxxFMpFqGbF0TVX8HlMEhLQWoxCvpR7tbJ7q_G4c5DaU9G-B-pyo711IRv-1rdSwNsJeYhTmXQ_dIiTEY3VVV6oGNt89uiuYitKClDWuppmalKkuYf_NtzyLFuwZL&sai=AMfl-YQUcmHynE2iIKszYa9V_E4783By7ZBarQoVefSB3ajWIoZ-KBXqYyQG-_4Rmaeax1sd7lUTvLUqoLFGxQFWFgnqh27__uh2rQWqRyAEl9Y&sig=Cg0ArKJSzHuDBBUZcvEYEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CE94 15 KB
11 KB 88ms
86ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230615&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de096fe1356410d3e4529f6a78bec96bc9ba0426020165bbc56c5e7b4221f032

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11228
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame EC18 35 B
464 B 223ms
7ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGwwnMYkHTsXIIJu3JT0EFE&google_cver=1&google_push=ATf1kGMrJQjnv-nzv8SsJ-zxqVKuFKgbc9iliFw5NaAXBSJ5u8nOZECJ45KdlaRzozkyTS4TbMH_DK_nhNn62Pxj26lWfZX3Br2J

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC18
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESED8zGRVZvYQUS4RVcSJNBFk&google_push=ATf1kGOMs2Cj6zfhPvjEbcG7kY8J5IE530af17f7jmgAPeDlzUr02rjN_m...

170 B
188 B

61ms
60ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESED8zGRVZvYQUS4RVcSJNBFk&google_push=ATf1kGOMs2Cj6zfhPvjEbcG7kY8J5IE530af17f7jmgAPeDlzUr02rjN_mGEt-ad9VswGENTdnYBj6m5ZxMJH57v4pc-gCXGAtF0

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230132-FRA
pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1687371496.627272,VS0,VE89
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESED8zGRVZvYQUS4RVcSJNBFk&google_push=ATf1kGOMs2Cj6zfhPvjEbcG7kY8J5IE530af17f7jmgAPeDlzUr02rjN_mGEt-ad9VswGENTdnYBj6m5ZxMJH57v4pc-gCXGAtF0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC18
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAtSbhafxGQntTPYeS0JUIg&google_cver=1&google_push=ATf1kGOjbbokzD2ovCiiRqRlaUg0A5zZrwZdk7zItaJQh_Kju__70i_x-viXALpHNDjUIZAX9gdZhuPUsZWmrQ...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NzIwNTM4NzI1NjAwMjcxNA%3D%3D&google_push=ATf1kGOjbbokzD2ovCiiRqRlaUg0A5zZrwZdk7zItaJQh_Kju__70i_x-viXALpHNDjUIZAX9gdZhuPUsZWmrQDNQb...

170 B
188 B

51ms
49ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NzIwNTM4NzI1NjAwMjcxNA%3D%3D&google_push=ATf1kGOjbbokzD2ovCiiRqRlaUg0A5zZrwZdk7zItaJQh_Kju__70i_x-viXALpHNDjUIZAX9gdZhuPUsZWmrQDNQbZu9U3l5Tfi

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NzIwNTM4NzI1NjAwMjcxNA%3D%3D&google_push=ATf1kGOjbbokzD2ovCiiRqRlaUg0A5zZrwZdk7zItaJQh_Kju__70i_x-viXALpHNDjUIZAX9gdZhuPUsZWmrQDNQbZu9U3l5Tfi
Date: Wed, 21 Jun 2023 18:18:15 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC18
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEE5qZ8dVM1MGSbtLRJ3-s3o&google_cver=1&google_push=ATf1kGNhx1ob7QxxMsdX7hB0u-uBR3LLkov6yeV-ldqt4iE_lNwnZIC_EkvzTwGppwyf5Xooht4X5QDF...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEE5qZ8dVM1MGSbtLRJ3-s3o&google_cver=1&google_push=ATf1kGNhx1ob7QxxMsdX7hB0u-uBR3LLkov6yeV-ldqt4iE_lNwnZIC_EkvzTwGppwyf5Xooht4...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTUxNDY0ODE2NzEzMjYwOTc3&google_push=ATf1kGNhx1ob7QxxMsdX7hB0u-uBR3LLkov6yeV-ldqt4iE_lNwnZIC_EkvzTwGppwyf5Xooht4X5QDF...

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTUxNDY0ODE2NzEzMjYwOTc3&google_push=ATf1kGNhx1ob7QxxMsdX7hB0u-uBR3LLkov6yeV-ldqt4iE_lNwnZIC_EkvzTwGppwyf5Xooht4X5QDFeMPkB4gMjGxzCh8PHPmb

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTUxNDY0ODE2NzEzMjYwOTc3&google_push=ATf1kGNhx1ob7QxxMsdX7hB0u-uBR3LLkov6yeV-ldqt4iE_lNwnZIC_EkvzTwGppwyf5Xooht4X5QDFeMPkB4gMjGxzCh8PHPmb
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame EC18 43 B
94 B 233ms
19ms Image
image/gif 35.227.252.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEKAX0IVCAVlNSBlEWqQCPi8&google_cver=1&google_push=ATf1kGMoA1pTrjqJVtf8w1yd-oNbB6j8ysc60u4VyBBrvsRPFHG0y99UifJBRtwrHgu7UsvBwLe0anpG-6djiahoUCXV654MGfY
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC18
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEpFQ04o_Wqqho3iglVKoJ0&google_cver=1&google_push=ATf1kGP6uGladLDY1rhAt_Na2Y-LfK4NUV71XZrxYXgf-kK5x3O9hsaqjzcLbc2PuROK7t3Q0h...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEpFQ04o_Wqqho3iglVKoJ0&google_cver=1&google_push=ATf1kGP6uGladLDY1rhAt_Na2Y-LfK4NUV71XZrxYXgf-kK5x3O9hsaqjzcLbc2PuROK7t3Q0h...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1hOHc3T3FKRTJ1RkhQdXBjbTdzMU5jNUhTdVExS2JSb35B&google_push=ATf1kGP6uGladLDY1rhAt_Na2Y-LfK4NUV71XZrxYXgf-kK5x3O9hsaqj...

170 B
188 B

54ms
53ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1hOHc3T3FKRTJ1RkhQdXBjbTdzMU5jNUhTdVExS2JSb35B&google_push=ATf1kGP6uGladLDY1rhAt_Na2Y-LfK4NUV71XZrxYXgf-kK5x3O9hsaqjzcLbc2PuROK7t3Q0hmlfVlVQUzc02JuIjWdX43Pe1ii7A

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1hOHc3T3FKRTJ1RkhQdXBjbTdzMU5jNUhTdVExS2JSb35B&google_push=ATf1kGP6uGladLDY1rhAt_Na2Y-LfK4NUV71XZrxYXgf-kK5x3O9hsaqjzcLbc2PuROK7t3Q0hmlfVlVQUzc02JuIjWdX43Pe1ii7A
date: Wed, 21 Jun 2023 18:18:15 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame EC18
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEK5dxBsorNEEDQUDbeNdsQg&google_cver=1&google_push=ATf1kGOuDtybDcMTADTIzxxzKZqHmzbNPJYQ-y76EmHqcvQG5JS_FKiM4qlYJtjTT639-aQasL3vAI6rtPMtrZ70l4gyMyqaa6MdQQ
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGOuDtybDcMTADTIzxxzKZqHmzbNPJYQ-y76EmHqcvQG...

43 B
1 KB

203ms
30ms

Image
image/gif

162.19.138.119

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGOuDtybDcMTADTIzxxzKZqHmzbNPJYQ-y76EmHqcvQG5JS_FKiM4qlYJtjTT639-aQasL3vAI6rtPMtrZ70l4gyMyqaa6MdQQ

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

162.19.138.119 -, , ASN (),

Reverse DNS

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Wed, 21 Jun 2023 18:18:15 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGOuDtybDcMTADTIzxxzKZqHmzbNPJYQ-y76EmHqcvQG5JS_FKiM4qlYJtjTT639-aQasL3vAI6rtPMtrZ70l4gyMyqaa6MdQQ
x-download-options: noopen
vary: Accept
content-length: 273
x-xss-protection: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame EC18 0
50 B 48ms
47ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JcXJSApmc1c3qt_EEvIPgP2BzOvaugnFXmrW9ocvywhIUGaU3eENjvGVJqDsBqM4-Av9Bh2Ps

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/795616883461662477/ Frame 8204 88 KB
20 KB 125ms
42ms Document
text/html 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5fc29daa67f3830d0f03767227558474c4144a5ce22f9ba6ffc77b05e523f516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 335421
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 20042
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 21:07:54 GMT
expires: Sun, 16 Jun 2024 21:07:54 GMT
last-modified: Tue, 24 Jan 2023 12:13:20 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 078A 0
0 270ms
83ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuT9Ko5ZUDNqp6CjVSOgZ2AwTC2LS9CLbf4fT44K5k3t2c0uULeGzaC_UKXANDUumhx5YkItG2G4xfXYcJDf6IZOAyj_psfwi5YgEAACpaW-fw1RyW_GnsUA9xBSYmZUrrTAfO-mO8BeUp-Xb9o3bxPpBj-qEggPQdqO0bqB-WdpVWU2w1jDANL9qtTYXSnNvXNXLDcwdPQIqWmyxvfgMmaZbL0PdTHxi3VeKTi-aFIB4xpvSciiTmnO6Srb3kWwGv_VysjzSqiJ9pvx_wd4ZhEujZz2sZOQemhSFK4J4GcvSK7CfO5kNJWZ-3YOPTpXBt_-lJt83PBncCDaz6A7JBLPRw0doBGyi8IrtgqqhwB1njSNc6abSCKUyitf103_gTP67__O-CrEYegycFmTC0F-8fb8vddFTwtL7HmgT3wBQmVBdwCbs1JxJw7RnjfkWQGoLOMFheTQ0MMj7fsxd5Aac1mwh5mRYztGY3P8yWTuiM0HwNLi8li1IPhjxTBv99kl8tbvfurR3s-zyw6DLruZ63NgLS5hd7QCxco0UPOLuTsOYdbY5Y7zV3j0lCcYS30neEmREb7JCP_K-QUCHJj70aqrjfQB3tqKoEUzkNdxUkXOP2w-4J5GPk9-TFsJnGY1tw_M3hzVMLoAFKYjynzhLxeGVPln2shBpQM-gd-b4O_ckY_Thl262P0zehXLMgULHsidJi4j8t2h3doCP_5MbMRRB-9_AumQZNiWjkBrZrQNcnghj2LJndC4WRbuINZI3Gu4HceR_3uqf-HT7i3nVSL_Y8vIc96v5VTNY3i4C1PAKTeMPPPF0wH70xGN-lcY6b4Fb9OsZJkwlzdsyy8Fd_DHQwUMyrqwQUbReC8MfF4ZtqxiRCUpLdFFJrmzfz3RrerN3p8PDeDw09skf0Jv0WvUbNwvqKc2mkz3FHkODqo_8d5qK1s6rPvrx0hMv-9oLDIc134a12HB76le6ZVVLovDyX3pRkLvWqpG9c34Ag4XFfl_uvDN0fC3B0u_LvidZxn-RPfVHBLIUjkkUDZIO-Ck_JCLWE01eFwRKFZaJI8pACOgN-srEqc45Jsq8kK-IbJOtSnQwx-h06yVseBB77l3M5-m4GltX8C18eMcLdoO0HpO5fned_FyghO5BeEHG8KY1AHf0BcsPjdR53z7LJ9Gv26M51Bx20xtlcZMwcagoI7GdCPVuL0CkpAxvAd5R2Ea4B-ZnWoGgBX6UT-Jo3qyxO4GViD8rIftyc3NIavAv_PV9E1nM1ec3stl3E&sai=AMfl-YSpJIcP99u1th9S84NGUk_oWQRCP0XpHjw9rwd9A-arw7PW4ZhuoMrNJylaW3Z9dkDWH05456eyC_Sbn54U_luglgkqJ1aJBaxHJspXa-xfxjkv2WRhqQiAcCvZaQh-Bf-g85VpF6l1aWFNcT3KZHz537HN06mwTy7r2f_T-u8s0ccCDRlaJchJsFf8bptAXej30_dYvGRsWPsAqbdmPsEa8mM5kmnJry2pGIuphYn0CV_lIMWjF8AY1bnvNOtieYZ9&sig=Cg0ArKJSzArRBSsBfCpXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=305&cbvp=1&cstd=291&cisv=r20230620.78622&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C2E
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIBVjy0kNlqzcaqkPvJFjgA&google_cver=1&google_push=ATf1kGMFyeFRQIrfwGSODYPhzyQueoxhH_Z41xQwwNU0si_ONoQ8AE9v5XkoGkYxwUUvvQokov5rJl2K3QRBwsWI...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGMFyeFRQIrfwGSODYPhzyQueoxhH_Z41xQwwNU0si_ONoQ8AE9v5XkoGkYxwUUvvQokov5rJl2K3QRBwsWIgzHZwwXguSIMAZQzjdMQBjOdI1M6wm...

170 B
188 B

58ms
58ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGMFyeFRQIrfwGSODYPhzyQueoxhH_Z41xQwwNU0si_ONoQ8AE9v5XkoGkYxwUUvvQokov5rJl2K3QRBwsWIgzHZwwXguSIMAZQzjdMQBjOdI1M6wmFl_Dum0Y_fRBVuLOfkytC7fL4

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 21 Jun 2023 18:18:15 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x7 config_version:"1438"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGMFyeFRQIrfwGSODYPhzyQueoxhH_Z41xQwwNU0si_ONoQ8AE9v5XkoGkYxwUUvvQokov5rJl2K3QRBwsWIgzHZwwXguSIMAZQzjdMQBjOdI1M6wmFl_Dum0Y_fRBVuLOfkytC7fL4
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 21 Jun 2023 18:18:14 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 1C2E 0
174 B 190ms
20ms Image
text/plain 34.96.105.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEPsz3J1npvaZVwioHsN0c3Y&google_cver=1&google_push=ATf1kGN7prTcJhzpxWmGvIy8FgTpsqhVTV9R5yAhmQNA66LubAbhPV5kanU0koSySqvA2ZmB6Du94rbBGOx4PCoGojVsNy_HUFGJDjKcVTXUBRmYxb6bHEBsBdLHqo7Z00wAGpxW63Q68N8
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C2E
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMaLUqkhDLEJhkbOdKIPzY8&google_cver=1&google_push=ATf1kGNfmIkEkeJ3XxDQhMJ2PGTUe6EbXALq50D-K4N12PYi-jSrUtH719O0fdo0nIz7E-TrEBZ1Wirb2bx874Z6aJ78...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEMaLUqkhDLEJhkbOdKIPzY8&google_cver=1&google_push=ATf1kGNfmIkEkeJ3XxDQhMJ2PGTUe6EbXALq50D-K4N12PYi-jSrUtH719O0fdo0nIz7E-TrEBZ1Wirb2bx874...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNfmIkEkeJ3XxDQhMJ2PGTUe6EbXALq50D-K4N12PYi-jSrUtH719O0fdo0nIz7E-TrEBZ1Wirb2bx874Z6aJ780nv2sdcxGjVKZxYEnrunq6WPmZ43-QfZO74us-H7qD...

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNfmIkEkeJ3XxDQhMJ2PGTUe6EbXALq50D-K4N12PYi-jSrUtH719O0fdo0nIz7E-TrEBZ1Wirb2bx874Z6aJ780nv2sdcxGjVKZxYEnrunq6WPmZ43-QfZO74us-H7qDhksyY-ZA&google_hm=CdRz_dz0TVaryPKdwMikQQ==

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNfmIkEkeJ3XxDQhMJ2PGTUe6EbXALq50D-K4N12PYi-jSrUtH719O0fdo0nIz7E-TrEBZ1Wirb2bx874Z6aJ780nv2sdcxGjVKZxYEnrunq6WPmZ43-QfZO74us-H7qDhksyY-ZA&google_hm=CdRz_dz0TVaryPKdwMikQQ==
date: Wed, 21 Jun 2023 18:18:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C2E
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGOD8b-vtwzmGM8WlgfptXM&google_cver=1&google_push=ATf1kGMaifAj24GGN3xHBN1w5VstNVPXKVivcU3XSKK5N7uDPmJMI63DxFIew-R1oe90zEnDIwj...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtMTUtSENQVg==&google_push=ATf1kGMaifAj24GGN3xHBN1w5VstNVPXKVivcU3XSKK5N7uDPmJMI63DxFIew-R1oe90zEnDIwjgGU0LZbFxq6Rb7vzRKMieRPaSe...

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtMTUtSENQVg==&google_push=ATf1kGMaifAj24GGN3xHBN1w5VstNVPXKVivcU3XSKK5N7uDPmJMI63DxFIew-R1oe90zEnDIwjgGU0LZbFxq6Rb7vzRKMieRPaSebmh0wgzaBXgHYSkO2_MvU0kJhJucN6x9bY6HaWteME

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtMTUtSENQVg==&google_push=ATf1kGMaifAj24GGN3xHBN1w5VstNVPXKVivcU3XSKK5N7uDPmJMI63DxFIew-R1oe90zEnDIwjgGU0LZbFxq6Rb7vzRKMieRPaSebmh0wgzaBXgHYSkO2_MvU0kJhJucN6x9bY6HaWteME
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 54ae5f20a7acdd83fd00ddb00e96a2c1
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C2E
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEHjyeZ_B2IxbKDDoDAVzouo&google_cver=1&google_push=ATf1kGNZta3AiTckNTQLNHHWlOT6PEkDypKypyQ4isqDakL84AIoOoYrlw_z7NZmhCFc4Gfvd03OJht_m-pMNClIlfGoVL...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEHjyeZ_B2IxbKDDoDAVzouo&google_cver=1&google_push=ATf1kGNZta3AiTckNTQLNHHWlOT6PEkDypKypyQ4isqDakL84AIoOoYrlw_z7NZmhCFc4Gfvd03OJht_m-pMNClI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=l_hmQUjQT4KNiuWWrUEVug&google_push=ATf1kGNZta3AiTckNTQLNHHWlOT6PEkDypKypyQ4isqDakL84AIoOoYrlw_z7NZmhCFc4Gfvd03OJht_m-pMNCl...

170 B
188 B

54ms
53ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=l_hmQUjQT4KNiuWWrUEVug&google_push=ATf1kGNZta3AiTckNTQLNHHWlOT6PEkDypKypyQ4isqDakL84AIoOoYrlw_z7NZmhCFc4Gfvd03OJht_m-pMNClIlfGoVLKXtZtxo4-C6FTDMU6zxupqHKUivgqJl9LGxtiMSvmbbo3ZOg

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=l_hmQUjQT4KNiuWWrUEVug&google_push=ATf1kGNZta3AiTckNTQLNHHWlOT6PEkDypKypyQ4isqDakL84AIoOoYrlw_z7NZmhCFc4Gfvd03OJht_m-pMNClIlfGoVLKXtZtxo4-C6FTDMU6zxupqHKUivgqJl9LGxtiMSvmbbo3ZOg
access-control-allow-origin: *
date: Wed, 21 Jun 2023 18:18:15 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C2E
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEG...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGN5VMuJAvldFqzLwZs_9yUd0k2w78y1RhNKuiIOpMlXUnmN2gUnD-7yEO0_m3Kcc4ooRDYxbBk4wN3GjwTPNw1qELi41DASdxmVMFTskbNXCO00baTe_ehqtDSrCdQ...
https://sync.targeting.unrulymedia.com/csync/RX-47bb84bf-1e08-4636-9240-3e16fc743b6a-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGN5VMuJAvldFqzLwZs_9...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGN5VMuJAvldFqzLwZs_9yUd0k2w78y1RhNKuiIOpMlXUnmN2gUnD-7yEO0_m3Kcc4ooRDYxbBk4wN3GjwTPNw1qELi41DASdxmVMFTskbNXCO00baTe_ehqtDSrCdQ7ri47...

170 B
188 B

49ms
49ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGN5VMuJAvldFqzLwZs_9yUd0k2w78y1RhNKuiIOpMlXUnmN2gUnD-7yEO0_m3Kcc4ooRDYxbBk4wN3GjwTPNw1qELi41DASdxmVMFTskbNXCO00baTe_ehqtDSrCdQ7ri47nmRiZ7I&google_hm=A0e7hL8eCEY2kkA-Fvx0O2o

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGN5VMuJAvldFqzLwZs_9yUd0k2w78y1RhNKuiIOpMlXUnmN2gUnD-7yEO0_m3Kcc4ooRDYxbBk4wN3GjwTPNw1qELi41DASdxmVMFTskbNXCO00baTe_ehqtDSrCdQ7ri47nmRiZ7I&google_hm=A0e7hL8eCEY2kkA-Fvx0O2o
date: Wed, 21 Jun 2023 18:18:15 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX47bb84bf1e08463692403e16fc743b6a003
content-type: text/html

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 1C2E 0
75 B 216ms
19ms Image
text/plain 185.86.138.152

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESENGDXH1KpHmRXtK3XuQAaAI&google_cver=1&google_push=ATf1kGPtsb4Y-7Izi3C6Ytsc0iNW_l2gVTZy-fE99nzi0NMZ6ILG4K1mfj-xQhdUkeF_PLBhmXccd3L_Y0mRjvIMzYpimvLt4DKYw40wEZj040nJc2e_aYvyh8Fm7FkdXwxeHPizx9uJ6w
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.152 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:14 GMT
content-length: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1C2E 0
40 B 58ms
45ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LDasECJIZcKJxNAqgbvoXNaVrz-S6xrsjUXjz4iAmWV0w5OhTDur0qS1IIeAh3z7x2TdbL

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 8392
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEEb3iVzcGLhpcqJfbeQ7moU&google_cver=1&google_push=ATf1kGOZYYovdbnExI5yvy8ExmGITsxdnJm_FjTc6UDHHJc581qrT5banU-Jh7wzhWo34IZgT4cj6W9uDO9J6Ctz6W8ajbjYn4zZSQ
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzUyMjMxMDM2MjExNDEwNTM4NQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEInqAG128hFrCPX0cEwZpCY&google_cver=1

43 B
398 B

80ms
19ms

Image
image/gif

2001:678:cb4:bbbb::11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEInqAG128hFrCPX0cEwZpCY&google_cver=1
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 21 Jun 2023 18:18:14 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEInqAG128hFrCPX0cEwZpCY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 8392 35 B
465 B 187ms
7ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP2YJ50vbt5Nsdh-TxvrmD8&google_cver=1&google_push=ATf1kGOitomvKheA_rbqjrtyMmA4ItXLiZojuh-9U7XtFdg1eROD5gvbtxxAwrsbLNkHm5b0B1y8t0E3RCWvC0YHl50-ixxcsABnlw

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8392
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEIKIsJTO7YAsMc2ZY2V6NbY&google_cver=1&google_push=ATf1kGNIZbx3gnp7nNS2ceiQs7PaBrb7dOCBDGKLr3kVavte41mo2x4qMdA4_zOMANMb0FtFRnRPm5hXRzBPRAFiK2mDcaPcT5Pc
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C92EC5096E5C4F1F94AC1FB8DF7E9B03&google_push=ATf1kGNIZbx3gnp7nNS2ceiQs7PaBrb7dOCBDGKLr3kVavte41mo2x4qMdA4_zOMANMb0FtFRnRPm5hXRzBPRAF...

170 B
188 B

53ms
52ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C92EC5096E5C4F1F94AC1FB8DF7E9B03&google_push=ATf1kGNIZbx3gnp7nNS2ceiQs7PaBrb7dOCBDGKLr3kVavte41mo2x4qMdA4_zOMANMb0FtFRnRPm5hXRzBPRAFiK2mDcaPcT5Pc

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 21 Jun 2023 18:18:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C92EC5096E5C4F1F94AC1FB8DF7E9B03&google_push=ATf1kGNIZbx3gnp7nNS2ceiQs7PaBrb7dOCBDGKLr3kVavte41mo2x4qMdA4_zOMANMb0FtFRnRPm5hXRzBPRAFiK2mDcaPcT5Pc
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 20 Jun 2023 18:18:15 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8392
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEELHAqKvzKNWInK99FJy8Z4&google_cver=1&google_push=ATf1kGMNXcNuoeLqNJkEdPNVrZ3eU2XzQ3ZANdl6c6wQtuzYujLwXQQ0__xXocdPxSOWuc1mmy6jyUomr9LrAG...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NzIwNTM4NzI1NjQ2MTQ1Ng%3D%3D&google_push=ATf1kGMNXcNuoeLqNJkEdPNVrZ3eU2XzQ3ZANdl6c6wQtuzYujLwXQQ0__xXocdPxSOWuc1mmy6jyUomr9LrAGMBJV...

170 B
188 B

51ms
48ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NzIwNTM4NzI1NjQ2MTQ1Ng%3D%3D&google_push=ATf1kGMNXcNuoeLqNJkEdPNVrZ3eU2XzQ3ZANdl6c6wQtuzYujLwXQQ0__xXocdPxSOWuc1mmy6jyUomr9LrAGMBJVw_EpT6ydLEqg

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NzIwNTM4NzI1NjQ2MTQ1Ng%3D%3D&google_push=ATf1kGMNXcNuoeLqNJkEdPNVrZ3eU2XzQ3ZANdl6c6wQtuzYujLwXQQ0__xXocdPxSOWuc1mmy6jyUomr9LrAGMBJVw_EpT6ydLEqg
Date: Wed, 21 Jun 2023 18:18:15 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8392
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHTFg_WKkiBpwiSzC7Xq1VU&google_cver=1&google_push=ATf1kGM8lE5SKTtgd9xNvKLMs5HPPc0uQsSez4mntfN8M5D6Mo9rwLfPnh7OEvtDVLLKvkjpw3r...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtMU0tSkNOUQ==&google_push=ATf1kGM8lE5SKTtgd9xNvKLMs5HPPc0uQsSez4mntfN8M5D6Mo9rwLfPnh7OEvtDVLLKvkjpw3rIECp2Q_Iq5JCZX0Y_RuY6its2RA

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtMU0tSkNOUQ==&google_push=ATf1kGM8lE5SKTtgd9xNvKLMs5HPPc0uQsSez4mntfN8M5D6Mo9rwLfPnh7OEvtDVLLKvkjpw3rIECp2Q_Iq5JCZX0Y_RuY6its2RA

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtMU0tSkNOUQ==&google_push=ATf1kGM8lE5SKTtgd9xNvKLMs5HPPc0uQsSez4mntfN8M5D6Mo9rwLfPnh7OEvtDVLLKvkjpw3rIECp2Q_Iq5JCZX0Y_RuY6its2RA
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8392
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECc5bR2Ki8tAmhZPVsCNuNc&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECc5bR2Ki8tAmhZPVsCNuNc&google_hm=ZJM-5kTZvP6SkGsr3-152QAABG8AAAIB&google_nid=index&google_push=ATf1kGO6NGOUoA2SNx4nWKOmJq1US1--7rmI5...

170 B
188 B

53ms
52ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECc5bR2Ki8tAmhZPVsCNuNc&google_hm=ZJM-5kTZvP6SkGsr3-152QAABG8AAAIB&google_nid=index&google_push=ATf1kGO6NGOUoA2SNx4nWKOmJq1US1--7rmI592rsK8j3Edd8NzbvZpe_ik9R-_PIv6aZkYqraU9W1_VS2pN7fO-_gLSCEIC7vUEFA

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:15 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECc5bR2Ki8tAmhZPVsCNuNc&google_hm=ZJM-5kTZvP6SkGsr3-152QAABG8AAAIB&google_nid=index&google_push=ATf1kGO6NGOUoA2SNx4nWKOmJq1US1--7rmI592rsK8j3Edd8NzbvZpe_ik9R-_PIv6aZkYqraU9W1_VS2pN7fO-_gLSCEIC7vUEFA
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 8392 0
75 B 211ms
19ms Image
text/plain 185.86.138.152

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEGNdtot6ucMH2HhR_o5f9ug&google_cver=1&google_push=ATf1kGNfYMVwCM5u94ahAhDN7jInUNSZ3P8S5A2iYOLThzwk47N17xZORRZLfBE4hw5e8IWsfPPsqyP-h2-wuwMPCywpHPn1ey-kZg
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.152 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-length: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 8392 0
40 B 53ms
46ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L0zBN6NLahQDsvdeJb2MhShu3tqzWxLktx-CfKe7FZY90cuQDSbguGgBW1OBnXbZIxy9sX

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F7B
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESED2eECyggE3QHIvQTiMy-rc&google_cver=1&google_push=ATf1kGPfMOZRInUFV8DqWqVjah69vjAEgAeWfisKG0lhT-k-q0_dv5HrF0ejH451SifRH-ylwIf1EmCgy-x...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPfMOZRInUFV8DqWqVjah69vjAEgAeWfisKG0lhT-k-q0_dv5HrF0ejH451SifRH-ylwIf1EmCgy-xvwLOdM7GtiXAAemiK&google_hm=sTOaA4leQd-2CopGWCTopqs

170 B
188 B

49ms
49ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPfMOZRInUFV8DqWqVjah69vjAEgAeWfisKG0lhT-k-q0_dv5HrF0ejH451SifRH-ylwIf1EmCgy-xvwLOdM7GtiXAAemiK&google_hm=sTOaA4leQd-2CopGWCTopqs

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPfMOZRInUFV8DqWqVjah69vjAEgAeWfisKG0lhT-k-q0_dv5HrF0ejH451SifRH-ylwIf1EmCgy-xvwLOdM7GtiXAAemiK&google_hm=sTOaA4leQd-2CopGWCTopqs
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 7F7B 0
119 B 180ms
20ms Image
text/plain 34.96.105.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESELnNBbj_H939zTMDGL8dLc4&google_cver=1&google_push=ATf1kGMjA6NbnlNlzzkLDcQX3z1oG495tII4182RnF4hNsqXoX-tkytSzlyO39s_5dsWlVjhA5pNom3u2QQI-3YncoeRG7mkjnw
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 7F7B 43 B
363 B 190ms
15ms Image
image/gif 178.250.7.11

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEK6UNxTBaacR3NWZL49jroE&google_cver=1&google_push=ATf1kGNbcAja9og-hzfUVoeLWTrtI4JGAN-KQebxbikR-NXBbFY4gN51xTDDQFlq8FJ5-zuwNC0dMnZ60dEYGDDhgFSRcek9W0I

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 172523
expires: Wed, 21 Jun 2023 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 7F7B 43 B
236 B 194ms
18ms Image
image/gif 35.227.252.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEODGBY0xeR0PiHPUfogQLs4&google_cver=1&google_push=ATf1kGP84kf1RcOBLCXUKeKyEjLNNVI9BkRbIdq7Yx7XS9CrukjB06o4K9fmAvTT3TJWspAPs_b7cb7j3UtxWkfYjB-yyBFusbok
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F7B
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDsKjuyLnsnlcczdbjLwlOQ&google_cver=1&google_push=ATf1kGNoSEyuDE0UY4FMGlwMgRy3sq-jchVr-IXPAoOeosdyTjKxhxSOImEKt6R2NhrqTQiAFk7...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtSy1LQVg5&google_push=ATf1kGNoSEyuDE0UY4FMGlwMgRy3sq-jchVr-IXPAoOeosdyTjKxhxSOImEKt6R2NhrqTQiAFk7CJBgttPvTAZRp3tm-O_nG_XY

170 B
188 B

53ms
52ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtSy1LQVg5&google_push=ATf1kGNoSEyuDE0UY4FMGlwMgRy3sq-jchVr-IXPAoOeosdyTjKxhxSOImEKt6R2NhrqTQiAFk7CJBgttPvTAZRp3tm-O_nG_XY

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEo2MUY2UTUtSy1LQVg5&google_push=ATf1kGNoSEyuDE0UY4FMGlwMgRy3sq-jchVr-IXPAoOeosdyTjKxhxSOImEKt6R2NhrqTQiAFk7CJBgttPvTAZRp3tm-O_nG_XY
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F7B
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMRkdtbEt-H9XvBj7FQnkIs&google_cver=1&google_push=ATf1kGNt10kCoz5urMpmohjS5MH7Tu6lcNAhHgYZdKJtquhLuHduf5XvXkttu3aitvOg_WRloxb1ImxG7tn6FEOD-...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMRkdtbEt-H9XvBj7FQnkIs&google_cver=1&google_push=ATf1kGNt10kCoz5urMpmohjS5MH7Tu6lcNAhHgYZdKJtquhLuHduf5XvXkttu3aitvOg_WRloxb1ImxG7tn6FEOD-...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNt10kCoz5urMpmohjS5MH7Tu6lcNAhHgYZdKJtquhLuHduf5XvXkttu3aitvOg_WRloxb1ImxG7tn6FEOD-VWIHUdiYkaq&google_hm=G2qqtGZHJtTMqg97R3us-LDB

170 B
188 B

52ms
50ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNt10kCoz5urMpmohjS5MH7Tu6lcNAhHgYZdKJtquhLuHduf5XvXkttu3aitvOg_WRloxb1ImxG7tn6FEOD-VWIHUdiYkaq&google_hm=G2qqtGZHJtTMqg97R3us-LDB

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 21 Jun 2023 18:18:15 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNt10kCoz5urMpmohjS5MH7Tu6lcNAhHgYZdKJtquhLuHduf5XvXkttu3aitvOg_WRloxb1ImxG7tn6FEOD-VWIHUdiYkaq&google_hm=G2qqtGZHJtTMqg97R3us-LDB
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F7B
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEFl0sdaOA_HQDvENahdgt9I&google_cver=1&google_push=ATf1kGPCMfaGc4GolKlIAfdCRWpuLPVHP50XKIurp9aBuNsppC4vgBMyZiwJGq6NlOxndSrY75P1F2yvdiGZ1pE2...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPCMfaGc4GolKlIAfdCRWpuLPVHP50XKIurp9aBuNsppC4vgBMyZiwJGq6NlOxndSrY75P1F2yvdiGZ1pE2wVMuPq9v4R58

170 B
188 B

50ms
49ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPCMfaGc4GolKlIAfdCRWpuLPVHP50XKIurp9aBuNsppC4vgBMyZiwJGq6NlOxndSrY75P1F2yvdiGZ1pE2wVMuPq9v4R58

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 62c19c8529da15502cb35329ecc9b474.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: CDG50-P4
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPCMfaGc4GolKlIAfdCRWpuLPVHP50XKIurp9aBuNsppC4vgBMyZiwJGq6NlOxndSrY75P1F2yvdiGZ1pE2wVMuPq9v4R58
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: 3JUKm6V85VNQnVsx-joZmgoXaCKLZt_8_X1BvvamiwPWzFmg3Nir5g==

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 7F7B 0
40 B 52ms
48ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lu3BurUruS3hPknH-kTBg3ay8VIY8PqUUjy_Mt0zKHrTkbJDv_IfIXAafaK7iGUZnXRSql

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11934569601524222564/ Frame 3B29 13 KB
3 KB 155ms
74ms Document
text/html 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

293c4dc30efea546e286c0185dce44c51099dd75f3486716f08547a8df84d6a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2688
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:15 GMT
expires: Thu, 20 Jun 2024 18:18:15 GMT
last-modified: Thu, 30 Mar 2023 10:59:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F934 0
0 242ms
88ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssslyOOxBEJw0_QiFo82AIx1S1itS4H1nJdVKOCpWy0Zu1lR3qqUo1yp6BH3FhyzvaPzEuT_KUBHZ50bLXScE9hosJfN0bi_BuEuAHl8xtFqCFopTZSgRIGvgB4XIIlWBq5NwnW-3UD1x9sOSFo5TPro7UuP7Yq3pSeYBgOWKZDOtlI_CwbElvAGjzUeU510AOwtecZ8HoI6fuJ3_ojbamGwInmpadGBP9Y4wzsRJcA-sKLM85j6hsHAu1tuPZW8gMb_FrFvJ-gWOIg8j8V4ORWaxYT61DZEL69f91amdRP2ZvVNPPbzy_ccXexa8kDpjDbphFREZJEQ3iqKtqsCLGbDuESGBY7F7sndCFVjKxNixn-4SzyVHlZFSYKtvwncoD7A-nlgkZB1cOYE88bAYwfHDhdW73owklwJc6tMwIIP5zRIw4aMeqG-j6PR0Y4ojvbEl6OT4BZuuafhhJzOz_Cne3MUstw0X_EnWN2GU_8l59_0Y_1ya6f1oD6tlaMT6AOlojzkPBT4dz1RBO027_OzZ94fLdThtzenAmxMTVPwE8VBQXxt_4gyWW8JLl1SMOUJQyVSrASbfN0sxFIv595fcprtFzfu0UrFkm5u156R6gW_dv4exRCq3PAd_blPMgF0boOAe6hVtdi2L08XOay_cyAFOxQnPqS9F3OGWLgYiEirPJkBt4Kqh0qlHnY9W9agnzktfaVQbyi02NKfYNes6MW0IqGCz1AEDleTWrhmX_w2NuKoq9jfUEeM9pq8zG9w3MS8WN0PDDZQLGMOpqOjdue9MrzqEEzDitCKkRqy6cUXq5GKvXZL26lOOAhSh8rMpeUMxPsnKbe14MNzzV36LCoSVpWJ7C_YbhuLVKle2c2X0GyFOt_3NVr7fX9Mr2XuUe4I6bZHvqkfKcVgWm1upx7_-HhHrBOxlTHGjWdSXi0gOGPvwYIZoamj4PqsKjh9yw0xWWI4WgOYrM1i6U_QqTBpiO1wEIm7nVOyZeRvj8rh2j6z53Gb0crBIYhveu7r069pCNaXVPi4fLoGGPNp6Lc8Mt0h5mvWiSgl6Ww7cTaBA4nLrFUoHrCkGdnUB4tPuWRDh4d0x1Kh6lfbuGKJQo8ysvtNzSPfmHjxrzwGNNapDC_G68Bu1wEiiSwmnyyu47453kKW-vZfag6Jr27vE5oGkCJne-n5QhOAmUqm8LZZkBL8fYM27MQzd1VSrT-obV9_--pi85Nu9mh1LGTt1J_Fxe3sNaxnTkfXi6ySNDwscHgd3429SMtVYsglHv7rVan4Q7fl6qmWowu4bsoKAajUw0jww&sai=AMfl-YSzvpuhqsTTLoak1W8Ii-oOLuLWYkxF3c8l7aE6NTAwBJ3VlD09NBA9HgWXzAoPojxCHCEVByrtFLZPxMht_WLzcXLY98oSK7ABjT8QcxlJnUtNgrYJOjPTF1lRlQ9TNZfd4ONtHhlNe-7n-pIqg3fC8q3ugueVzUqy-vhGJV5jQMnfqfPRb3KdtebhAmqF2-3eoPytimm_SvErFt510mwWYR7bMkaIlnsxpr6NYqzwWenRXpLmfVegus7u_JvFGLKPofcEfWF73QM63Fm6aioqN6XqOQ&sig=Cg0ArKJSzA0ME1YNZVn0EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=399&cbvp=1&cstd=388&cisv=r20230620.65078&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7493198391404092334/ Frame 7077 13 KB
3 KB 164ms
84ms Document
text/html 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2701
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:15 GMT
expires: Thu, 20 Jun 2024 18:18:15 GMT
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3875 0
0 223ms
84ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuC4gv71T75KvsjZjY5WpiYqYgNgBmwk3YswZjVXeD0ZUAJKWI0Efc_bR_Ez-Noa9Iy07YBmBnuGOwym1oKp6CWjFFiaiOkKll870dMJg6N8-xgrhqU7Ix2JTwDAAN_IvHX344jBAYxFBRcCIe8HsyumyOh6hS7VJFErQwt7Xz5FytCdco8nZHYMiGIdPQAcw4pqyrgPdu0FsNa2nFAi7Xl5aI1Yh2IXoDL-IcGfqoV-U2nIMLMP_kfMOMksitB4YcgAfvg_KRatlMiQ9BEx7JCR48F7fFFkXGFDKAv43mtENuUy2J7QGOXlo6FuT7hGMjsSfwdaqE_K9tsWQ9fGZYoQ1gBkD12JPcX0AWMMvouRL1K9Yd_61vYPqvHEeGmMRjthxcfC4zSW8AFCHFtRZih_8voBzIP2C-CuN1efH2HHfJc33PfVVqOtr3pznhmulrNAg-3iqB6DqKVoPfGEYX4Yxs6KhCCob5ji7TgzFLNeRAIB-YrJObtqI00oRIXwFxw4K2JASXGMgY8_yfmNFZ1qFeN1m9ey-GMfPR8vW6FBALuFnWQeOY1LSqLZbYMGnCK2aHOeDZsLSVpumMPHNEW6xNQHL1m4xDBs0CVEHfIE_k6bCtP8x03kzxg0ohMhEgW3rpKaZq34mbh3mrBf4oFYCvgUwEOLnPuvEo52rmoP46U0ZjJ5DYi2CPF4JOFKau30SMjSdRDmVQIaK6o7Ps7mCr9iSLpZuPMrrHCElo3D5omjF063ClxyTamB0Tm717gED46uj3yhTu413qni3IzTQh87n_YzcDyhhgw-cxfeT2Ie_hjeu0DmvqpQba7Yc7VCyBYoRSWUgVoj5HOulmBKw5Mar5301xgTspW2Dxh4YfnXg8M7cZ0mL8A8Il99Ml97M0dirMM6lTkkKHIzQRpy0doTWqVChgWBW5wMt1yYZ7QdB0vDvFPnGzCYMIh_U54T7dMCj41hrMff6uepQlnEzElckAELfnBkE-CJ12zvvPs_h_elRT2M4N-0A5f08rQVEV7WsM9Mi05pfQT-pmIPE7XjcqVk_I0XSgM8v31LG-AIZsTagVBmbsl7FYHGi2mt-afySMkGfZm6EsQuLZUP8jYF8cda7vFVP6zDGyVUclRYt54pR5QphkSBiGv-4wferoeK4aqJ9epvLOpxj39JIGULu0A8cWoW5pNcjMEB4kSWR7mv-ovmkR0NrynJ2oAGvLRewOKsol7M0mO_tzEU0drhj2f0lggFg8Dkn_4cX_uSFncEX0ADtrzkM8bbNOIjoPqiT4_Mugn905vdfKhFMN30djStCPaeHuD&sai=AMfl-YTUMahwa4XvWmp3EgRU_Oyg4wi4367922FrWu0lv6DgVVIF4VOwPpDyR3nfl3JFdo89xhhioFYuSiguFm3GWZoRMrYA94preovuMDFOKyxzCyjk9rOGrjpWgypvrGDgCTpHO-jkDsWnCwqnUE3qZWImRoS-XuRMQES8T6u8XLYgy5Yi4QjOQw-xEphvX8nK7Msv-Yx3icJzzh4h9anqZMcN9y6jiG9lcg0wTaEREWf1F3sYEd-Fvfo9Uw3bST9kbyzl3HvcaGVv131zlseupmz_7RNvgA&sig=Cg0ArKJSzGAZxXYGWIanEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=372&cbvp=1&cstd=362&cisv=r20230620.62324&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13151972954896785613/ Frame 60F8 126 KB
34 KB 138ms
58ms Document
text/html 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=D3tdDF3tnR&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

35e04b4855605c908b85662df66fa3f5fce2fe1fa2d284873c1349b101bd7bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:15 GMT
expires: Thu, 20 Jun 2024 18:18:15 GMT
last-modified: Wed, 22 Jun 2022 11:30:07 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EE50 0
0 213ms
87ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssPXSME7vgjcsIWez16NCNPA7N3RTXv6HN7xBk3llnvFUdfMeFVYo7S1LMkQqoWwsC0GFKfkN21nO5yycmxS6si2ue_19jqyK67GPD4wV75TYcNbspRWUdpducSzG_Ygk04yjWf2ZtG6ujJCsmjZGx5kTz77q6l4QWfNRe6--GyrFhh17kwREPI-oMyjQbys6NMbl__96nCPDOV7rR7lqFtGumTIybLSniFcaLOm4S1LNjpHj-M-oW3vlX_rDNmRVw66AkKV1wwiGC6dL3CBR3N2pJQRCnwO_la1tIldS48iYlsi1vkpYv5R1E_Gs5x2sLGIE0YAGwMC1p2L5MTB2oGXkFJpFIZhO6FWSs9weOCtI3tSFHUiKgjJdehRnHMcGFWbQSuoPocN6NQuDYkzapEBQ7GaNkMmAbrPpsNT9cm57G_BJaVEDj9l4rjx3bCzyPKkXxhIc0gjB_6nNji5nMvwhylIynzKRd7blp7EgRyioKsZmzWhE-XW4mj7vzdrLo8gXFECfx8gnbeADMQVfbvzewJldoBOtKVu7E6ulZ6cR7kj9_x1XkprqvfXvGunZ_Qny55zB7GOOKPEHhORgVSz-GzUenjqjFQLFJ_MIoJglAadrQwJlddF5SLciHhS4M7xu87igCrJ0atsilsPUN798sHGn88LW1cFJExqSr2hNk1zuiaaWLeigz9HQort511q2WIidBu9xF_3SHCBigclFGsYH7NAx98J5uOvmAjJXMChMWbqrINeqMqMDua5_3pV-57yysGxiryV9QRwLheiv-p9GBXaGB6s2eUlg0UXGgxTDdIKDZA7LVkITdG-ofpibuHCZ3lPygzERKei0Vfwa3NUYxz2Z7wzHsue-25kAM8enXA_m0at4F5dHOUvZERgODnDpGheSFQJpRmC033PuTv7sp1j8FuhmfiQqm4lfZEA9ZlKmjdjGx8r1NYOcs8wuncNUyOahAYJBfqL8g9w2OMGUUCh13Tkw2eRtxkfpJi_DEndNXl4VDi1UnATt9OOQ7wb4qA2U0VWJbxWtjmC4Mg6BUbW_nNJgl51iQpp18vm-3xm0EONjVOMXpdvNmBZFadOUC4lmhvnYFuWNgqKKiGHB5SImYbuuW3qEUIZfGRlNQNB8-7PeqGDPxNSToLBa01vtG7-zScu1moEKS8P9C7LbtlX79SNhRIj9-0w9ZqrJw0sEj22YBabW0I5disGUJqABYuJF7yydcyQg3ksfyh3u052DrNmXC_wvlfZlcahe1KT7JvjFyvpvwkNe3VjnOlGQQGr3lva0nPEYo4Ohl7DFB8fvajwJB0sp6QUg&sai=AMfl-YRz28F8e7lwmjzUUcTJLBXlGal4ZpxqAYvPwpWO5yx5FlIIwZvlphMgtUczf-UaoWTyXuwMp-9MuuwNDoowAgmZApObUPEr0JyCuAhjAp3LLYafoZVsbZFn-T2A4XoptZwdtHiNK0tMI6JVXlS5g01Eeds4inyjbF0JQA-DW9geSnSHgCzd8YXynMAXwE4Oqs2ftxPIo2Bezp343-jqLbUrkoyl0iD_mNa_x7AV0awUXRzOiZ_X5qeRgxkQd-ndFYKo&sig=Cg0ArKJSzCm451rWKYT6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=378&cbvp=1&cstd=369&cisv=r20230620.49132&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H/1.1

200
OK

px.gif
d.adtriba.com/ Frame EE50
Redirect Chain

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202305_es_nothilfe_dv_pros_367777976&atb_dpuid=di_dv&gdpr=&gdpr_consent=
https://d.adtriba.com/px.gif

42 B
227 B

14ms
13ms

Image
image/gif

3.123.212.69

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adtriba.com/px.gif
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 3.123.212.69 -, , ASN (),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 18:18:15 GMT
Cache-Control: public, max-age=86400
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

Date: Wed, 21 Jun 2023 18:18:15 GMT
Last-Modified: Wed, 21 Jun 2023 18:18:15 GMT
Server: nginx/1.16.1
P3P: CP="This is not a P3P policy! See https://www.adtriba.com/privacy-policy.html for more info."
Location: /px.gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 01:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CC15 22 KB
8 KB 57ms
35ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 45335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 05:42:40 GMT
expires: Thu, 20 Jun 2024 05:42:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3412 22 KB
8 KB 61ms
39ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 45335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 05:42:40 GMT
expires: Thu, 20 Jun 2024 05:42:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2A51 22 KB
8 KB 67ms
46ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 45335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 05:42:40 GMT
expires: Thu, 20 Jun 2024 05:42:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 497C 22 KB
8 KB 67ms
47ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 45335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 05:42:40 GMT
expires: Thu, 20 Jun 2024 05:42:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 473A 0
209 B 47ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687371493256&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:15 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06DE 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9725555649188&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06DE 0
20 B 72ms
72ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9725555649188&version=m202301230201&ct=76&x=1&cor=5006476504175488000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 06DE 86 KB
36 KB 82ms
81ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CheU7kQ34TW6SPA3lHQKNpn7eKb10ReKbTnpjN7d50UE-eRee4SNWCKsTc-uF1V7c1M_govLMTwvI6CTGnQ18P0V9xxg&cry=1&dbm_d=AKAmf-DChYBFqDRczp43hTXJYks9_cIHF9SodOZfd3FLCn4umNnSKAkh6yQsIgDXW6jtJhxvb3P32lc5OEaIWG9C0d_DlfF2XEpFberMufGmcIDXdsCuMcjzQUJ2bcv5NO5qYYLXR2gX7THVtaSZ7MDbZnTfIsLbic5WhR2Lr1C0JadcnM-7Ea3TwemKl2tRjN96i1Ir-iXQ4hyo1kHmH4juZkf_7rWu-yq2uiW7NWdplkhJyNWiSky3RdVinjxoermbIiGvkeTdYNhnWbfNyHBf27nqfOWzTrAPL8MXts5HYAQO8N69_U7Mmj5Yw6iqM_NEfRAivBVyq_k-3nbU3RkQ9hdlHY8GaUbeeXHAfGtkNOGS5UjrFvAQdIeWAL3lmvHo8LSW8n4J8lXTYjpkOxaSeh9fffC9Av5kKIU3If5VVoFD3I6H_WY3Bh-TD89qvCEJb08tOZ0swfDhkT_vF_wNNKBWwLblwrxDC9sgr6QxiUW8bByUZxouo6VY0F37-RVOfH0frtrGyfB81yI6bNLbJjyVooB0JjFgMSwX2nSlOXpYDb5nd_PRrCuwijlnl2uXgaUovR68lysOAxYqbDPRVOSvwqoRJeIJs7zPviUjyhY8hL3e605wrOZm4kWs-e-d6mNN_4ytWHHgayVIyb99kpHzPpi7IuPtdwMktnA5ucwy4KVj9I-ooJgbJneKfqz9Jq_n7f3g3MKN5LKIx2Mkr3NzgvelsSNBBrbqZiI9fM0l3HrAZZIGS36ssrpnwbok9EaU_k4VIA2qcvmh6PSFg-xwMckhBhvPlQIhdKGtB2PTBhRSA1neZgYYOeDOhgZgD3uxTNIczNzcA-e5kTuKaT0iDtITUxBReMNbYkeE1Fmjd0dxbpdfXn-I0pboMyn-3veeuK9quovPTyhH_Vhkr46ROrtKr6wbRKchsB_vJ6xT2ucq9-ewhAs2WXfJAwM4Lbu61cw7J5yXN-kqTppm-U_UHKvrHmLRUM5ZwNSrbhzpvF52qGQfFSl77kvQlKP0t4m26dJmFPGy-Z_P_BJ12Qxo5aEOyMDkgEo7s1XfU_5ige3dp2yTEHFOcZ5T30ZLj90U8CUluOxEgEuW_U74RsLBGt8bSGE0CcFWztMusHk6gIZVWgpAgrsnyrD9VdBXpkIPSXN5Qv6lS2N1zpGofunAol34TSSlbLA5KqQcTftMsdAL9YhUzbVAG8rIXPML_exMb15NIdvg0hdHuZ65Dc8Gg_9vxInJCvgJMglU154iS8q57rwmt_3L6kUxqcgAlyt24EHtxGitWoDOLAa_B4jZm0RCSlKxPVRX4hKYLhslJwiiDJIeOeM6_XB0281chA4uOXLXYoayvjgHKP0GLkvSNnIBeGW2OrwZ7Mnk9LKVR_aTTSBDcWm2xydAZGER3efnNtTt8XZ0wsL1_g0v9v9dB6OXGOZIkDTklepCTvmISxOqTG8cqjpniJSCeWrf_MbzoDJ3mTYvJQMusM65YMZv9-NCG-S3mU_9MNVtF-y6hZu7MHhBYq0YsaXAvHJmVFZRwg53B7OvpPMScjdlUsZFwY-XCvkCpzAy069b5EsZAvDUF3z7PaP4qEN0l4AA6MolFKEVe1xuvE6pPHCmoc6FXNBNYWq5mrzE-eUrfcdsfHnpmmA3Wuj1n0PYHxM6bfLVUzifbWzp1qANpaw2LmLlORqgNxSgNjfWKld_NX9so1V0uz3vHOxfBp4Z1xaUeTNDJKkYRSp63UxzjZjdFj-BdDkuoBw9ASl_2xZQi-W56ysCcpVX8Mv1kBoPrlSmpzEPTnEVUkCr4oQIFNv9AuQW3SCUIO6XFnD7HjKn4i3gNkIK4YeBYvone8nihEfwGRMxNRG4z_Z3_yVS-W_FI5OkELUC-eeHVqLxx2eqYANg1beCYlrKwYeV1GE1JoqD9XB1d9Hg5HBxP7rIyrWhr-3EY1I8pz1JA55HMQg0F3SyasaKn7McAuMXCWufu-KDXJZPxHZwzQ5ZdJ4XHLXLecxNF3x6Q2AzgTFIrn6wkckAVXbVQxw7bMc4h1aWUMiG_ibySSxx4ZDXAj-p1hOkCwU9POtWCZ6zT2S3_8oeMQx-2Ig2oqPlyPPDhUeQLxmIfb-t23Vrzs8DVOTj6pXCupI2ykFsVjNlaIGj71UTIO47bFv95nU4NYnxC5cGQgZnGrX_l-pDWGZT5uGJ8XK4lVF83mYH-ud14z5Z9unoWMEJWVurIjM6uXflnxeKTtGCFw82T6Lmq78fF_3eA2cw4BYHr-D4f0Co5Tf6Bi8UZpYaTBjlzLSe_Qg3GKdXzlRssT6J3HDXFLo3M-kofS0s6aVS1-jhOdFngRnD8YcvPEdlnO4avo84QvSmysRFZBipFoOdvdLVrLx03ASdO4uFCLyoLtL1gKfnnCGRmXNdgE21cwN4WZfB14XisiFipR_dIl0i01UJBg4le-eeoabid5x4YhKegAmJUQef0ShFPyiwvIB20XkGo6xA1iXAndB0sgej2KY3Qf7LR3Tp3FrDwhtjexOXZ9hVNHLrQj5OZ0zZDpSJwo-hcAwUb2naVxIg8ANkJVjInmXOgZv_Ye0fILLM7WQw9o6X85QmuhdhZ9N81pyEVaisA3FShGRfpHs7phSHv5PVqGs9b52paPyCG3A_P6XcwxCkcPlXBAlcCrDTY_6kH7iH3GJL7pT6keUnHjt7U7aDrgcP-7XcWWj1tCb1jBW0umu0BR_eynt_GiPeIQRwKzPg3GHFxdyRzDGB3wHf8EpAmidOS1bZsjs7Tj_z3lqY2H0wIe7BsYuBhz-QQaCrIVW4NOw3NRZdXcZdFarsLk4Nq7CgCemfFtxfuXNODiJrmZhqvz_cuSbYjWB3Sy4iZlsm7GNubcChLHp3CWp_CJeXf231gHDzLafE7lmCJ_w7aQIwCMNRpEn7h_YmfCD8uw-SJBpupjrcPkQXnXW8GYe54k3HTtV6tvxVjZjaHRtMeaLFsPSpZBqCgcwGOE2aOiYWLt-bLcZ_ABVjFWThKCGFG1uUVxMrPUuvS1MnelESmmDffanFhkmcxSoDbuB0z1SAifwqFDa1xCHq_0pi-3FgxCRlmXHS6Td8WIgs84azIEIhdByB24di4pPd5A6DGQ1DwoAfgnkQS7ftFkHNHv_XY9ezxvnZQjwbSQwIMeaw0225GRkpps3gj1yCT59eobbqzfjKLc2e7gwRGLpo8rpJTIsgmutyiLr6dEbYAHnmuzOwyFozTuHcIvw-B38XZBnZRJg9bZbHBoPj-69oVwSjePCKoravIPXSoiXDvrr3dlSz9aAXIXcY-WoLk2E5Jqvz5QdV8fhnAIXCkOjIYY6WhjKZmOsr8e2djT6FwwdEolJ-TOk9YUYyGQ96m8v_soYlRtDk7e086WcA_3plL8EN5CWOAVjUA96qgATBl1Qlgw&cid=CAQSOwBygQiDNfQJuXlyw0cIP151IJ3B7MdLLmQArASqBebC619iCTcXpZ52Nqruk5QfyRVlV2MuJBoVucUKGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5006476504175488000&adk=3587751834&idt=139&cac=0&dtd=40

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47cc8b9ac646b5ea3abe0ab3958bf8bfcfea2e940287392dc73110f55737b122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36671
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CE94 17 KB
6 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3 200 5648818383791576392
s0.2mdn.net/simgad/ Frame E82A 532 KB
532 KB 94ms
40ms Image
image/jpeg 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5648818383791576392

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 23:35:46 GMT
x-content-type-options: nosniff
age: 326549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 544482
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 23:35:46 GMT

GET
H3 200 14952963386359035714
s0.2mdn.net/simgad/ Frame E82A 10 KB
10 KB 153ms
98ms Image
image/png 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14952963386359035714

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 14:12:48 GMT
x-content-type-options: nosniff
age: 360327
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 14:12:48 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E82A 42 B
63 B 60ms
59ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-R_HcC3O581Yk1lYdWJYJpvs8umwOpP6YRbOPvcaIZtmy3Fhc-6QFdM4gAUItvpoz2JIzFQVSRyWdfz93oP9Jj55DgzH93X6ZAcxs3lu-IAJUIlHnkd64e-TickumCpz2TErIJNqiattaOJiytH4XFUdO2Q&dbm_d=AKAmf-BlrabQA-eeGMXAU4z-VcfnMFmoqfj2qqhPzUYCSiYkw9Md9wGKU6MopBoZtkeqe9ZxevRlZKipBE8la_FCFjoigCnVUXnwQXQuB9fYY50-ZJtTXJj3sfSg66R8Va1amfj7iz03ne8IZMKgFeK5gNDlcHtsWZIf8WRpbobvDcRvh0nmrHE10bKRHPjE83Pu1koMTE_p5oUUWfXz0hXbLNZsYmPc-hCVLzdEudCWGoDX-_h_jM1A51nU3vKWte-61yt-PrWyJKa0ndej91XLldBY5oMEisgEUFN1uJBjNtKxH4Vg7_WOFkhFIIkELHjgu-0pHoKk35zq1GNJUJcb8zBnCXs-mrMMnH3rFRAhKtpScED3XKBMFSYUNfY73GvVEOXgG_v8MYpGMmjxJC1ZywHnC3kOh6sC-XoUoNsfmItvILc4vWl3B4eDbPoOTcjvjmh7nJd43EpzEpatpuj-rqEhXL0HJeAdbwlEbicTZWSwEgfxYX50KTpFOjQPt7U0OpUzR5iJOFQe8L6BGP9zVoUJCWJrLqq-d-Yti4z8pIsQuEM079siJnj6z1ThfdPsOkbyqXRh_sqchzcJhiTq6Ksl7K_KhREsHJfGEwdMUjpOEHsqn9EyJfKzMufPmQr90xPoc3j8_E9vnqqNoFpM9wU04ceItZsKPatRTUAv59v9ZXc_cwP9HNJ5V74_b514A4gup61PPC-j3221yYgVxZyvNp6r8MoRPe4BTkqBv0kDqJG9jva2x1DpVMGTBdF6Nso8v7f6KmvfXfoJI73nMVlP368GoTe_ob8lHwxfyU7AczzIXrfC4M50WFdoVjeGlpYEbgYtjG5KMHlSOACi4x0vz4iveFFAzLP22Ktu9bvOx_sjsmMOdaL9k8IM-oeDZZG0gHS91Aa1c3Dk344XCUjcUZY55A6kbzQ3gKziSMNYrGB7FiBtes9VTHY1S9e-WIPsFEEn4G7gv_zEsE60ikmjdh1zVK1HinCUvYcw1NhxttlUSvxkxC8llqGtTnPlDpbZAPkA1QBVgSCKV9n8RygylNB4QAown7ces8BPmAd3iC3YPW0FvIuIh5r35kQit6P2y0wmdN1ReRWpuHVwkzpLaNeGQqGFk2HP0nKHeyoCiswRtOGm9PCwG_ezMYabwPRhyJejsk_WFoQqio2eUBlpOlsP-XeZfzqUoC-UgpG6fyLEXqiH5TQhc1iHnXAYP-YxsksgLh9gl8UMXbdvYDoUuT7YmuzVMKqwHn8kmRaFii1XSiFo6XRkLtmoaRRyt15-HPxpDKNXZl0l_c49OfpS3ZNHdbL7LWp732r0kT4Is5OQwu4-LxxCwL-QUJSSxKgqB5umgCEglbcrg83XKnZbQ0F0Rmo4_QIMGpCvwZCfz8PTOCZAdjX45maWogVHVoCFXo9u-8Yt5VBpfgcB0tZCJOF0p9LjwgVXOJHxOoqch-Wllk2jocQ93kI-8kzDSCCL-4sGE71WleMwE1gPCgRjfOuuuHYEMTw9YM5zqyWn836vbUaX_uXLWEXuOH_ln20bRMBa-YDClEhIbBUOIY-gH-L5WACp88acLgvzB-keMz7CmWsXcyJL49UYPdevYZFR5bKcsl49hdpWDQZrW3KuSBlakBR-Of6odASAEjGhm_VBYBGEQW6-GVlbPXAIx_oFBcCie_iLI8KKGIe5RV7HC4f-sZziVzezM3wwDpTYdHnlycqWC4s-VSLcE8I-mPuC55qiQwlQMrpDxQLlmrH26nH6lfNOxrGCg2bzTFT-7cHMKbbhhIuG2H4Wk7ySESbuLsB9oEA1W4Mbt7pU51Ca8diZBBnj5IzavPfJOcIbJUuchB-96fPGSdEGbKA1nLhiLGVYkulTVCRVr2EQpyUiAu1d7cCbyqcqNlRa5sYOQaJz5HOf3J8YoRSLkw8Ugd2MY3BcfuDmBCOn0v5tWKtUdKbdODtsbDsmwLCiX2rQINKYRufuj2o3QU6GqkNBwPzjnIoO7Yfb7EnJA402slS1MR6zNBp3BTaaM8Riy_BNwjRsiJx0Pc0B0rBGhihYp13v6KKK5gBAA8AQY1h6klL2i6n2o4RoRXrELK0G4ywk8lBCwSSpfEqRQEZYN0qiUTQ3nLBaFECQri8IyaqY6c-IwwXE06F6OxhpUcEwMq88L5xq5UKBeg1apPr3VBBDxFKOV_SuRRkOuy70bdFQ2dSEsVLZnDMtcMMc7FoElTcqGajngAV6OjOYkbb2jJAkLygU1z_--ZndotwNGLmKwH_SS4VgSs-W5sBQ9nJlkuBqGMWj6nLieJl2SdMPC12toPff7lyUWp5n4hm6gMnKN8NkiOrYk8Qi6uZnwA3e_ZKKNkOldO6YoGhBY3wyxnZNsobq8w8ELRNkI7ydeqabbGwVdSOozoCyK3Y1nIyJhr5KG5gM8YJE4vdUXfRSkJQy8njvO38UqolhFmeZa5Bqk5mEe7zJz-Obv_fhzIdayXFskH7JlApIvWGfxu1T9TXCPQiciQ2brpNwhzqWdg-dHDfBD6Ja_9sn4s9zyTZ1CCdDteGMVVkCE5QqrI98gVBl7GcGK7llAA-wUl3aQnCJ_78prZfbjQr6FHdZGK2yMDZjQeN2bHHm93ygHjpk6uhSwLNEHr363EKzt1JtkkzutspmlArXrEXCT4-AyBxAAMhLBtu_oDab2cGwkBIq_LKrI79OkSDArgCjbI_ClB2jn9TWgllvB56joV2ATa4VIoi26Th69pAc1Ykn2GlPo7Px1T7t93e2pEBCS1YWLLVFKaUVTOn49iaQRgZ_jccy1B24zOO2bZo4vRY1dYR3Wa4G38IjMPqfze-oSOzZ2LgeLgUm9tTLKAZx3aE_cMa4OMEqlRbjD5BIN31xI0AT2wwr6OaNj3s-3PhTVg8a02ghBXVK0ZAuqgujFkCsoYkwiTPIq9XnsH-Lj0LkKqaHxmzJSjo4lcG5rCNUt0Pg2faaM31plB_4UVLD-SP50G-Rewd-yhCSFHX2uNbFKuuj-eymvsRbEvj-QvG8DzL_4OoNwNC6wNpz9pfltbn4ZZupgRTpt6XWusJjGCvT0ZDIiaClFdDMK6TpmF0G9D7JxF9jVl57rQpGV9IsBe8V-XUQOSBa4MDlIagYiaR2SglzUDBdkY5aTb2qVeKn6rnUzUnB_l_0OTN4rhImT39MmEsmk6HbID4KWfTm_o6SsvxRYPVFe0lR3rXkIXb_G4l2hXvYHsynIxu-2Fy16a0ics-iY1SL1Y7GIp53xYPS3HBoSS4ZnePKmaZfJ1tyT7OC2f1e-U6xmrmyIkzA3TkToVWynCumM-1vu-PmRdL5nTPBItrlVbO09-SkAOlJoksEQmA2_B_Prf4CIsdbFRqhVHziHyDTOOqBIYdXlxdxKVsUbz0_RiaNS66yCUzq34nl3b0fOZr5HwDNeA&cid=CAQSOwBygQiD0A833J0Gh_1k9xTVcgzahA7GqVIJyY0VYnCq1EAvjxGokOIx2x19TkbQSGFa0YMTh8J2xh0HGAE&dc_exteid=31126510125292206262673248386086794&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E82A 0
0 80ms
77ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CQIQ15j6TZJjBDbOVzAbn6pq4BJf21uZvt5vIrY0R79OivcABEAEgwLKCa2CV4pCCoAegAdOp3fkCyAEGqQLNnsVdpVOyPqgDAaoE2QFP0Bg1g4wZoHyA5cBFcuwvAWRm0exWujYlrQkFuKf0TnzTnW0zrSmNe1L2Iu-Az6RjY7s6LCg3QAzXXUYyoGk6yRCyjO05_LA01WfYKhbyI9_1RNirRd8HKm5puffI7SQizAN4yomrZb-hv5pjaw6z3FbAIqqDXm9bv-aMjQnKkcZz0TrmdGCXJQHI7PiSAWccN3c3cxCw87r_z0DN5el2fz06CmAeXcNuzpiMGpqNnqvaWl-7l1wsLsbuPSqRiLuxuzyhfKbi1OVSKSD5uPzxDqFxXu6LZvzjwATw97ucrwTgBAOIBc75m5VKkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeV1qKGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKEIq1Bxi0kcDlAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwGwE8O84xPIE5vtjuID0BMA2BMNiBQC2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=Dg92yCSVLAc&uach_m=[UACH]&cid=CAQSOwBygQiD0A833J0Gh_1k9xTVcgzahA7GqVIJyY0VYnCq1EAvjxGokOIx2x19TkbQSGFa0YMTh8J2xh0HGAE&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EDC1 143 B
166 B 38ms
37ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 103
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:16:32 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 600E 1 KB
643 B 40ms
39ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Thu, 22 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E82A 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 397c71450267516d7aa88e82c3ea9d8cb9bbcf6303fea3dc5904d631d3cfccff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1416
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHlfbXWatr-_X3amLMTBuaY&google_cver=1

43 B
632 B

12ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHlfbXWatr-_X3amLMTBuaY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COm_ExDK3oEBGPb58s4BMAE&v=APEucNVHQkaV2WxDMscqdVQOO97AYN8eXIwM8Hl_mmOdxkrtOnAjUffhuBBkC5dwXNJDhpMlH9nD4fQ_pp_rAqA9CYODcE0ED-3exRNa65t7H89eRZv2hi_XsswD723jO2rYvLQY6jJsesj6o5NniZ2qiqVTvF-VpKFtQMWztH-JdqlLetNv_SA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:15 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHlfbXWatr-_X3amLMTBuaY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1416
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJM.5kTZvP6SkGsr3.152QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHlfbXWatr-_X3amLMTBuaY&google_cver=1&google_hm=2

43 B
632 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHlfbXWatr-_X3amLMTBuaY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COm_ExDK3oEBGPb58s4BMAE&v=APEucNVHQkaV2WxDMscqdVQOO97AYN8eXIwM8Hl_mmOdxkrtOnAjUffhuBBkC5dwXNJDhpMlH9nD4fQ_pp_rAqA9CYODcE0ED-3exRNa65t7H89eRZv2hi_XsswD723jO2rYvLQY6jJsesj6o5NniZ2qiqVTvF-VpKFtQMWztH-JdqlLetNv_SA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:15 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHlfbXWatr-_X3amLMTBuaY&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 1416
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBpE41nE_pzy_nBhcIolPnQ&google_cver=1

43 B
1 KB

54ms
54ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBpE41nE_pzy_nBhcIolPnQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COm_ExDK3oEBGPb58s4BMAE&v=APEucNVHQkaV2WxDMscqdVQOO97AYN8eXIwM8Hl_mmOdxkrtOnAjUffhuBBkC5dwXNJDhpMlH9nD4fQ_pp_rAqA9CYODcE0ED-3exRNa65t7H89eRZv2hi_XsswD723jO2rYvLQY6jJsesj6o5NniZ2qiqVTvF-VpKFtQMWztH-JdqlLetNv_SA

Protocol

HTTP/1.1

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:15 GMT
AN-X-Request-Uuid: 7777ad7d-aff5-417b-b18d-37f6ec22f3f0
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.171; 185.213.155.171; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBpE41nE_pzy_nBhcIolPnQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1416
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D

170 B
188 B

53ms
52ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 21 Jun 2023 18:18:15 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.171; 185.213.155.171; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a8387add-8316-42d5-8f77-d07ea463bb36
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDE4NjkzMDg2OTAwNzc3OTIyMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 06DE 111 KB
39 KB 39ms
35ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Origin: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:17:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28869
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 10:17:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame 06DE 11 KB
4 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CheU7kQ34TW6SPA3lHQKNpn7eKb10ReKbTnpjN7d50UE-eRee4SNWCKsTc-uF1V7c1M_govLMTwvI6CTGnQ18P0V9xxg&cry=1&dbm_d=AKAmf-DChYBFqDRczp43hTXJYks9_cIHF9SodOZfd3FLCn4umNnSKAkh6yQsIgDXW6jtJhxvb3P32lc5OEaIWG9C0d_DlfF2XEpFberMufGmcIDXdsCuMcjzQUJ2bcv5NO5qYYLXR2gX7THVtaSZ7MDbZnTfIsLbic5WhR2Lr1C0JadcnM-7Ea3TwemKl2tRjN96i1Ir-iXQ4hyo1kHmH4juZkf_7rWu-yq2uiW7NWdplkhJyNWiSky3RdVinjxoermbIiGvkeTdYNhnWbfNyHBf27nqfOWzTrAPL8MXts5HYAQO8N69_U7Mmj5Yw6iqM_NEfRAivBVyq_k-3nbU3RkQ9hdlHY8GaUbeeXHAfGtkNOGS5UjrFvAQdIeWAL3lmvHo8LSW8n4J8lXTYjpkOxaSeh9fffC9Av5kKIU3If5VVoFD3I6H_WY3Bh-TD89qvCEJb08tOZ0swfDhkT_vF_wNNKBWwLblwrxDC9sgr6QxiUW8bByUZxouo6VY0F37-RVOfH0frtrGyfB81yI6bNLbJjyVooB0JjFgMSwX2nSlOXpYDb5nd_PRrCuwijlnl2uXgaUovR68lysOAxYqbDPRVOSvwqoRJeIJs7zPviUjyhY8hL3e605wrOZm4kWs-e-d6mNN_4ytWHHgayVIyb99kpHzPpi7IuPtdwMktnA5ucwy4KVj9I-ooJgbJneKfqz9Jq_n7f3g3MKN5LKIx2Mkr3NzgvelsSNBBrbqZiI9fM0l3HrAZZIGS36ssrpnwbok9EaU_k4VIA2qcvmh6PSFg-xwMckhBhvPlQIhdKGtB2PTBhRSA1neZgYYOeDOhgZgD3uxTNIczNzcA-e5kTuKaT0iDtITUxBReMNbYkeE1Fmjd0dxbpdfXn-I0pboMyn-3veeuK9quovPTyhH_Vhkr46ROrtKr6wbRKchsB_vJ6xT2ucq9-ewhAs2WXfJAwM4Lbu61cw7J5yXN-kqTppm-U_UHKvrHmLRUM5ZwNSrbhzpvF52qGQfFSl77kvQlKP0t4m26dJmFPGy-Z_P_BJ12Qxo5aEOyMDkgEo7s1XfU_5ige3dp2yTEHFOcZ5T30ZLj90U8CUluOxEgEuW_U74RsLBGt8bSGE0CcFWztMusHk6gIZVWgpAgrsnyrD9VdBXpkIPSXN5Qv6lS2N1zpGofunAol34TSSlbLA5KqQcTftMsdAL9YhUzbVAG8rIXPML_exMb15NIdvg0hdHuZ65Dc8Gg_9vxInJCvgJMglU154iS8q57rwmt_3L6kUxqcgAlyt24EHtxGitWoDOLAa_B4jZm0RCSlKxPVRX4hKYLhslJwiiDJIeOeM6_XB0281chA4uOXLXYoayvjgHKP0GLkvSNnIBeGW2OrwZ7Mnk9LKVR_aTTSBDcWm2xydAZGER3efnNtTt8XZ0wsL1_g0v9v9dB6OXGOZIkDTklepCTvmISxOqTG8cqjpniJSCeWrf_MbzoDJ3mTYvJQMusM65YMZv9-NCG-S3mU_9MNVtF-y6hZu7MHhBYq0YsaXAvHJmVFZRwg53B7OvpPMScjdlUsZFwY-XCvkCpzAy069b5EsZAvDUF3z7PaP4qEN0l4AA6MolFKEVe1xuvE6pPHCmoc6FXNBNYWq5mrzE-eUrfcdsfHnpmmA3Wuj1n0PYHxM6bfLVUzifbWzp1qANpaw2LmLlORqgNxSgNjfWKld_NX9so1V0uz3vHOxfBp4Z1xaUeTNDJKkYRSp63UxzjZjdFj-BdDkuoBw9ASl_2xZQi-W56ysCcpVX8Mv1kBoPrlSmpzEPTnEVUkCr4oQIFNv9AuQW3SCUIO6XFnD7HjKn4i3gNkIK4YeBYvone8nihEfwGRMxNRG4z_Z3_yVS-W_FI5OkELUC-eeHVqLxx2eqYANg1beCYlrKwYeV1GE1JoqD9XB1d9Hg5HBxP7rIyrWhr-3EY1I8pz1JA55HMQg0F3SyasaKn7McAuMXCWufu-KDXJZPxHZwzQ5ZdJ4XHLXLecxNF3x6Q2AzgTFIrn6wkckAVXbVQxw7bMc4h1aWUMiG_ibySSxx4ZDXAj-p1hOkCwU9POtWCZ6zT2S3_8oeMQx-2Ig2oqPlyPPDhUeQLxmIfb-t23Vrzs8DVOTj6pXCupI2ykFsVjNlaIGj71UTIO47bFv95nU4NYnxC5cGQgZnGrX_l-pDWGZT5uGJ8XK4lVF83mYH-ud14z5Z9unoWMEJWVurIjM6uXflnxeKTtGCFw82T6Lmq78fF_3eA2cw4BYHr-D4f0Co5Tf6Bi8UZpYaTBjlzLSe_Qg3GKdXzlRssT6J3HDXFLo3M-kofS0s6aVS1-jhOdFngRnD8YcvPEdlnO4avo84QvSmysRFZBipFoOdvdLVrLx03ASdO4uFCLyoLtL1gKfnnCGRmXNdgE21cwN4WZfB14XisiFipR_dIl0i01UJBg4le-eeoabid5x4YhKegAmJUQef0ShFPyiwvIB20XkGo6xA1iXAndB0sgej2KY3Qf7LR3Tp3FrDwhtjexOXZ9hVNHLrQj5OZ0zZDpSJwo-hcAwUb2naVxIg8ANkJVjInmXOgZv_Ye0fILLM7WQw9o6X85QmuhdhZ9N81pyEVaisA3FShGRfpHs7phSHv5PVqGs9b52paPyCG3A_P6XcwxCkcPlXBAlcCrDTY_6kH7iH3GJL7pT6keUnHjt7U7aDrgcP-7XcWWj1tCb1jBW0umu0BR_eynt_GiPeIQRwKzPg3GHFxdyRzDGB3wHf8EpAmidOS1bZsjs7Tj_z3lqY2H0wIe7BsYuBhz-QQaCrIVW4NOw3NRZdXcZdFarsLk4Nq7CgCemfFtxfuXNODiJrmZhqvz_cuSbYjWB3Sy4iZlsm7GNubcChLHp3CWp_CJeXf231gHDzLafE7lmCJ_w7aQIwCMNRpEn7h_YmfCD8uw-SJBpupjrcPkQXnXW8GYe54k3HTtV6tvxVjZjaHRtMeaLFsPSpZBqCgcwGOE2aOiYWLt-bLcZ_ABVjFWThKCGFG1uUVxMrPUuvS1MnelESmmDffanFhkmcxSoDbuB0z1SAifwqFDa1xCHq_0pi-3FgxCRlmXHS6Td8WIgs84azIEIhdByB24di4pPd5A6DGQ1DwoAfgnkQS7ftFkHNHv_XY9ezxvnZQjwbSQwIMeaw0225GRkpps3gj1yCT59eobbqzfjKLc2e7gwRGLpo8rpJTIsgmutyiLr6dEbYAHnmuzOwyFozTuHcIvw-B38XZBnZRJg9bZbHBoPj-69oVwSjePCKoravIPXSoiXDvrr3dlSz9aAXIXcY-WoLk2E5Jqvz5QdV8fhnAIXCkOjIYY6WhjKZmOsr8e2djT6FwwdEolJ-TOk9YUYyGQ96m8v_soYlRtDk7e086WcA_3plL8EN5CWOAVjUA96qgATBl1Qlgw&cid=CAQSOwBygQiDNfQJuXlyw0cIP151IJ3B7MdLLmQArASqBebC619iCTcXpZ52Nqruk5QfyRVlV2MuJBoVucUKGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5006476504175488000&adk=3587751834&idt=139&cac=0&dtd=40

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82721
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 06DE 30 KB
11 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82619
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 06DE 41 KB
15 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 536345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 8204 29 KB
10 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 00:48:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62978
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 00:48:37 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D049 1 KB
643 B 44ms
42ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Thu, 22 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 06DE 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1accbfd644296a9f156307209646deeeec0943950cf8ff2a3e2ce8f7280baf50

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DC64 13 KB
5 KB 67ms
35ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19209
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 12:58:07 GMT
expires: Thu, 20 Jun 2024 12:58:07 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3C9C 783 B
534 B 87ms
56ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

00db83f2f67f54a5ff8e5094187939baa3832ee00093dcf3f76e228c58cecf4b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QJzvwy_QO1fyjXNJitzweA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-QJzvwy_QO1fyjXNJitzweA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:16 GMT
expires: Wed, 21 Jun 2023 18:18:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame CC15 37 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20729
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame 3412 37 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20729
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 60F8 118 KB
40 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=D3tdDF3tnR&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=D3tdDF3tnR&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27714
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 10:36:21 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/11934569601524222564/css/ Frame 3B29 5 KB
1 KB 47ms
47ms Stylesheet
text/css 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11934569601524222564/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

889f2bab730d916ae6b55451a2f2fcdb173b310e29306103ece5b4c545a38156

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 03:41:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 398216
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1412
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 03:41:19 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 3B29 118 KB
40 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27714
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 10:36:21 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/11934569601524222564/img/ Frame 3B29 6 KB
3 KB 40ms
39ms Image
image/svg+xml 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11934569601524222564/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 01:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 404882
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2563
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 01:50:14 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3B29 60 KB
24 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame 2A51 37 KB
14 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20729
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame 497C 37 KB
14 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20729
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/7493198391404092334/css/ Frame 7077 6 KB
1 KB 42ms
41ms Stylesheet
text/css 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 23:59:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 411500
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1446
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 23:59:55 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 7077 118 KB
40 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27714
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Jun 2023 10:36:21 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 7077 95 B
130 B 39ms
38ms Image
image/png 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 17:47:53 GMT
x-content-type-options: nosniff
age: 347423
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 17:47:53 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 7077 6 KB
3 KB 38ms
38ms Image
image/svg+xml 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 11:00:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 371879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2563
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 11:00:17 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 7077 60 KB
24 KB 54ms
52ms Script
text/javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 600E
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEK19EjivmO6NefnDr6yodos&google_cver=1&google_push=ATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-rf&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK19EjivmO6NefnDr6yodos&google_cver=1&google_push=ATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-r...

43 B
411 B

225ms
205ms

Image
image/gif

2606:4700::6812:19ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK19EjivmO6NefnDr6yodos&google_cver=1&google_push=ATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-rf&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-rf%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Server: 2606:4700::6812:19ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7dae40cc0b9637eb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 135
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK19EjivmO6NefnDr6yodos&google_cver=1&google_push=ATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-rf&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNc3czRWq5UZ5u0zKKVwbInX0Ci8sGl59brOuya-CrSoZEFlglQ1UToIajncQM1dbzacPXa_wX_1-_j9eI7rnyZyZxMQ-rf%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7dae40ca388137eb-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 600E
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkpNXzV3QVRrenBwWndCYQ==&google_gid=CAESEKVak0aB_ej6NPdlQrxAZNU&google_cver=1&google_push=ATf1kGPrqIJ2LJwOqjApKu24RNTg4Z0aLq...

170 B
188 B

53ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkpNXzV3QVRrenBwWndCYQ==&google_gid=CAESEKVak0aB_ej6NPdlQrxAZNU&google_cver=1&google_push=ATf1kGPrqIJ2LJwOqjApKu24RNTg4Z0aLqCn_pFAdvAnkuV9AqDJeJzqDHQuFygASR_L0iS7bU50_esQE9qVbbtULz74EElTNbif

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230132-FRA
pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1687371496.889383,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkpNXzV3QVRrenBwWndCYQ==&google_gid=CAESEKVak0aB_ej6NPdlQrxAZNU&google_cver=1&google_push=ATf1kGPrqIJ2LJwOqjApKu24RNTg4Z0aLqCn_pFAdvAnkuV9AqDJeJzqDHQuFygASR_L0iS7bU50_esQE9qVbbtULz74EElTNbif
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 600E
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESELJyemjfNVzC5mWPtCBPHtE&google_cver=1&google_push=ATf1kGMEIwVFhWurdhLjRhE9Z9nwdFc2qkYcXnDVpKsl-6U_jgZ1102Xi4VFXnJve5A5_PXpWloIQlXNXfQ...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMEIwVFhWurdhLjRhE9Z9nwdFc2qkYcXnDVpKsl-6U_jgZ1102Xi4VFXnJve5A5_PXpWloIQlXNXfQ5bw2nlSNrrIHyFaea&google_hm=sTOaA4leQd-2CopGWCTopqs

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMEIwVFhWurdhLjRhE9Z9nwdFc2qkYcXnDVpKsl-6U_jgZ1102Xi4VFXnJve5A5_PXpWloIQlXNXfQ5bw2nlSNrrIHyFaea&google_hm=sTOaA4leQd-2CopGWCTopqs

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMEIwVFhWurdhLjRhE9Z9nwdFc2qkYcXnDVpKsl-6U_jgZ1102Xi4VFXnJve5A5_PXpWloIQlXNXfQ5bw2nlSNrrIHyFaea&google_hm=sTOaA4leQd-2CopGWCTopqs
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 600E
Redirect Chain

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEKj7lpjeqq9TGweznOH25Js&google_cver=1&google_push=ATf1kGPz7q8FBEEm8Iy6H1d1HOxAQMsV3vPzFlPuou9wxV68SXNX4N6rp6JOXmPuqeJELB6bSk8uoZ22yR5F7c...
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=ATf1kGPz7q8FBEEm8Iy6H1d1HOxAQMsV3vPzFlPuou9wxV68SXNX4N6rp6JOXmPuqeJELB6bSk8uoZ22yR5F7cnnMGlImyOWTtYz&google_hm=hmSTPucBH7gV62Gyr...

170 B
188 B

49ms
49ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=ATf1kGPz7q8FBEEm8Iy6H1d1HOxAQMsV3vPzFlPuou9wxV68SXNX4N6rp6JOXmPuqeJELB6bSk8uoZ22yR5F7cnnMGlImyOWTtYz&google_hm=hmSTPucBH7gV62GyrA&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D64933EE7011FB815EB61B2ACBLIS

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=ATf1kGPz7q8FBEEm8Iy6H1d1HOxAQMsV3vPzFlPuou9wxV68SXNX4N6rp6JOXmPuqeJELB6bSk8uoZ22yR5F7cnnMGlImyOWTtYz&google_hm=hmSTPucBH7gV62GyrA&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D64933EE7011FB815EB61B2ACBLIS
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 600E
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENc_YNlPduAKa4yb9B-gDGc&google_cver=1&google_push=ATf1kGN3cPOrtZIrS6qBMaspNKkLoxK2z968omnI_S-IkfTBAlpzaFYqrBcS2IxhQxphjR3CP6KsDqGVXZqIR1atN8m69ov...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGN3cPOrtZIrS6qBMaspNKkLoxK2z968omnI_S-IkfTBAlpzaFYqrBcS2IxhQxphjR3CP6KsDqGVXZqIR1atN8m69ovjt3Y&google_hm=eS1GT2FKTkoxRTJwR0p5eGs...

170 B
188 B

48ms
47ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGN3cPOrtZIrS6qBMaspNKkLoxK2z968omnI_S-IkfTBAlpzaFYqrBcS2IxhQxphjR3CP6KsDqGVXZqIR1atN8m69ovjt3Y&google_hm=eS1GT2FKTkoxRTJwR0p5eGs0QlFXemJEcTJkS3VFeXplen5B

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 21 Jun 2023 18:18:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGN3cPOrtZIrS6qBMaspNKkLoxK2z968omnI_S-IkfTBAlpzaFYqrBcS2IxhQxphjR3CP6KsDqGVXZqIR1atN8m69ovjt3Y&google_hm=eS1GT2FKTkoxRTJwR0p5eGs0QlFXemJEcTJkS3VFeXplen5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 600E
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DuqWW-InSMWOqbc_ER2G3A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DuqWW-InSMWOqbc_ER2G3A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGOCcXo2TV-ca6a0pptW-hrupbGKtducE5S5M7Fa4_qMAVNL-oICuJxBZ-AKvM-POjWnZMelKCKC-t3kSSqVl3JCHb-o1Hfx

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DuqWW-InSMWOqbc_ER2G3A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGOCcXo2TV-ca6a0pptW-hrupbGKtducE5S5M7Fa4_qMAVNL-oICuJxBZ-AKvM-POjWnZMelKCKC-t3kSSqVl3JCHb-o1Hfx
date: Wed, 21 Jun 2023 18:18:16 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 600E
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEClGNtEjNCx1Le8fdduwSo0&google_cver=1&google_push=ATf1kGMYcGbP5WuYCRn5r7Rdf31rfLknbh9gctclyFoiUs2HuLaGggd3_SWTMEvrV_225DIB2aZGaCahKYYkNF_HUg0e109al56X
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGMYcGbP5WuYCRn5r7Rdf31rfLknbh9gctclyFoiUs2HuLaGggd3_SWTMEvrV_225DIB2aZGaCahKYYkNF_HUg0e109al56...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzgyMTY1NzQ2OTk4ODQyNjE3NjYyNw%3D%3D&google_push=ATf1kGMYcGbP5WuYCRn5r7Rdf31rfLknbh9gctclyFoiUs2HuLaGggd3...

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzgyMTY1NzQ2OTk4ODQyNjE3NjYyNw%3D%3D&google_push=ATf1kGMYcGbP5WuYCRn5r7Rdf31rfLknbh9gctclyFoiUs2HuLaGggd3_SWTMEvrV_225DIB2aZGaCahKYYkNF_HUg0e109al56X

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzgyMTY1NzQ2OTk4ODQyNjE3NjYyNw%3D%3D&google_push=ATf1kGMYcGbP5WuYCRn5r7Rdf31rfLknbh9gctclyFoiUs2HuLaGggd3_SWTMEvrV_225DIB2aZGaCahKYYkNF_HUg0e109al56X
date: Wed, 21 Jun 2023 18:18:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 600E 0
12 B 47ms
46ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LLfWq16M5nlg7Uf4Cz-bjpqYtBaLJONtBcpNi-jcSpghwvM2tHrDjcvr2Fik-186Al6EoV

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EDC1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

53ms
46ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:16 GMT
expires: Wed, 21 Jun 2023 18:18:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:16 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A251 22 KB
8 KB 64ms
36ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 45336
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 05:42:40 GMT
expires: Thu, 20 Jun 2024 05:42:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/1759278523689238034/ Frame AA24 6 KB
2 KB 65ms
38ms Document
text/html 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1759278523689238034/160x600.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b85fcf52d1e967f835355de87e56edb03a3555ad0783a62d69fc0dee1560df83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 62430
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2322
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 00:57:46 GMT
expires: Thu, 20 Jun 2024 00:57:46 GMT
last-modified: Fri, 08 Jul 2022 14:05:14 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 06DE 0
0 86ms
83ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstTyjzzKXy5_PACsEfCF_qe98xK_2BVR_bQeTabjiiJviOdZmL4ANEhMFKIBpmUmpSzcWn03X__zYlpKr2AcqBSeuffZHXdm9v5WqO3q7GIVeF64JpSPe0jfKNosVqOFjS66yN16DD81wi2cULnx0jZW7DSAAeXsAnTir67hYoiinggr8YJymfpyXnWJr4O0W7etQVjrOsOZqBM_MgbWBZZZUSPQkuLivM94FIRg3oZzeLNP6SpLex1O2-7nRJ7yBWcJ1fvIKhGfjer1CTYC1T-TmUiRnfc1AuvN53vDueDvZlKQ_g0YMAwb9IcaHC2rgEpkSftjYmhYr6yLczCpHrwzmKOEV1InRaNU_Zh1a4CFBFTfTwpLUB7bUnCQyLBFaN9BiMic3GgAFp3WsegsgH1fGrV1grhFezaDYg_aFcpHAwYTiBhlwxp3b9d7_1pXUVy8s-OCeWKhdhmzs9zC5YVqe_1Nfj4OGo1lmb8uTUlj7j0DrkrVLwjloDZ4_McIIaPhxiRvHDIWSoY52P8qI_ktM9YdRU2F2q8Q19ggcmmKJQNi4AgdF-EuPhsxaY03tQef7_zjiQNYbIHCqo8tnpBSR2N47eDnvD8o9OkyCQJ9qia3Udt123AwIRDHuBcbQdJty5J0tpZO-HATXRAOjGDxRhAUcsJZC-V1i4QjzwFQgeprFngWw5kbWotgaL0GZrouC_EbKFHi9kOWRH8qBMAL61CYMkGZKi-V1nzt8XXGyOuH-qpX6vjYkDLWeugoJQTcylHSF8-OWHJ65vMarU2YR1-spHYvSoKDHTIm8vKrAFSfUJW8YIvfXj84iQ4oES1BPw5rkcnjgD2pjLPUaa5Yf1OO_oMZRKjtmnkuwBY7-srvOuN60PKb626TbglctMtIV1pJ_UinRn22mZ9d4skww8iyv6XBM8qVUfSKYsdaTeGMP3q8euXJ6qErOHqBh4ktGP3uSjXlw0golzZQ7ge-VnCM_rVvXlG-DicGMoGlh1MRlopJlRJ4lEECfWLrkWoEAEpjCCX1xrndJW2p4VqIXasF85p3GKZnE8w0iflCD-wrc6Rn8liavzq-oqCvyBUzsi6bgu8W4qevOyKAhSFHnLBbSHFtPFpxLObvM9jnYhOZSDpbDRL5JxG6XCPLrcnsnwOmPAI-K_WxQXTDGi6uiTG99rU0QGpNL8eMNNuKzVChvlZQzuadZsZ1USMl-EVqW9B_412pjseUU_AoA1bpFNN27gwkgUBe0NPRvqMOnUHIjvKcIzDyUWbJJFodHmcjvqgXNimFRHUP7A&sai=AMfl-YQIXmZym1er-VLSaY3eop_7U-2xRzpGepWMQKe8zdg44y_GTd0h8QMFPsvHtS7VGxkEuBB8VhWgcIrt34UGNZlArBKMU1hORryIXTP7cAorD9br_Q77Uc_1O7aS0V38Rs9cmJci7klumtDRQnOeXIm45CeDVQ-Zi49J4EahO0YETvplEPlFBLPJffVyEb6DpcownwajpezE8zuisqYvGWVP9fr2SSr4IZSA59ybQNiz6URCyVFwNGiikjqfo3lusJwCFZF7DbZhaCpi9zyn_BhKVp_I&sig=Cg0ArKJSzAuLQluQ1I1ZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=173&cbvp=1&cstd=172&cisv=r20230620.68105&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 078A 0
0 83ms
81ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuT9Ko5ZUDNqp6CjVSOgZ2AwTC2LS9CLbf4fT44K5k3t2c0uULeGzaC_UKXANDUumhx5YkItG2G4xfXYcJDf6IZOAyj_psfwi5YgEAACpaW-fw1RyW_GnsUA9xBSYmZUrrTAfO-mO8BeUp-Xb9o3bxPpBj-qEggPQdqO0bqB-WdpVWU2w1jDANL9qtTYXSnNvXNXLDcwdPQIqWmyxvfgMmaZbL0PdTHxi3VeKTi-aFIB4xpvSciiTmnO6Srb3kWwGv_VysjzSqiJ9pvx_wd4ZhEujZz2sZOQemhSFK4J4GcvSK7CfO5kNJWZ-3YOPTpXBt_-lJt83PBncCDaz6A7JBLPRw0doBGyi8IrtgqqhwB1njSNc6abSCKUyitf103_gTP67__O-CrEYegycFmTC0F-8fb8vddFTwtL7HmgT3wBQmVBdwCbs1JxJw7RnjfkWQGoLOMFheTQ0MMj7fsxd5Aac1mwh5mRYztGY3P8yWTuiM0HwNLi8li1IPhjxTBv99kl8tbvfurR3s-zyw6DLruZ63NgLS5hd7QCxco0UPOLuTsOYdbY5Y7zV3j0lCcYS30neEmREb7JCP_K-QUCHJj70aqrjfQB3tqKoEUzkNdxUkXOP2w-4J5GPk9-TFsJnGY1tw_M3hzVMLoAFKYjynzhLxeGVPln2shBpQM-gd-b4O_ckY_Thl262P0zehXLMgULHsidJi4j8t2h3doCP_5MbMRRB-9_AumQZNiWjkBrZrQNcnghj2LJndC4WRbuINZI3Gu4HceR_3uqf-HT7i3nVSL_Y8vIc96v5VTNY3i4C1PAKTeMPPPF0wH70xGN-lcY6b4Fb9OsZJkwlzdsyy8Fd_DHQwUMyrqwQUbReC8MfF4ZtqxiRCUpLdFFJrmzfz3RrerN3p8PDeDw09skf0Jv0WvUbNwvqKc2mkz3FHkODqo_8d5qK1s6rPvrx0hMv-9oLDIc134a12HB76le6ZVVLovDyX3pRkLvWqpG9c34Ag4XFfl_uvDN0fC3B0u_LvidZxn-RPfVHBLIUjkkUDZIO-Ck_JCLWE01eFwRKFZaJI8pACOgN-srEqc45Jsq8kK-IbJOtSnQwx-h06yVseBB77l3M5-m4GltX8C18eMcLdoO0HpO5fned_FyghO5BeEHG8KY1AHf0BcsPjdR53z7LJ9Gv26M51Bx20xtlcZMwcagoI7GdCPVuL0CkpAxvAd5R2Ea4B-ZnWoGgBX6UT-Jo3qyxO4GViD8rIftyc3NIavAv_PV9E1nM1ec3stl3E&sai=AMfl-YSpJIcP99u1th9S84NGUk_oWQRCP0XpHjw9rwd9A-arw7PW4ZhuoMrNJylaW3Z9dkDWH05456eyC_Sbn54U_luglgkqJ1aJBaxHJspXa-xfxjkv2WRhqQiAcCvZaQh-Bf-g85VpF6l1aWFNcT3KZHz537HN06mwTy7r2f_T-u8s0ccCDRlaJchJsFf8bptAXej30_dYvGRsWPsAqbdmPsEa8mM5kmnJry2pGIuphYn0CV_lIMWjF8AY1bnvNOtieYZ9&sig=Cg0ArKJSzArRBSsBfCpXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=777&vt=11&dtpt=472&dett=3&cstd=291&cisv=r20230620.78622&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Jun 2023 18:18:15 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/795616883461662477/ Frame 8204 3 KB
1 KB 40ms
40ms Image
image/svg+xml 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/795616883461662477/logo.svg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

9f03509718beb4070d2850b743d60a459a91d5c2510a0698675f1f2132e55468

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 16:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 350304
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1469
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 12:13:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 16:59:51 GMT

GET
H3 200 cta-text.svg
s0.2mdn.net/sadbundle/795616883461662477/ Frame 8204 7 KB
2 KB 41ms
40ms Image
image/svg+xml 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/795616883461662477/cta-text.svg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7b824042a7108079234121c8a6e471f11b166bd4bacf85fb9cab29a9341eb647

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 16:54:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 350649
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2257
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 12:13:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 16:54:06 GMT

GET
H3 200 cta-text2.svg
s0.2mdn.net/sadbundle/795616883461662477/ Frame 8204 7 KB
2 KB 42ms
41ms Image
image/svg+xml 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/795616883461662477/cta-text2.svg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5fea843a3f457beefda91acccf6e72825c204589b59d2cc93a63d778a8208447

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 04:01:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 310580
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2261
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 12:13:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 17 Jun 2024 04:01:55 GMT

GET
H3 200 text2.svg
s0.2mdn.net/sadbundle/795616883461662477/ Frame 8204 8 KB
3 KB 42ms
42ms Image
image/svg+xml 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/795616883461662477/text2.svg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

72def4e68fd499ad2d5345f3c286c6d1d88bc598a3b45b4455391cd7b1592134

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 18:10:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 346079
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2612
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 12:13:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 18:10:16 GMT

GET
H3 200 text1.svg
s0.2mdn.net/sadbundle/795616883461662477/ Frame 8204 7 KB
3 KB 43ms
42ms Image
image/svg+xml 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/795616883461662477/text1.svg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b5902ea668c562d9b87129182849179f77967f4210bd2dbd0077e9debc853365

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 14:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357568
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2649
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 12:13:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 14:58:47 GMT

GET
H3 200 img.jpg
s0.2mdn.net/sadbundle/795616883461662477/ Frame 8204 41 KB
41 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/795616883461662477/img.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b668790fb4a78e37c82b8fa599fb7e8a0dc59ce0b2b9d420c32f6d9dc6f62c17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/795616883461662477/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 18:04:38 GMT
x-content-type-options: nosniff
age: 346417
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42037
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 12:13:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 18:04:38 GMT

GET
DATA 200
OK truncated
/ Frame 8204 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame D049 0
104 B 102ms
25ms Image
text/plain 2a02:fa8:8806:20::2040

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEP8Y3sMqPMPHgSyJB67bFYo&google_cver=1&google_push=ATf1kGMarp7deA93EC_sKya91GT0bLegtxu6Lc6XDsdDAm-nkp2F4dWTSBqFtLzx7o-Bz_aaVBSplNNZbuYIEvpOTS4vPuZ3_-6TdNsl026ENUF16QrYQOVcVTrwVd-XHie41SvJ-fhRpM8
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2040 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D049
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEP_6SGzFb_NsUcdQcY_XBws&google_cver=1&google_push=ATf1kGO9CEJ_z2YSJPWay0UcW4CtqGinP30uAAr1JOqEYBS7kittnBwKy-cTpKqUgEbF-eFUgvfZdb7RTc3...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGO9CEJ_z2YSJPWay0UcW4CtqGinP30uAAr1JOqEYBS7kittnBwKy-cTpKqUgEbF-eFUgvfZdb7RTc3-2GUaFqeHB9VvoS4SV3udNlOz99YDyxRInNdkPStDytDS1p5...

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGO9CEJ_z2YSJPWay0UcW4CtqGinP30uAAr1JOqEYBS7kittnBwKy-cTpKqUgEbF-eFUgvfZdb7RTc3-2GUaFqeHB9VvoS4SV3udNlOz99YDyxRInNdkPStDytDS1p543NC3EZXWIZo&google_hm=sTOaA4leQd-2CopGWCTopqs

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGO9CEJ_z2YSJPWay0UcW4CtqGinP30uAAr1JOqEYBS7kittnBwKy-cTpKqUgEbF-eFUgvfZdb7RTc3-2GUaFqeHB9VvoS4SV3udNlOz99YDyxRInNdkPStDytDS1p543NC3EZXWIZo&google_hm=sTOaA4leQd-2CopGWCTopqs
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame D049 43 B
362 B 19ms
14ms Image
image/gif 178.250.7.11

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEFXt-udrz39_g4YIgKL4hWA&google_cver=1&google_push=ATf1kGPMzWkUY58y4sRHlqSQhE_4lUCJNK7k2dlI1MKQ7HnO-Ey_d3LhlaEP_f7rbi0vgLCYLXK4Pm6vz6IliyE4GGgnW-RtSTMhbF6zETXNVwT0JKReDCnFdbXUs-plxgb7Z6wRuGB7zBY

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:15 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 244096
expires: Wed, 21 Jun 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D049
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHxg-msoUuGBT_x5Of6LiKQ&google_cver=1&google_push=ATf1kGPY3TsIzYChysmm-TWE4w6MSn4mAEVKjwKqhWvZvB1gE9EjuLacPBljqrATgcoDzWG2--yJhaNS...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTUxNDY0ODE2NzEzMjYwOTc3&google_push=ATf1kGPY3TsIzYChysmm-TWE4w6MSn4mAEVKjwKqhWvZvB1gE9EjuLacPBljqrATgcoDzWG2--yJhaNS...

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTUxNDY0ODE2NzEzMjYwOTc3&google_push=ATf1kGPY3TsIzYChysmm-TWE4w6MSn4mAEVKjwKqhWvZvB1gE9EjuLacPBljqrATgcoDzWG2--yJhaNS7iarDJs8GCTrgLnSq69rSESxy5fqUdtqgknGtD53BxYZ3JXjpZhdvCkYBFBRBq8

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTUxNDY0ODE2NzEzMjYwOTc3&google_push=ATf1kGPY3TsIzYChysmm-TWE4w6MSn4mAEVKjwKqhWvZvB1gE9EjuLacPBljqrATgcoDzWG2--yJhaNS7iarDJs8GCTrgLnSq69rSESxy5fqUdtqgknGtD53BxYZ3JXjpZhdvCkYBFBRBq8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D049
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFfs0vkQdxhEDCpwOomlZN4&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFfs0vkQdxhEDCpwOomlZN4&google_hm=ZJM-5kTZvP6SkGsr3-152QAABG8AAAIB&google_nid=index&google_push=ATf1kGOEaK9VDwJBIOLRXvrQg3cvQ-AsljAfK...

170 B
188 B

49ms
48ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFfs0vkQdxhEDCpwOomlZN4&google_hm=ZJM-5kTZvP6SkGsr3-152QAABG8AAAIB&google_nid=index&google_push=ATf1kGOEaK9VDwJBIOLRXvrQg3cvQ-AsljAfKD2Lhehm8-6Xer8Z2vAtEl6GgSg0zA1gWFsgcIQ2konfzxjEh7UCx0Kw7Jujd4rKgWyb-UW2MUTFE388CZa_xLruWJSghxs6nYjEC30WtH2Y

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 21 Jun 2023 18:18:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFfs0vkQdxhEDCpwOomlZN4&google_hm=ZJM-5kTZvP6SkGsr3-152QAABG8AAAIB&google_nid=index&google_push=ATf1kGOEaK9VDwJBIOLRXvrQg3cvQ-AsljAfKD2Lhehm8-6Xer8Z2vAtEl6GgSg0zA1gWFsgcIQ2konfzxjEh7UCx0Kw7Jujd4rKgWyb-UW2MUTFE388CZa_xLruWJSghxs6nYjEC30WtH2Y
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D049
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPgqANzZzQiGUONrdPuxV5A&google_cver=1&google_push=ATf1kGNWJKm3fIgm1a6jSLkQR5SgCNkCWdKvlY9hiFgocsp7W3qo6ZGO1bKYsmGCuc0Ox-wDTKc7J3N63YwtVpZye...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNWJKm3fIgm1a6jSLkQR5SgCNkCWdKvlY9hiFgocsp7W3qo6ZGO1bKYsmGCuc0Ox-wDTKc7J3N63YwtVpZyeMxLKx7M1NurRyUkPvhDj7ZpTB6f4S7r6VmIhtZb6myB5...

170 B
188 B

48ms
48ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNWJKm3fIgm1a6jSLkQR5SgCNkCWdKvlY9hiFgocsp7W3qo6ZGO1bKYsmGCuc0Ox-wDTKc7J3N63YwtVpZyeMxLKx7M1NurRyUkPvhDj7ZpTB6f4S7r6VmIhtZb6myB53xBtIZsijEG&google_hm=G2qqtGZHJtTMqg97R3us-LDB

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 21 Jun 2023 18:18:16 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNWJKm3fIgm1a6jSLkQR5SgCNkCWdKvlY9hiFgocsp7W3qo6ZGO1bKYsmGCuc0Ox-wDTKc7J3N63YwtVpZyeMxLKx7M1NurRyUkPvhDj7ZpTB6f4S7r6VmIhtZb6myB53xBtIZsijEG&google_hm=G2qqtGZHJtTMqg97R3us-LDB
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame D049 0
75 B 20ms
18ms Image
text/plain 185.86.138.152

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEIicmLA6NQW7KZJHI3ruW8Y&google_cver=1&google_push=ATf1kGOkWkcaJ0Gf5oLbRYlxs4KBRKwC41vchE4Vp0W56qHfA-3N4Tz38qquY3xQddpLalT_bxImc1Jg08P8JzlM7Jy-gGrgcryG5eKiah-Xs1w7beEGxjsSIbj1e_Vy4W48X1lIJvDwMzSc
Requested by: Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.152 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:15 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D049 0
12 B 49ms
46ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KXoM_HNCEu2SJDVlsSFndJq3-vlxz4di0ia-Xk2cfNfFZd6x0-Kt1dl9ts-gNlU17eVxyc

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/11934569601524222564/fonts/ Frame 3B29 13 KB
13 KB 40ms
40ms Font
font/woff 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11934569601524222564/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11934569601524222564/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11934569601524222564/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:37:40 GMT
x-content-type-options: nosniff
age: 409236
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 00:37:40 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/11934569601524222564/fonts/ Frame 3B29 12 KB
12 KB 41ms
41ms Font
font/woff 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11934569601524222564/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11934569601524222564/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11934569601524222564/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 11:59:55 GMT
x-content-type-options: nosniff
age: 368301
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 11:59:55 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/11934569601524222564/fonts/ Frame 3B29 14 KB
14 KB 42ms
41ms Font
font/woff 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11934569601524222564/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11934569601524222564/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11934569601524222564/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 19:27:35 GMT
x-content-type-options: nosniff
age: 341441
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 19:27:35 GMT

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 7077 13 KB
13 KB 39ms
39ms Font
font/woff 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:35:08 GMT
x-content-type-options: nosniff
age: 535388
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Jun 2024 13:35:08 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 7077 12 KB
12 KB 41ms
40ms Font
font/woff 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 08:50:42 GMT
x-content-type-options: nosniff
age: 379654
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 08:50:42 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 7077 14 KB
14 KB 40ms
39ms Font
font/woff 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:44:32 GMT
x-content-type-options: nosniff
age: 502424
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Jun 2024 22:44:32 GMT

GET
H3 200 createjs.min.js Show response
s0.2mdn.net/sadbundle/1759278523689238034/libs/ Frame AA24 236 KB
63 KB 39ms
39ms Script
application/x-javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1759278523689238034/libs/createjs.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1759278523689238034/160x600.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

adf379f80ce276b9dc4030667cf06a2b68c7bc10908a9cc4d492b8b96aa15997

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1759278523689238034/160x600.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 23:17:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64209
x-xss-protection: 0
last-modified: Fri, 08 Jul 2022 14:05:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 23:17:35 GMT

GET
H3 200 160x600.js Show response
s0.2mdn.net/sadbundle/1759278523689238034/ Frame AA24 65 KB
12 KB 42ms
42ms Script
application/x-javascript 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1759278523689238034/160x600.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1759278523689238034/160x600.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1e9df7f92c17f6723697fe020fb761a56bd23523589472a4c163291f3e3f375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1759278523689238034/160x600.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 23:17:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12478
x-xss-protection: 0
last-modified: Fri, 08 Jul 2022 14:05:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 23:17:35 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame EE50 0
0 78ms
77ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssPXSME7vgjcsIWez16NCNPA7N3RTXv6HN7xBk3llnvFUdfMeFVYo7S1LMkQqoWwsC0GFKfkN21nO5yycmxS6si2ue_19jqyK67GPD4wV75TYcNbspRWUdpducSzG_Ygk04yjWf2ZtG6ujJCsmjZGx5kTz77q6l4QWfNRe6--GyrFhh17kwREPI-oMyjQbys6NMbl__96nCPDOV7rR7lqFtGumTIybLSniFcaLOm4S1LNjpHj-M-oW3vlX_rDNmRVw66AkKV1wwiGC6dL3CBR3N2pJQRCnwO_la1tIldS48iYlsi1vkpYv5R1E_Gs5x2sLGIE0YAGwMC1p2L5MTB2oGXkFJpFIZhO6FWSs9weOCtI3tSFHUiKgjJdehRnHMcGFWbQSuoPocN6NQuDYkzapEBQ7GaNkMmAbrPpsNT9cm57G_BJaVEDj9l4rjx3bCzyPKkXxhIc0gjB_6nNji5nMvwhylIynzKRd7blp7EgRyioKsZmzWhE-XW4mj7vzdrLo8gXFECfx8gnbeADMQVfbvzewJldoBOtKVu7E6ulZ6cR7kj9_x1XkprqvfXvGunZ_Qny55zB7GOOKPEHhORgVSz-GzUenjqjFQLFJ_MIoJglAadrQwJlddF5SLciHhS4M7xu87igCrJ0atsilsPUN798sHGn88LW1cFJExqSr2hNk1zuiaaWLeigz9HQort511q2WIidBu9xF_3SHCBigclFGsYH7NAx98J5uOvmAjJXMChMWbqrINeqMqMDua5_3pV-57yysGxiryV9QRwLheiv-p9GBXaGB6s2eUlg0UXGgxTDdIKDZA7LVkITdG-ofpibuHCZ3lPygzERKei0Vfwa3NUYxz2Z7wzHsue-25kAM8enXA_m0at4F5dHOUvZERgODnDpGheSFQJpRmC033PuTv7sp1j8FuhmfiQqm4lfZEA9ZlKmjdjGx8r1NYOcs8wuncNUyOahAYJBfqL8g9w2OMGUUCh13Tkw2eRtxkfpJi_DEndNXl4VDi1UnATt9OOQ7wb4qA2U0VWJbxWtjmC4Mg6BUbW_nNJgl51iQpp18vm-3xm0EONjVOMXpdvNmBZFadOUC4lmhvnYFuWNgqKKiGHB5SImYbuuW3qEUIZfGRlNQNB8-7PeqGDPxNSToLBa01vtG7-zScu1moEKS8P9C7LbtlX79SNhRIj9-0w9ZqrJw0sEj22YBabW0I5disGUJqABYuJF7yydcyQg3ksfyh3u052DrNmXC_wvlfZlcahe1KT7JvjFyvpvwkNe3VjnOlGQQGr3lva0nPEYo4Ohl7DFB8fvajwJB0sp6QUg&sai=AMfl-YRz28F8e7lwmjzUUcTJLBXlGal4ZpxqAYvPwpWO5yx5FlIIwZvlphMgtUczf-UaoWTyXuwMp-9MuuwNDoowAgmZApObUPEr0JyCuAhjAp3LLYafoZVsbZFn-T2A4XoptZwdtHiNK0tMI6JVXlS5g01Eeds4inyjbF0JQA-DW9geSnSHgCzd8YXynMAXwE4Oqs2ftxPIo2Bezp343-jqLbUrkoyl0iD_mNa_x7AV0awUXRzOiZ_X5qeRgxkQd-ndFYKo&sig=Cg0ArKJSzCm451rWKYT6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1044&vt=11&dtpt=666&dett=3&cstd=369&cisv=r20230620.49132&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Jun 2023 18:18:16 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F934 42 B
64 B 82ms
82ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssi59fV4ifEVsg1YofRerySSt-JYB5vM0UADonHiVa6qCUvqPfgSAlbEEJpWUQ6D2UqP1Z3664sqMOEiXZwZ3U3eiKaUiM5TWC_SN2SzbW_isXtm9GNqXkUKqbw0P2N38ZoyqvRdX7wSxLn&sai=AMfl-YSD2p-8gPaR2PACQMSjefgyqO-ErVj1RDxOO95yT0ZA08DJBEOa7fXPZ2HcjtOic09L4Jtr-YPYFhEzausJ1DQwakUxvAzznVAYfYhbRBLm-TkSTwmCeJW42ec&sig=Cg0ArKJSzE2eQRD9HJIhEAE&cid=CAQSOwBygQiDRN2sdc971cln06EbbmCxj-ejsRpJZAzs03h3VoB20e2DBj2A8McrQq6lmxVkiQ8DEnRS7Dd3GAE&id=lidar2&mcvt=1055&p=0,0,250,300&mtos=1055,1055,1055,1055,1055&tos=1055,0,0,0,0&v=20230620&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3050045420&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687371494617&rpt=482&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F934 0
0 77ms
77ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssslyOOxBEJw0_QiFo82AIx1S1itS4H1nJdVKOCpWy0Zu1lR3qqUo1yp6BH3FhyzvaPzEuT_KUBHZ50bLXScE9hosJfN0bi_BuEuAHl8xtFqCFopTZSgRIGvgB4XIIlWBq5NwnW-3UD1x9sOSFo5TPro7UuP7Yq3pSeYBgOWKZDOtlI_CwbElvAGjzUeU510AOwtecZ8HoI6fuJ3_ojbamGwInmpadGBP9Y4wzsRJcA-sKLM85j6hsHAu1tuPZW8gMb_FrFvJ-gWOIg8j8V4ORWaxYT61DZEL69f91amdRP2ZvVNPPbzy_ccXexa8kDpjDbphFREZJEQ3iqKtqsCLGbDuESGBY7F7sndCFVjKxNixn-4SzyVHlZFSYKtvwncoD7A-nlgkZB1cOYE88bAYwfHDhdW73owklwJc6tMwIIP5zRIw4aMeqG-j6PR0Y4ojvbEl6OT4BZuuafhhJzOz_Cne3MUstw0X_EnWN2GU_8l59_0Y_1ya6f1oD6tlaMT6AOlojzkPBT4dz1RBO027_OzZ94fLdThtzenAmxMTVPwE8VBQXxt_4gyWW8JLl1SMOUJQyVSrASbfN0sxFIv595fcprtFzfu0UrFkm5u156R6gW_dv4exRCq3PAd_blPMgF0boOAe6hVtdi2L08XOay_cyAFOxQnPqS9F3OGWLgYiEirPJkBt4Kqh0qlHnY9W9agnzktfaVQbyi02NKfYNes6MW0IqGCz1AEDleTWrhmX_w2NuKoq9jfUEeM9pq8zG9w3MS8WN0PDDZQLGMOpqOjdue9MrzqEEzDitCKkRqy6cUXq5GKvXZL26lOOAhSh8rMpeUMxPsnKbe14MNzzV36LCoSVpWJ7C_YbhuLVKle2c2X0GyFOt_3NVr7fX9Mr2XuUe4I6bZHvqkfKcVgWm1upx7_-HhHrBOxlTHGjWdSXi0gOGPvwYIZoamj4PqsKjh9yw0xWWI4WgOYrM1i6U_QqTBpiO1wEIm7nVOyZeRvj8rh2j6z53Gb0crBIYhveu7r069pCNaXVPi4fLoGGPNp6Lc8Mt0h5mvWiSgl6Ww7cTaBA4nLrFUoHrCkGdnUB4tPuWRDh4d0x1Kh6lfbuGKJQo8ysvtNzSPfmHjxrzwGNNapDC_G68Bu1wEiiSwmnyyu47453kKW-vZfag6Jr27vE5oGkCJne-n5QhOAmUqm8LZZkBL8fYM27MQzd1VSrT-obV9_--pi85Nu9mh1LGTt1J_Fxe3sNaxnTkfXi6ySNDwscHgd3429SMtVYsglHv7rVan4Q7fl6qmWowu4bsoKAajUw0jww&sai=AMfl-YSzvpuhqsTTLoak1W8Ii-oOLuLWYkxF3c8l7aE6NTAwBJ3VlD09NBA9HgWXzAoPojxCHCEVByrtFLZPxMht_WLzcXLY98oSK7ABjT8QcxlJnUtNgrYJOjPTF1lRlQ9TNZfd4ONtHhlNe-7n-pIqg3fC8q3ugueVzUqy-vhGJV5jQMnfqfPRb3KdtebhAmqF2-3eoPytimm_SvErFt510mwWYR7bMkaIlnsxpr6NYqzwWenRXpLmfVegus7u_JvFGLKPofcEfWF73QM63Fm6aioqN6XqOQ&sig=Cg0ArKJSzA0ME1YNZVn0EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1182&vt=11&dtpt=783&dett=3&cstd=388&cisv=r20230620.65078&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Jun 2023 18:18:16 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3875 0
0 77ms
77ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuC4gv71T75KvsjZjY5WpiYqYgNgBmwk3YswZjVXeD0ZUAJKWI0Efc_bR_Ez-Noa9Iy07YBmBnuGOwym1oKp6CWjFFiaiOkKll870dMJg6N8-xgrhqU7Ix2JTwDAAN_IvHX344jBAYxFBRcCIe8HsyumyOh6hS7VJFErQwt7Xz5FytCdco8nZHYMiGIdPQAcw4pqyrgPdu0FsNa2nFAi7Xl5aI1Yh2IXoDL-IcGfqoV-U2nIMLMP_kfMOMksitB4YcgAfvg_KRatlMiQ9BEx7JCR48F7fFFkXGFDKAv43mtENuUy2J7QGOXlo6FuT7hGMjsSfwdaqE_K9tsWQ9fGZYoQ1gBkD12JPcX0AWMMvouRL1K9Yd_61vYPqvHEeGmMRjthxcfC4zSW8AFCHFtRZih_8voBzIP2C-CuN1efH2HHfJc33PfVVqOtr3pznhmulrNAg-3iqB6DqKVoPfGEYX4Yxs6KhCCob5ji7TgzFLNeRAIB-YrJObtqI00oRIXwFxw4K2JASXGMgY8_yfmNFZ1qFeN1m9ey-GMfPR8vW6FBALuFnWQeOY1LSqLZbYMGnCK2aHOeDZsLSVpumMPHNEW6xNQHL1m4xDBs0CVEHfIE_k6bCtP8x03kzxg0ohMhEgW3rpKaZq34mbh3mrBf4oFYCvgUwEOLnPuvEo52rmoP46U0ZjJ5DYi2CPF4JOFKau30SMjSdRDmVQIaK6o7Ps7mCr9iSLpZuPMrrHCElo3D5omjF063ClxyTamB0Tm717gED46uj3yhTu413qni3IzTQh87n_YzcDyhhgw-cxfeT2Ie_hjeu0DmvqpQba7Yc7VCyBYoRSWUgVoj5HOulmBKw5Mar5301xgTspW2Dxh4YfnXg8M7cZ0mL8A8Il99Ml97M0dirMM6lTkkKHIzQRpy0doTWqVChgWBW5wMt1yYZ7QdB0vDvFPnGzCYMIh_U54T7dMCj41hrMff6uepQlnEzElckAELfnBkE-CJ12zvvPs_h_elRT2M4N-0A5f08rQVEV7WsM9Mi05pfQT-pmIPE7XjcqVk_I0XSgM8v31LG-AIZsTagVBmbsl7FYHGi2mt-afySMkGfZm6EsQuLZUP8jYF8cda7vFVP6zDGyVUclRYt54pR5QphkSBiGv-4wferoeK4aqJ9epvLOpxj39JIGULu0A8cWoW5pNcjMEB4kSWR7mv-ovmkR0NrynJ2oAGvLRewOKsol7M0mO_tzEU0drhj2f0lggFg8Dkn_4cX_uSFncEX0ADtrzkM8bbNOIjoPqiT4_Mugn905vdfKhFMN30djStCPaeHuD&sai=AMfl-YTUMahwa4XvWmp3EgRU_Oyg4wi4367922FrWu0lv6DgVVIF4VOwPpDyR3nfl3JFdo89xhhioFYuSiguFm3GWZoRMrYA94preovuMDFOKyxzCyjk9rOGrjpWgypvrGDgCTpHO-jkDsWnCwqnUE3qZWImRoS-XuRMQES8T6u8XLYgy5Yi4QjOQw-xEphvX8nK7Msv-Yx3icJzzh4h9anqZMcN9y6jiG9lcg0wTaEREWf1F3sYEd-Fvfo9Uw3bST9kbyzl3HvcaGVv131zlseupmz_7RNvgA&sig=Cg0ArKJSzGAZxXYGWIanEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1155&vt=11&dtpt=783&dett=3&cstd=362&cisv=r20230620.62324&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Jun 2023 18:18:16 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3B29 7 KB
6 KB 81ms
81ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe46e1ff95a96a54c68050eb4360a32ad1f71576ed0032a0def2d6853f04bee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5768
x-xss-protection: 0

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame A251 37 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7077 7 KB
6 KB 80ms
79ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61574431224d1d29538d81b53c7b6048ca2737bb26202d49b5b9570de7d4ef5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5804
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 60F8 7 KB
6 KB 81ms
81ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43f3d0bf74c4f4720bf7cc07fe2568e1df85116cf12cc889886eeea646ba34af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5691
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3C9C 0
0 73ms
73ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230615&jk=3826711246027727&rc=
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/11934569601524222564/img/ Frame 3B29 81 KB
81 KB 38ms
38ms Image
image/jpeg 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11934569601524222564/img/visual.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c07684aa8b5395431f3b243baad78a2ddac988833fed866fa18b7d9cb6e1fdce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:51:44 GMT
x-content-type-options: nosniff
age: 408392
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82828
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 00:51:44 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/11934569601524222564/img/ Frame 3B29 95 B
130 B 42ms
42ms Image
image/png 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11934569601524222564/img/overlay.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11934569601524222564/index.html?e=69&leftOffset=0&topOffset=0&c=Ilkv3vQ9y1&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 14:10:41 GMT
x-content-type-options: nosniff
age: 101255
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 14:10:41 GMT

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 7077 84 KB
84 KB 39ms
38ms Image
image/jpeg 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/visual.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=XEQEFsKwFt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 23:04:37 GMT
x-content-type-options: nosniff
age: 414819
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86025
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 23:04:37 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/13151972954896785613/ Frame 60F8 7 KB
7 KB 39ms
38ms Image
image/png 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13151972954896785613/logo.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6c6573c2cf885d137cce0a8373a7a6e292972b597b9b08ae74ba0f1382cbd59c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=D3tdDF3tnR&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 20:19:24 GMT
x-content-type-options: nosniff
age: 424732
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7642
x-xss-protection: 0
last-modified: Wed, 22 Jun 2022 11:30:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 20:19:24 GMT

GET
H3 200 60028053_20220311244041062_202103_es_jemen_1_bg1_728x90.jpg
s0.2mdn.net/ads/richmedia/studio/60028053/ Frame 60F8 19 KB
19 KB 40ms
39ms Image
image/jpeg 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60028053/60028053_20220311244041062_202103_es_jemen_1_bg1_728x90.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f81deecfe24c78cbc7d34f6c4def4d4dd615c37fc575dcbaff96406c9ff05a2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=D3tdDF3tnR&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 20:29:21 GMT
x-content-type-options: nosniff
age: 78535
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19194
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 08:40:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 20:29:21 GMT

GET
H3 200 160x600_atlas_P_1.png
s0.2mdn.net/sadbundle/1759278523689238034/images/ Frame AA24 41 KB
41 KB 40ms
40ms Image
image/png 2a00:1450:4001:810::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1759278523689238034/images/160x600_atlas_P_1.png

Requested by

Host: ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
URL: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b168f22be4dc01300597c5c53048c9bdbd5235f66c7d3b7e712a4801a09d39e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1759278523689238034/160x600.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 15:33:32 GMT
x-content-type-options: nosniff
age: 355484
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41574
x-xss-protection: 0
last-modified: Fri, 08 Jul 2022 14:05:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 15:33:32 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 06DE 0
0 77ms
77ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstTyjzzKXy5_PACsEfCF_qe98xK_2BVR_bQeTabjiiJviOdZmL4ANEhMFKIBpmUmpSzcWn03X__zYlpKr2AcqBSeuffZHXdm9v5WqO3q7GIVeF64JpSPe0jfKNosVqOFjS66yN16DD81wi2cULnx0jZW7DSAAeXsAnTir67hYoiinggr8YJymfpyXnWJr4O0W7etQVjrOsOZqBM_MgbWBZZZUSPQkuLivM94FIRg3oZzeLNP6SpLex1O2-7nRJ7yBWcJ1fvIKhGfjer1CTYC1T-TmUiRnfc1AuvN53vDueDvZlKQ_g0YMAwb9IcaHC2rgEpkSftjYmhYr6yLczCpHrwzmKOEV1InRaNU_Zh1a4CFBFTfTwpLUB7bUnCQyLBFaN9BiMic3GgAFp3WsegsgH1fGrV1grhFezaDYg_aFcpHAwYTiBhlwxp3b9d7_1pXUVy8s-OCeWKhdhmzs9zC5YVqe_1Nfj4OGo1lmb8uTUlj7j0DrkrVLwjloDZ4_McIIaPhxiRvHDIWSoY52P8qI_ktM9YdRU2F2q8Q19ggcmmKJQNi4AgdF-EuPhsxaY03tQef7_zjiQNYbIHCqo8tnpBSR2N47eDnvD8o9OkyCQJ9qia3Udt123AwIRDHuBcbQdJty5J0tpZO-HATXRAOjGDxRhAUcsJZC-V1i4QjzwFQgeprFngWw5kbWotgaL0GZrouC_EbKFHi9kOWRH8qBMAL61CYMkGZKi-V1nzt8XXGyOuH-qpX6vjYkDLWeugoJQTcylHSF8-OWHJ65vMarU2YR1-spHYvSoKDHTIm8vKrAFSfUJW8YIvfXj84iQ4oES1BPw5rkcnjgD2pjLPUaa5Yf1OO_oMZRKjtmnkuwBY7-srvOuN60PKb626TbglctMtIV1pJ_UinRn22mZ9d4skww8iyv6XBM8qVUfSKYsdaTeGMP3q8euXJ6qErOHqBh4ktGP3uSjXlw0golzZQ7ge-VnCM_rVvXlG-DicGMoGlh1MRlopJlRJ4lEECfWLrkWoEAEpjCCX1xrndJW2p4VqIXasF85p3GKZnE8w0iflCD-wrc6Rn8liavzq-oqCvyBUzsi6bgu8W4qevOyKAhSFHnLBbSHFtPFpxLObvM9jnYhOZSDpbDRL5JxG6XCPLrcnsnwOmPAI-K_WxQXTDGi6uiTG99rU0QGpNL8eMNNuKzVChvlZQzuadZsZ1USMl-EVqW9B_412pjseUU_AoA1bpFNN27gwkgUBe0NPRvqMOnUHIjvKcIzDyUWbJJFodHmcjvqgXNimFRHUP7A&sai=AMfl-YQIXmZym1er-VLSaY3eop_7U-2xRzpGepWMQKe8zdg44y_GTd0h8QMFPsvHtS7VGxkEuBB8VhWgcIrt34UGNZlArBKMU1hORryIXTP7cAorD9br_Q77Uc_1O7aS0V38Rs9cmJci7klumtDRQnOeXIm45CeDVQ-Zi49J4EahO0YETvplEPlFBLPJffVyEb6DpcownwajpezE8zuisqYvGWVP9fr2SSr4IZSA59ybQNiz6URCyVFwNGiikjqfo3lusJwCFZF7DbZhaCpi9zyn_BhKVp_I&sig=Cg0ArKJSzAuLQluQ1I1ZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=612&vt=11&dtpt=439&dett=3&cstd=172&cisv=r20230620.68105&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Jun 2023 18:18:16 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 473A 15 KB
11 KB 89ms
89ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306140101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e39cf8b0aa7b9d6c73495498dfa9e15ef2b1fb0fbb4016127ae51993d487dd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11297
x-xss-protection: 0

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame DC64 37 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3B29 17 KB
6 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Jun 2023 18:18:16 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7077 17 KB
6 KB 73ms
73ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Jun 2023 18:18:16 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 60F8 17 KB
6 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Jun 2023 18:18:16 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 473A 0
209 B 47ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687371493256&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:16 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3875 42 B
64 B 80ms
80ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvDKc0qxThgRF1Vje2u4i5cwhNvhmAlpTLVEYEbf7MC6uKTYIS3PTuTP22921pMTCQFKUNATu54bN8kYb5P8ODFSNtYQ2XGCvtiY4dbJstPKEWHOTPJpq5XYph-C5inj5t6XMO2ANOK_kVe&sai=AMfl-YSawsYWRna4O46bTCHzP4bCQnowWqqeN3t72YObpMhbiEGf-fdERVicn5LarKCGw-AaFSH5lzA32JZclvouhARGQMPhbLhL92991fydM8TUO9ch0IFkIMP51O4&sig=Cg0ArKJSzNyvFcHDx-UiEAE&cid=CAQSOwBygQiDkehJKdS_f6m9nFAvM5fk_hoqGwXXLBd9ovv-9zk7tELMBugt2U84CYQ--oc_CDHSlGGPbCWvGAE&id=lidar2&mcvt=1111&p=0,119,40,160&mtos=1111,1111,1111,1111,1111&tos=1111,0,0,0,0&v=20230620&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687371494651&rpt=621&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 473A 17 KB
6 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Jun 2023 18:18:16 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC15 0
20 B 79ms
79ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQmIK5j6TZLHcOb-d9u8P7Oiz8AcAAAAAOAHgBAI&bg=!q6ilqPzNAAaGYqkwpmI7ADkAdvg8Wll2DLTxmaFsr1JnULDeR0DbBHGgpx-WbnA5HcCM_XXlGzEZBjeyNyojZMWsvYRfzOl5-VICAAACWVIAAAADaAEHmQNTiIMCHl4ftL3heGywmWBKQHny7M3kEQiWstKIYe6M2ht2j6CT4tMiJDlk8FlYRvTTj5wVLoyVHgrjF85MVvCoyLuPxaGl1Kgfa1NLwP3c11kAJDwdt7F7ErJOFbGUA806l5_ComzF9NFHKoqdRibhYujmF3jp7_Own4vmCWDQM0TBsCPDHy5cGlPsWaYBtEiulDgErlaUluCJhPNylgvSu31DMCBE9Afid_dYG3O9zS2ATS59YxEZgz3GbkC_I_5KawZH17jl6MgtWqc4-tdR8UMAR_t5BoeWyYDlkL88E3gAPu0Pyrb-ER_J9A3Y68SF1Qxrji6vokgZphN0tHfQbpPkp2cjz9vMCoYR5KkLYIHHqjcXjdY3O-bafQ1a1czNGXwUqvBM4Zkd_W2Kt5tpYJqerNEeIHlowLbOASuHHT9fhvXEU60a6gQwyn2nPCrUXmFYRaHe6LiVYdUuqk8xCuBPr9rKAmBTiGgjsQ3DiJ3AuVEhBky0LJZk1BTSE5bL5NCeewGfym-FyIxtRybZ2Tv0mLgqPs2VCoGNrhyuon51cL9ckQp_yz7yxWAow1DYZI6z8jIx7_oQYFqbJlUrutAIWGjCtMvoAcKd5T6P3TEc15P-eksLl1ORFrUYSW7IrRNzjTkpXKvJfVpbnvHCuEBDJMKXSmvXT1rrAC7rWgO8hnCM1gc_izMhYh12GhxeipaFm5B4tM-ro2fdZDEwo6XKdydYjXfkC6p9MFRo_cNklJsUCCtRDu2GZtsc5RP4pqEhhLBMMunN11Vl7MNdV73l9d7dz_FT2PgUyu5DnN4N6CoTK_ajGMBGFMZLR4Wa8DBhy3jP7Dk7QYWA7HqO1iX8yGB1v6XVxlxKINfIr9v41DHVR7aS7V0tBH7NeodahFAemxCG1HZYT1dcok9G0MQUWtzyn_33SJUBMkEHX4A2HOPl_X3CLgOL8XnH4-_rCB_zCvE99E7uCKdFbXiFdMCmewvXXcMaC5xTsxfxbdsQ8XJjS4RXzLv7mUI_-LyVZVwWeP9vQQqMu_KobsELmmVP9hHqB6cUqN-ZsCMKtrHAOEtL3pvpNdXdDSQ9XyJ0mLw2YRfCs9LyEOXsi8SQt2Yl6ofO_G6onT5IcW2TXOh8hGQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3412 0
20 B 79ms
78ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpVeT5j6TZOqaOoil9u8P7vooAAAAADgB4AQC&bg=!mpmlmc3NAAaGYqkwpmI7ADkAdvg8WoHvxpFDbMAB8bdzfS7FxMKf9b0qileJ0GZPfvCFRhg1cEviFKgiA7NdkUku9_ispqeaX5kCAAACTVIAAAACaAEHmQNEf6vlGvUcYanO1by167sbJguGcBiwN7fyZhWO--d8Fl4Rl3QzoBzU1G-8a92lBFzbSlGuD1WL5usnsB_Uy7MHfrciPuT7vcfTJSMJV0BhJb8uYGgHjtJd2xUdKlKVAT78WTLulC6TN1kOQsaHSztoX2-3iQmaIvclVwtiWHjZv2wqX8q77w8AUUa3PwDKH23LcAO3zAxuLCaIcAtq8Ga6zKZ8NTHoCaXmYf82dq8ZxfRTlKviSIXwfj5XEF5LoIf6eaJC7AAi140yT6FSrIbV1Ka0XDHLB9ptv3qKWUQGRjZvu16rL2H1RqbC4iovpOPjLMXcKoGjeV92ksPCX8pchzghQlsxLynpBiQfKdL4qPUcWjMa_DEGQ_A05aA4KX9UKXOlPP7nadmN4-cm7SHKd-DzqQ0pzr_7hma_SuXiBj-HQYKu9KKLTrDALxQz_GLXZPKs7RANPKqYfqJM4XwZHNJFlslLzhzW_JPWpp5qy9e71hfEv4GU-TY6D1cE9xxU22cSHsae9KdzHt0mldYdULfxwHAO-h57OjQ61kiR5iWECOn3vFx_ZBZ5a5OaJet-Gq37dKoI9-L_s6HQJhs_9L1_spguPYoj4z3liGmD6w7Yxt1tL6JpotOUh0daNKAmwbW-nzyakvXFVEyMX9UA1TA8ssdUURH84Z-7WuKLTjz-GLBZh36ITEIK7u6QLWnnwGQz7nDejzMLITTQ1lELzzzJ5hUizuGZjV9Ta1GL8W2s5MrsPifRbMQRqVxeDJG0LEl5Vwdxfbxx8_yQpwBMkfZDhXkR6kWq6hbG95Dk4MuWzy6TCk7jpwxHNmJY09quMbO338LtWU052e6yTjtsokhOXu9E3EQtVRFW9QK1rJVenaBiixBpMRvIEHGAwy_ubp2TJuiEsJjWsLtVRLdeTmLoEjd6BkYOGw5C5XnVi75g4PxPAe2Lhwa7uow0IIaI5uiByUWWGJhu1yLhOdLCwNSpH__qrOQp-GLQnnMocKWkDl3kdIhhyzA4dcfKARZFPjjfWZFgRStA6Zfn9BB4_rycqjyAX0WUV4giITHXsH8X_NFmOP8FOTbPflnJE9UO7Vbe0ddW2fZaam03gkstw0bEc_4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame BDB8 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame C0DF 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7018 37 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2A51 0
20 B 76ms
75ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BIaFh5j6TZI-xOo-WjuwPkaK-oAgAAAAAOAHgBAI&bg=!SUqlSh7NAAaGYqkwpmI7ADkAdvg8WmbS9hWhu71dHJ4vfDfN6cTkbtdOuJtp-fy9xvUTspmC_XgEiaoDcySOcfTmqOOqEuuHwPkCAAACQVIAAAADaAEHmQNePbgq19Lps6sgZvjJvFCGvkPwXPiZVq6Q9dHGVADWpg_QctHwPoIviEDhy5dFi1a5W7PiUXhyrBf6-JxJoaAXuQZ4p2NVYbaSDUzS7cSGJVSX4oeT2ySHwdP1JueX5eNejsUJ7NZyvF-oSUKzRKMe_YIBSDQB8d5yni_-b6c5513IcRmmpo-vUDFzATfgIuIsN7cjtTYY-S6KSB-KulrazLMhBEEa84wv8ejp83SjS-_rFUo5bx1SDDFFhAGtfYyQBj1nZEIfCd_YK6nta_sFJKEVcpakic9Dsg4yL_VdkGs_e94piy9eQYyYVx8Xjfct8PpHXTv5bxK8FYLYeYFvp9sDQPDOz29FJDqCT7IlJKzpZsemHGNhzcjWsXer5h1O1TbiBfbgXM8_g55PWygP2QOmNTUYcPHNWCqj2gBua-jlve7B54AGntDmtt965sqxJ6LqREF8NtobhS7k67PvrTlGbYLV2dlETHV-1wY6howHK6gSWQ-beR96z_T-wsm77r1p6QM16MmSPySyGIS8BzV_0S9h5KNyx70smVA3RvK3b0WTyagRHBSOm-B8XqNiV4eyPEsiVReofT85y3K_qubTZNcmZ21b5Ab_v9B8-atMl5aZX3nEUQmbrsFJoaYQdUbMMZAgymi5Lrrv6GIUnLz7euKNvE8k9VBRrwrjjESlPlefJR_3-mpx8xDfjVIwztZvK67q5bo5aN6rGu6-OtjCyRjO2QYRDxhFsAS16_uz_JySFXVGvon-KT3uLEd2Co-qjYyfQHsrDFhty3TXkRfYZ24afR4Fh6B9c1A-8mXDAxBq3_87biNPhxNZ8319pLPkkzbgL52VraaEq5BzxMapLqXXT-4ZglbPHhFMVskqQ2_S5BPnzVSdzJ-oHhKbsfdWoLF7VkRzGWWe4JRF7W_ZJ9mT98Z43ePc8OjddL_uCxrfhHV431PpVtuXq-vI3s9XuhegzbC1au2C2xbLn0GSXkDiQMsqD1chMwSUnVr0VuwXcd_13edbLUJ27AfDzkJcbQF0hc7nsoUh-1eBzrtrS7Ro-k6VW4h7S6uHbgZ9aFomhC4k60CDm3UKCCcerYtdnTM_vhKO9LW8SVQBpnhZQM36SVks-vscQlJGJgl-fR-CqdZtxO6tCQ-j2A

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7638be4b07a92411bbffe
ng.virgul.com/tck/i_vb2/ Frame 473A 0
209 B 46ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed7638be4b07a92411bbffe?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1687371496767&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:16 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 473A 0
209 B 48ms
47ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1687371496767&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:16 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 473A 0
209 B 47ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1687371496767&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:16 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 473A 0
209 B 47ms
47ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1687371496767&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:16 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 497C 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bg12A5j6TZLacO4bD9u8PwJebSAAAAAA4AeAEAg&bg=!-_il-KzNAAaGYqkwpmI7ADkAdvg8WovzB9B7LJN0dPStqQ3pgldMDFaFMo-SFHWkRNjFNuAPXGfGa-TXgH7kUC22epocasQf6ncCAAACX1IAAAACaAEHmQNWorDAzrjYVNR3e7MiCx-dHpcaD-6eU4osMZiKHkIa-b1AbJJieGgaBBR4BWVTfYKDjptr3bYozZfigtz5kv2URWesx8YfdPUOzoVfd_AWM-0jpxxYxesHSZmY9ohQig7b-UzR5_hd42P5x0-stp636rkK-JtLu_mFaSZEUcZjNKXfOYiqjJuDYyhal1S5KbKOfUJasZesvsZf3y_GK5zH9SLHgXoBj6_FY9wsSc9FdiqeZxknJodZyvYYY1MVDq19dCzPdE_ce6gJ3QzPnIWD-yqmdDeiPvIvNaEdERa7pY7xs7W-nkAisad1qSJtv18WRu768S5DtZ13HDJsCQD2176Hg2VJz7mLI9CzAbH5Hvmqx2x4zDfnJgDghwFXAhvjFYJIMjdkdqsq6VboxUHc-EDwH_iUAhJj4HzIEKgn0ey-pQaqnT4OxFmc200wrtZdDqdrLm2HNNimE-5r5awfbbZaF8qrQcx2nfloLKB_uiOLBSwmicN9ablYsMSJThRzhT5mniHK9GVrF4oZbdKpKir9cOghQdD5Aav871i-QZGm_BG2HEqaKtleP7N5Nlrvn2ZLcPFO0ixmSgd8ifKkHjnBQRiJS5mNhxzmU5xat7rCOOw5TJF2Q_B10lWWbeaJsIsQ38nXqSGpAEMvbsghTTZdfTuBU5sOuyRAZ_WTYiPa84NbfOv81UvaValQ6OIvgtNje5GrrQNfxj8okrWFNYQ--sjuNx-onKlMGF_KMEftUlS5ufCMBrNHWGbSfraxfLsZ8SlxJK_OPxyf5_Pxjw4offQFzrttHnPVwK022XyP5YQqY9QiP7n0nDHMqeMln1BUDDpQYGYyvMBEWmyNt7MX65HlEEB-srmpehCWmF0BfZPMZPdRZScPE_HoM-GjFxq1GWEySRAYtMF1wV5f2HEbvcIKVyccfanlZhiphyQw809mnbY9GAJ0ukNxy8-Kcn_rmJ7H7wwTzx9y78Bgnj7PDBuIsSKvi80eHsqVbqY17FqpuX9Q9uNFx911ZgF_LMCLoKltmLetqcoB_EC3Lw3umRVZ09-20ykbzeiiWTLa_hqChaaeHikUIaCwK4i8--lDXkhACVR8iLvd1kZjIXIyQdA4_9j98tkBm-TzQgFOkEFrPZg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8F30 13 KB
5 KB 36ms
35ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19209
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 12:58:07 GMT
expires: Thu, 20 Jun 2024 12:58:07 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 83A5 783 B
533 B 50ms
50ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b6d021b923c5b5c2f6534a994f0779685e2ba002a4931663a6635cf2b03dddd2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RqpoQcqJnmuY57KqaKYb7g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-RqpoQcqJnmuY57KqaKYb7g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 18:18:16 GMT
expires: Wed, 21 Jun 2023 18:18:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DC64 0
10 B 35ms
35ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?EmeNag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:16 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 06DE 42 B
64 B 82ms
82ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssxHWADZ9iikFGlzkvaMNbJmIg1BozeDGaVZt-0lHHjrHXLu40kdzzfwUyo12BjvcZT77ZIg7B3U7RvJ02iJuQFAiV8wCTIUdkIkYuLytlSbQwFDjJcVM_KhorL6_VKphN0HCnROUTQA_k4&sai=AMfl-YR_hOSFEOA2h7XdCxiWRRio-5KpJzNjW9bUDmYAeb6Nmsq8-1bxmnkhS1gq6J5Cd9Xox1GnUULSkHiJt7VImswFt00ke4yFg9QoK9DHnpM46xaiX7Bs5xU36dI&sig=Cg0ArKJSzLbLDVU5KaqZEAE&cid=CAQSOwBygQiDNfQJuXlyw0cIP151IJ3B7MdLLmQArASqBebC619iCTcXpZ52Nqruk5QfyRVlV2MuJBoVucUKGAE&id=lidar2&mcvt=1034&p=0,119,40,160&mtos=1034,1034,1034,1034,1034&tos=1034,0,0,0,0&v=20230620&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3299242717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687371495021&rpt=752&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 078A 0
20 B 72ms
72ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8086946754322&version=m202301230201&ct=76&x=1&cor=18335770602875574000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E82A 42 B
64 B 99ms
99ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssrSIlHgNTt_HDDfRlB2nWSJGUnk9ehHj8bTrfu613IaVklT4LQIrgXDb9GHu1G-toEV9IvLPiJt72KPhgn-sRE54HojQ62A0y3LqVGyRAbYdbBi5g-MlKNLZw-nunPLnGB700ppNDuEsJn&sai=AMfl-YS1DlMiYwuhKwp4P_VEbyW09lmsQOk3tiSjYc3e3Biw8e45Paqof6XLlyFT1T8mjHeCPmZahav9vny52Mw-ls9we3kTjgv_lOABblqyvijDzYtRZsz2nssEEgg&sig=Cg0ArKJSzM39dh73nSHkEAE&cid=CAQSOwBygQiD0A833J0Gh_1k9xTVcgzahA7GqVIJyY0VYnCq1EAvjxGokOIx2x19TkbQSGFa0YMTh8J2xh0HGAE&id=lidar2&mcvt=1034&p=1,1,70,729&mtos=1034,1034,1034,1034,1034&tos=1034,0,0,0,0&v=20230620&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687371495061&rpt=871&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A251 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZwzi5z6TZMGhJfaXjuwPl_KAmA0AAAAAOAHgBAI&bg=!Hh2lHUnNAAaGYqkwpmI7ADkAdvg8Wnw2UcKjsMlBePk1ApYlgimubZmwErvhN9sq26HiyzMgqAJ27zid9CGeme1ein4VZ8Kc2gICAAAB8lIAAAABaAEHmQNJmBc-qXPWVnKRiq24glVBUfyOD4KCYJxmmlRhQhZPDPMAT5xxCYEOKzGy2vRU2frZae4pdSDlTzWfvN7L-LS0BZpA_hZ-4SFdRgpJ11f0ZnXeWE6i829xx4jMKiIAo7FDRxjZYdoIDNIpreK0BJWTJvAH_cryfDt7MadVrlzZx3TdC2Ar9vjnWgRlLfM2bvjoCWTUOSIKD3iEOR7Eh-JeU7nBBveJ0Csjg1QtklBcb8qtQsJE6mPotSN-iAJChlfR5Tj6_9tq3yMZtCmmUykHZkdXUpW2UcU7iDEqp1ArUZqWYLdySxPnT9il7PIiHBm1OIok6_YXIO_MibRvMeUC85mHYQld1rhS4H5ABQmcppdH7KuXG6jEV0bwcRF8GcEe1gQ0Fxwkm9ObQss7258VvUaX0CV_TKUI8d22sQGBtqHC6jqE7rjNqGtuSgM7kU6aHXt7h2X2JmcNL1vuSyjoxeJID7JaISY8K53bJ0SSXJ6TZUg21FGyxLk2sjFuP5rZAuLjpfb8rOThB3W22Tqbz2SXt8kykzbOXpTFymLGnb29IriJFfZ5566O2A9W6YH-_LIEVYZ0NtsontwoV_LwMKuM8wCPc87qDyzKbiyS-XcMQS3it_E00xVvgqDEtQ9y1aWCYoYxPH4kxp8JmgaKpeUmYCGb1XEdC9vhUfPU2DhdUGrza-EtpSwgivYD96sqm-5DoE9s2x1z9l6kyeJJnvOPszoCCT7q9UvvxcL-F4OIkuKxe1e18CC0AZFKJ4hSmTrbX8Yck4E_hg8CnLs6P0KAP3ZAQgqCcOPCbYN-qOwt5DrKMuh-Q0mWxquCrEKgax-ldKOTkD-hJk1t6dkzfI1-z1zWMp-W_lveeWTO8A57HMAXTMpE1bTlbYEFLTt6ZX1zpbqtZqjIjy3RU9NHerWvuz_tg5pP852uioXJkA-yDQyXytKkBoS-zp6QxSwwO8jeLE1i3Hrz55dDnBivTgeZ2jCHFQTDjHiES6AUxBli8eGPIl9UOD72uBiYyrtT5pTaNSQbVuJYxrMzYzMVm4mYkrLcLbFQdMAKFSwg9xeZvEGiFnOUh24SaA2ru_9ptqCl0LMX-CrfcuN66bxTOiDhOQUdcBcdCQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 83A5 0
0 73ms
73ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306140101&jk=1579024527047855&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F30 37 KB
14 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mZQVpQj-eDQajpu59Vq9E2pMu32_YVAoNW79LAI6QMI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:32:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20731
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14716
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jun 2024 12:32:46 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8F30 0
11 B 35ms
35ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?cWmjJg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 18:18:17 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE50 0
20 B 73ms
72ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=185318171594&version=m202301230201&ct=76&x=1&cor=15420849320084080000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F934 0
20 B 72ms
72ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3348390274759&version=m202301230201&ct=76&x=1&cor=11182830353131389000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3875 0
20 B 72ms
72ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3235154992696&version=m202301230201&ct=76&x=1&cor=3704984583653351400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 473A 0
209 B 46ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687371493256&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:17 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06DE 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9725555649188&version=m202301230201&ct=76&x=1&cor=5006476504175488000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 18:18:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CE94 0
0 75ms
75ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230615&jk=3826711246027727&bg=!LyylLHjNAAaGYqkwpmI7ADkAdvg8WtD-QqVEt9qS4T2RdcOzMlGdouc2rrPGZjaReAiodYPKfEPUndtWjAowjdBj4YlrPP9bbkECAAABJ1IAAAACaAEHmQNSZ3MXQteUm1nkN4WJTxjI1vZVyE0BO_nIwfVn0F6ZGEzkvdVscr9aPRN4HlGOfSmteevoWBP96oNt4qCNW_rudMwnR3ix1Ax6tYDXO22AjTAyTC0qiWGSDOJ9Tglgzu253-4c-EIuhhUPxqz2SYbV9WGPZ8X8du-3VWI6oG5vHqMj08TtDDy8QWkj-z5BFJ37BLHpfA8RaRIFcOfDCKUG8q12e5SnK7S2NHYjXnTnwXmz5PuwhVkUt0izSiTxudWy4Yfg1zSKyKsx7LH0BM8hJ865YTHBNXn83UJB79qAdnOA08F7VahIuyHYFYyzkDHstHwHwRFsi49obRiX7Fi5-hEQVOYEYvRBHrfJ4cZLq84D5k5U-wvU3z6QVKJfAcWmmvNGf7edXx3N02fwOWEOIZ7QOLOC5bzF2_cXJiIyXif5RlzR6JPlLfzFQmDWjQhRgsJV2c_e832YN56VpV_RMD--gyMT9heUOgvQN6mWleeJu6Rii5YqzuJugwbvuJfRPZP9MtckRtPLdoXtEckWsB5zIw0zpI9Lh4iqoONHVwZwQnBhReSbGq3nrZX_RiurgwM24QOVfBpLPFXtY7LIhF2FYMaE8P26wC4sr1aJ2A-Hg3jCcaumUYEeuzb52OuGfSLr6fbEvpaWXGpP_Wbi2b2lsqkmFumHwcqWTpbGfnpKas822qu3QUXTYpnaWAnNotz4aNHJwOvxCErr5dq1Oecb205nz_QCbbTXPFUwYIbG8sJMZ47weFif7nX7SCIh2G1Ee1gTtPxu3WIMvq2SVrQRi0fFmF4ElF23hYr5xiWNqmY4n5tJnv3bU_P79YAU--YfTDIuzlj8UpluaFM2kXgiTYw5pbrAu7BK55GRb3BDVdHbl41-xUGA1wTVbyPk-yvts3QvKoXCE6rQxwjwzJESpHrLde9vkTtzZF31qeVpSHBlAuD_WP05pb9JeQd7qfn8P-dlhMVZdgZUx8KlA4rmQVH5VFGG4O8_jcv3EnrU_RPwOvrQ266poflwX4OzG9dr2KD0FHtkUHSLrBkbbda0tnWzIAbWyDiTJqxbMrpnAiJuXc0BOF6wfFTdwIPVcZ_TAZyF0VxsVFPZua2CHMjvTS-JpjHOR_31EFgAuTO0mg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 473A 0
0 76ms
75ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306140101&jk=1579024527047855&bg=!YWKlYjbNAAaGYqkwpmI7ADkAdvg8WtF11hKo-4GU-3rtCXb7Qe34Y7TFUKN5-s1ikDvShZaD4CEd483uGiVbyMoI6va8XbygEz8CAAAArFIAAAADaAEHmQMHNUg0ohIl_DV9Sn5VRPzW5jDcdi0kG9kms8Hu6_wFbUMKuNhzWfKGME42gXENnr5znxKCf-iuc11w3h6IfyC0Hp6T48j5U-3_XbMoRXBS5I54sWAeXUivXUkmBFeZ9_QVBq264bmEzT6ofau1dkNROMBCoeefPto2n-SY4NG8tRRAyRCDnAJ9G6XK0LTeZkLCtjR8ZiwlI1YcYSwi5vOIh8QnhIkig8apbW2IjS5g3Lk2n1aTuezvPD_B-6CtZlkOLAHVoh2nn8gTIhUvHmWuca5zo9uGwyA8mkWQsY0RKgn8OVS4lTHeXjzM-y-g2oZHzzFhmTbxa8IUgRpyIzRcVX3lYVmVU1TNUmsW0nRzizjjrBVVbYyqCahrwXESoqGMGlGjjxbvI2fuSn2M2o7Ig6IEscW-bgH6UjFkbt4S6ZhkETCsGDeBNNZ0dIPxMoWR0YavaQgdULrBksjjc5j5d4EUqMIVechHATVcssa5P1Yvzg9htoNdlKLdka7IbiFhEOVDpCKiDqmkET--A25L-3CFEJEix5ur8hg5ENCxyOPa0KtSXqXqVPbmjwZ5rWZ5geio0bKiyZPkG_xt0OyCTOGguym2E_k90OAuYvKa6ffxM-LG3L-r6lduYofSpRllEN63wIU3te8VLBJcY504F5kGAHLFx4mTDAPnCFbQ-8HBfCKMh9Jp46cDTu29_qDisjlTa7fak0BV0EUnCa1XPovfmIMQGGaaAZCrJ7l4lJfUNXbazRgzPn15pq2NydNQQy2a_1Piwf3CMnL0OnIafwpg47UhXdsG8AhUWpBQsRid9-zUwWUV8y5WNsO3mlP9ZJK5N_GJCL27w_XUkT-BonS5u0XIfK1_4zWFO4OF98AW9ArgAuxHYybfo490Zb0Z1P1Qgzn06x6N4dwXJlUQEc6Bn9kKYqFA8ZK5eTlTuCJkuJuaj1Qo43wKs8GS59O8MLIkjEAqRP95uiY3QAEcwP5ZuSF8sOC7geAdYdSV8I4G5EYllhAqQNrC0EzBgCmoDJ11IA1afA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H/1.1

200
OK

firstevent
unilever.demdex.net/ Frame 473A
Redirect Chain

https://unilever.demdex.net/event?d_sid=25453995&cs=1687371497792
https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687371497792

42 B
952 B

37ms
37ms

Image
image/gif

54.155.194.178

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687371497792

Protocol

HTTP/1.1

Server

54.155.194.178 -, , ASN (),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v049-06b277510.edge-irl1.demdex.com 8 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ZX4lYtL1Si4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v049-0a9434211.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Lx59W668Sco=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687371497792
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 473A 0
209 B 53ms
53ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687371493256&userId=vnet71e134b9-14f3-4e8c-9ce0-6167885a39a1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 21 Jun 2023 18:18:18 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.casalemedia.com/	1970-01-20 21:28:27	Name: CMID Value: ZJM.5kTZvP6SkGsr3.152QAA
.casalemedia.com/	1970-01-20 14:52:27	Name: CMPS Value: 1135
.casalemedia.com/	1970-01-20 14:52:27	Name: CMPRO Value: 1135
.adnxs.com/	1970-01-20 14:52:27	Name: uuid2 Value: 4186930869007779220
.adnxs.com/	1970-01-20 14:52:27	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?ku[Wle!]tbPl1M>e)ZlrFUfJ+tGXxpCSgs!^@0K-YSdPjtYYU?*@ey!6Q<<dyF=tgs3If)y3KL9D3I?+Qn#n0m
.doubleclick.net/	1970-01-20 22:04:27	Name: IDE Value: AHWqTUnc6yNNdHCs67ercFTuU8W6DmYrnFLlUHOqoznVbC40zf_nhcI9wrIMs1huYgI

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x69807j0b5.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687371493514&bpp=3&bdt=1061&idt=345&shv=r20230615&mjsv=m202306160401&ptt=9&saldr=aa&nras=1&correlator=6942882967528&frm=24&ife=1&pv=2&ga_vid=1080837522.1687371493&ga_sid=1687371494&ga_hid=945310575&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759842%2C44759876%2C31075468%2C42532269%2C44788442%2C21065725&oid=2&pvsid=1579024527047855&tmod=1182908093&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.v1upmxx92am6&fsb=1&dtd=357 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
aax.amazon-adsystem.com
ab833794d0497e9b197b2a85a47ee392.safeframe.googlesyndication.com
ad.turn.com
adservice.google.com
ajax.googleapis.com
ap.lijit.com
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d.adtriba.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
feed.pghub.io
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
match.360yield.com
ng.virgul.com
ng2.virgul.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
r.turn.com
rtb.openx.net
s.ad.smaato.net
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.virgul.com
sync-tm.everesttech.net
sync.1rx.io
sync.inmobi.com
sync.mathtag.com
sync.targeting.unrulymedia.com
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
unilever.demdex.net
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
ye-mek.net
13.248.245.213
13.32.119.77
142.250.186.34
142.250.186.98
151.101.2.49
151.139.128.10
162.19.138.119
178.250.7.11
185.29.134.248
185.64.190.78
185.7.176.221
185.7.176.222
185.80.39.216
185.86.138.152
20.127.253.7
20.60.220.36
2001:678:cb4:bbbb::11
216.52.2.48
23.32.185.35
2600:9000:2450:6c00:1b:5138:8a40:93a1
2606:4700::6812:19ad
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:800::2008
2a00:1450:4001:801::200e
2a00:1450:4001:80e::200a
2a00:1450:4001:810::2002
2a00:1450:4001:810::2006
2a00:1450:4001:811::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:830::2001
2a00:1450:4001:831::200a
2a02:6ea0:c700::19
2a02:fa8:8806:20::2040
2a03:2880:f083:100:face:b00c:0:3
2a05:d018:d29:3605:80dd:9dec:7ab0:1c1f
3.123.212.69
3.64.137.20
3.75.62.37
34.102.243.38
34.96.105.8
34.98.64.218
35.186.193.173
35.204.74.118
35.227.252.103
35.241.45.217
37.157.3.20
37.252.172.123
46.228.174.117
52.222.208.154
54.155.194.178
54.76.252.247
69.173.144.165
72.246.168.124
77.245.159.14
85.114.159.118
94.138.206.83
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00db83f2f67f54a5ff8e5094187939baa3832ee00093dcf3f76e228c58cecf4b
0321c1e3db4074eb2e01d603cd6b2de37a5c73e5b87fdb30c6fad653a9d6cbfc
038c545ef084b3fe9e6c446e8080e4d6be85650256a782e67219ab547aa65c82
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0868589a1cd281a24b6ffbfb487f717067c8e52c1a290fc7f87cee172fec2889
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b2d8fd4a6161ad906bafc22e940f877457b9204dea59e49d2d2c1f170919696
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c28128d4531849e77a1f8f5e29ebd5a3f84e41521c4ec3b6c14173600e5d541
114499ed68c9cdf734ef7400fbf244eb4229e6f581e1905762a6b7553bba1f0d
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1515e0490cf1557ede2b5ec3dc6406900a887f5c9266d862a6ceed337260dd8a
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16c7b8b533b32046de7ecf38b4cf274ceb592b3240a3ee4474943b41e953a874
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18260dc8dc16f99903631522e2ba967455d572108de3f0c677dfc43131630451
187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8
1a81ba6ea845f7cab298d213fc139e3aa1838d5cc9864bde51fe35d01842b30d
1accbfd644296a9f156307209646deeeec0943950cf8ff2a3e2ce8f7280baf50
1e9df7f92c17f6723697fe020fb761a56bd23523589472a4c163291f3e3f375f
1fcd17fc2a42eb16185e2f5e4b7e93be06351b4c051d25332acb73758c565bab
2216e20f57afc7e5430a4a51e5bd5a8995763a95bd03d67cd519395fb82e75dd
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
28af08d8ab914af2c5165d53ea62e2f19b6f2d969b790073e6723bfdd2ec87fe
293c4dc30efea546e286c0185dce44c51099dd75f3486716f08547a8df84d6a7
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
34a5f36a5a799174b828ea875d1ee664cf0397285db23ee040442ca7f7297e17
35e04b4855605c908b85662df66fa3f5fce2fe1fa2d284873c1349b101bd7bec
397c71450267516d7aa88e82c3ea9d8cb9bbcf6303fea3dc5904d631d3cfccff
3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
3f064267c64c1eeca604b20f9d60538c32c14e90528441d0524c2f30161f8b47
3f3f19a91993489b6d73ffcd539452bc07a9f58bb6d7494c3669364350ca8406
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
42957ef601fd013119bccbb5d1a6a656f89851c80a3e5a1482315b87251f53be
43f3d0bf74c4f4720bf7cc07fe2568e1df85116cf12cc889886eeea646ba34af
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e
47cc8b9ac646b5ea3abe0ab3958bf8bfcfea2e940287392dc73110f55737b122
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49d93b68b0ddde1d793f88463efa0304075fe8e1c487d224d2472714853cb98f
4ada1ab36d79498691a5e1f161485d0aefa6f6611160e9183963d67e977a7690
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bff962fb085bc7a7d81b7a59a2dceb2a6dd7f44a6d25af7040fd62f86393a05
4c5deb00f38b73c0882d773ade1a2084150544c3129128fc0655f419ef157e93
4c6847d6c187314e234ace1a963c78c659d2429c0790444c674b5d72180822bb
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fdc5391bf7f26b8640e050ae3e95ff1ea315746f0062053a894101b910f4049
50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
510b186e641d8ac1c76d3c1d9df86920af3704e9d910a011b09f6ba8d98dd08f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
599bb6748f60ecce39049c7c6feed7bfd65e9ba09ef478ff0661381840117a9f
5a350f676b9e830d9ff457f61ecaa1f23f902f0888f1856bfd7186fb28011557
5a890b96bb00fd6a96f4b5e43fa646fb4b331d9c55b88bf6ca5dafd2bf1bf184
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5b70d8eb19ca32d244e29e759e816c343be893232978532c9d5943f838e60e0b
5fc29daa67f3830d0f03767227558474c4144a5ce22f9ba6ffc77b05e523f516
5fea843a3f457beefda91acccf6e72825c204589b59d2cc93a63d778a8208447
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61574431224d1d29538d81b53c7b6048ca2737bb26202d49b5b9570de7d4ef5b
619a9ed8c728439b3f30fe45b5fb4b63ed7ed3ee796453ea760c953c0a8a3201
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
68bbcab002cfe978fe70454b240f442046de6170bdef247b98f4819f1e7f2417
68f8702c1d3fb44f6df07969952f51be1ce1a0be2dbf71c1831f0ccca70085d9
6c6573c2cf885d137cce0a8373a7a6e292972b597b9b08ae74ba0f1382cbd59c
6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a
6f466d57e24e570ed50999ffc06b6ab3a0be9fc96a14496b1cdafd9071e11de2
704a70e745cff94e4cc43046e5918dceace2f1234b2e0b4b8f4df872f9e574f0
72def4e68fd499ad2d5345f3c286c6d1d88bc598a3b45b4455391cd7b1592134
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
753efabef73a07a700ba8c82dc7c1098baf31aaad0f8ac476c98cc2cc74506f1
76d65574289f862740c28c1532cdc2ed68d13d532aafbbd1ed764703f526a078
791d49454d155e924522a06bf7fc34420c240237b74895d6d73466ce25a47e60
7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445
7b824042a7108079234121c8a6e471f11b166bd4bacf85fb9cab29a9341eb647
7e39cf8b0aa7b9d6c73495498dfa9e15ef2b1fb0fbb4016127ae51993d487dd2
7e4d53cad654575a4462422bc00255a7d228a2fbc163691982db7a506c0a701d
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
889f2bab730d916ae6b55451a2f2fcdb173b310e29306103ece5b4c545a38156
88df0b2490a5a1cf2163d628d9a01a1828e026c98d49a0a5e21c433fbe1acbfc
89bbf4fab3f4a9f46c61a009ae320d458a58958adff4763b44271c1702d2e5e9
90980421e3762accc4e39e6d786c4fbf9cfc9b1e6bfc4a02550ef3fbbfc585f7
90e8bd697e0668761364bcfd732338fb0f0767eb5696a872e3c179051abf2ee3
95ad298529b351217d8c00e83841c52f8692a206c581566b0293cb15475bae7e
96aa3667db041dd0f9351d85ca19b7485bf1dad1832ae2099c65cd5a11841275
999415a508fe78341a8e9bb9f55abd136a4cbb7dbf615028356efd2c023a40c2
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b38d88b1023d2badd893cbb744210baf4a8f01a2c36f2efa8799dd86440cf2c
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9f03509718beb4070d2850b743d60a459a91d5c2510a0698675f1f2132e55468
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a9f2bdacd4951b5e28dcd417c660d0e84dd2d82c09b81d4ff3f22e0bd3b20cb0
aafd932c0cbef5ed1ccb1bb8c831e8ed6bdcb98a43efbcd2a66b13a23cdf2add
ab400f5a211f612039eb6dfec40978bdcf37d4f0cee4b0343033cb6d782f90d1
ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6
ac84623d4ead2886499106fd1fc56db67f55cbbdbfeb8821aa5ca460ce409686
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
adf379f80ce276b9dc4030667cf06a2b68c7bc10908a9cc4d492b8b96aa15997
af3dab84f0ebb621020554e0ba42f2bb6d44dbb753fd15a0a379ed1eb0d6e524
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b168f22be4dc01300597c5c53048c9bdbd5235f66c7d3b7e712a4801a09d39e1
b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895
b5902ea668c562d9b87129182849179f77967f4210bd2dbd0077e9debc853365
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b668790fb4a78e37c82b8fa599fb7e8a0dc59ce0b2b9d420c32f6d9dc6f62c17
b6d021b923c5b5c2f6534a994f0779685e2ba002a4931663a6635cf2b03dddd2
b85fcf52d1e967f835355de87e56edb03a3555ad0783a62d69fc0dee1560df83
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
bfac102aeba2cde9ae1b7e53725e99ad00bf50da474b1927c92187564ff1b907
c07684aa8b5395431f3b243baad78a2ddac988833fed866fa18b7d9cb6e1fdce
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c3bd4256e24644470c1507a005b41ab30b7c9c0e2460c57fb294a76061f63f79
c5476874ca5ddcb0143951cc2199c753f6b43ef0f73bb8e1e0470b219468958b
c90a50eb981a4e8530d8ec3ea334dc774448c5e0b7faf3f37cd64bc7674bd371
c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d
ce1d83c141c0efd469c46097a827914115fb3f663b722b4ac8923d00234552c8
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f
d5232d54f552f36dea15ac9afdc160e549cb4e8eb52dd9da5f048eaf9264449a
d5a74bd20eb2f78f5a088be7f2c5afe1b623a98f6bf5cbe2537e5c187d393afc
d6350ccbc96e6f4089866ba29b8e2fcdf961c3c5b428e8611226d39922e1fce0
d6a2996a3bc075d168368e0ad02d3e6c0793e1547693c5ab021189872209869a
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
dad1692887061cb942576328b5127f62da25c508422e4ed34262bde21f957708
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
de096fe1356410d3e4529f6a78bec96bc9ba0426020165bbc56c5e7b4221f032
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0af3bcc630cabf949c3027d9f025e361b5951dc903d6b3a1edd3925b608f231
e200e1462094eecba53812ae0d8063ebaf38162d7cde36194b196df1da860ab2
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e83e8632256c5072bcc9d126fd31fc4e8bfa323231f1d212e745dab97d90895c
eb4fb192ee9f4113cb388d1d230d447ddf19e841c6486cfe8b084af7572ffff6
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
eba2bad63eb3b81e948f61dfa0aa09d221c44ae7d66047fde64fcea8bbc96412
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1d01474eae883861e56002864fb1d8b1e5edfa274e73a50e56654f96d0c679d
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f81deecfe24c78cbc7d34f6c4def4d4dd615c37fc575dcbaff96406c9ff05a2e
fe46e1ff95a96a54c68050eb4360a32ad1f71576ed0032a0def2d6853f04bee0
fe665a455aceb9598500cae8ccd808cbffe5a3525c32cdc7bcbaa0e83a58ac0c
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

377 Requests

87 %HTTPS

34 %IPv6

49 Domains

66 Subdomains

43 IPs

4 Countries

4807 kBTransfer

10860 kBSize

6 Cookies

0 Outgoing links

Redirected requests

377 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

377
Requests

87 %
HTTPS

34 %
IPv6

49
Domains

66
Subdomains

43
IPs

4
Countries

4807 kB
Transfer

10860 kB
Size

6
Cookies

377 HTTP transactions
8 data transactions