pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Submission: On July 06 via api (July 6th 2023, 3:53:19 pm UTC) from TR — Scanned from DE

Summary HTTP 421 Redirects Behaviour Indicators

Summary

This website contacted 53 IPs in 8 countries across 48 domains to perform 421 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
4	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
18	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
17	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
82	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	13.224.89.83 13.224.89.83	() ()
26	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	108.138.9.235 108.138.9.235	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
2	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
41	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
12 25	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
4 8	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
4 6	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 4	104.75.89.75 104.75.89.75	16625 (AKAMAI-AS) (AKAMAI-AS)
6 8	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
2	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
2 4	52.49.75.151 52.49.75.151	16509 (AMAZON-02) (AMAZON-02)
45	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
10	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
2	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
20	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2600:9000:245... 2600:9000:2450:a800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	18.193.242.108 18.193.242.108	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
2	2606:4700:20:... 2606:4700:20::681a:71b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2600:1f13:800... 2600:1f13:800:7782:8fed:9484:95d0:6996	() ()
1	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	() ()
2 2	52.29.25.103 52.29.25.103	() ()
2 2	213.155.156.166 213.155.156.166	() ()
1	178.250.7.11 178.250.7.11	() ()
1	34.160.236.64 34.160.236.64	() ()
1 1	51.89.9.252 51.89.9.252	() ()
4	2606:4700:20:... 2606:4700:20::681a:ad1	() ()
1 1	104.64.118.247 104.64.118.247	() ()
1	2606:4700::68... 2606:4700::6812:7e05	() ()
2 2	142.250.181.230 142.250.181.230	() ()
2 2	84.200.5.215 84.200.5.215	() ()
1	167.233.13.224 167.233.13.224	() ()
1	145.239.193.130 145.239.193.130	() ()
2	13.41.28.186 13.41.28.186	() ()
1	13.32.145.36 13.32.145.36	() ()
421	53

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

82 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.89.83 (United States)

ASN- ()
PTR: server-13-224-89-83.zrh50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.9.235 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-9-235.fra56.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 172.217.16.130 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.89.210.212 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.75.89.75 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.94.180.126 (Amsterdam, Netherlands) 6 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.49.75.151 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-75-151.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f98.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2450:a800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.242.108 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-242-108.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.30 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:71b (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f13:800:7782:8fed:9484:95d0:6996 (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:b314:a0ef:ab7c:d546 (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.25.103 (None, ) 2 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.166 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.236.64 (None, )

ASN- ()

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (None, ) 1 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:ad1 (None, )

ASN- ()

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.64.118.247 (None, ) 1 redirects

ASN- ()

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7e05 (None, )

ASN- ()

www.conrad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.230 (None, ) 2 redirects

ASN- ()

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 84.200.5.215 (None, ) 2 redirects

ASN- ()

www.telefonica-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lead-alliance.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.233.13.224 (None, )

ASN- ()

partner.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.130 (None, )

ASN- ()

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.41.28.186 (None, )

ASN- ()

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.145.36 (None, )

ASN- ()

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
132	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	1 MB
75	doubleclick.net 14 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 346 ad.doubleclick.net	477 KB
45	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 325	2 MB
43	ye-mek.net ye-mek.net cdn.ye-mek.net	636 KB
24	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 30069 ad4m.at — Cisco Umbrella Rank: 9754 assets.ad4m.at	1 MB
18	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 951 static.adsafeprotected.com — Cisco Umbrella Rank: 624 dt.adsafeprotected.com	200 KB
18	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com — Cisco Umbrella Rank: 74231	233 KB
10	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	2 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	504 KB
8	spotxchange.com 6 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 794	5 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	6 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 257	5 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 391	110 KB
5	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com — Cisco Umbrella Rank: 88	222 KB
4	ad4mat.net prod-rtb.ad4mat.net — Cisco Umbrella Rank: 148578 static-de.ad4mat.net — Cisco Umbrella Rank: 192748	8 KB
4	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1425	783 B
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
2	webgains.com track.webgains.com	50 KB
2	de17a.com 2 redirects d5p.de17a.com	653 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 633	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	1 KB
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 8041	914 B
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 1067 r.turn.com — Cisco Umbrella Rank: 3947	869 B
2	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 338	141 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 496	420 B
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	cloakan.co www.cloakan.co	1 KB
1	webgains.io analytics.webgains.io	31 KB
1	medialead.de pv.medialead.de	366 B
1	o2online.de partner.o2online.de	1 KB
1	lead-alliance.net 1 redirects www.lead-alliance.net	436 B
1	telefonica-partner.de 1 redirects www.telefonica-partner.de	262 B
1	conrad.de www.conrad.de	476 B
1	awin1.com 1 redirects www.awin1.com	694 B
1	onetag-sys.com 1 redirects onetag-sys.com	339 B
1	mookie1.com odr.mookie1.com	214 B
1	criteo.com dis.criteo.com	363 B
1	quantserve.com cms.quantserve.com	466 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2276	174 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 383	266 B
1	gstatic.com fonts.gstatic.com	34 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	363 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	82 KB
421	48

	Domain	Requested by
82	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net ye-mek.net www.googletagservices.com
45	s0.2mdn.net	pcloak.blob.core.windows.net e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com s0.2mdn.net ye-mek.net
41	tpc.googlesyndication.com	e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com ye-mek.net cdn.ampproject.org pcloak.blob.core.windows.net googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
25	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net ye-mek.net
21	googleads.g.doubleclick.net	pagead2.googlesyndication.com e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com ye-mek.net pcloak.blob.core.windows.net googleads.g.doubleclick.net
17	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net ye-mek.net e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com www.googletagservices.com
10	googleads4.g.doubleclick.net	googleads.g.doubleclick.net pcloak.blob.core.windows.net
9	www.googletagservices.com	e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com googleads.g.doubleclick.net
9	e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
9	ng.virgul.com	static.virgul.com ye-mek.net
8	assets.ad4m.at	as.ad4m.at
8	dt.adsafeprotected.com	e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com ye-mek.net
8	ad4m.at	as.ad4m.at ad4m.at
8	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
8	sync.search.spotxchange.com	6 redirects googleads.g.doubleclick.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	static.adsafeprotected.com	fw.adsafeprotected.com e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com ye-mek.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
5	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
4	fw.adsafeprotected.com	2 redirects pcloak.blob.core.windows.net
4	sync.teads.tv	1 redirects googleads.g.doubleclick.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ajax.googleapis.com	ye-mek.net s0.2mdn.net
3	ye-mek.net	www.cloakan.co ye-mek.net
2	track.webgains.com	as.ad4m.at
2	ad.doubleclick.net	2 redirects
2	d5p.de17a.com	2 redirects
2	pm.w55c.net	2 redirects
2	ng2.virgul.com	ye-mek.net
2	static-de.ad4mat.net	as.ad4m.at
2	c1.adform.net	2 redirects
2	x.bidswitch.net	2 redirects
2	ads.travelaudience.com	2 redirects
2	prod-rtb.ad4mat.net	pcloak.blob.core.windows.net googleads.g.doubleclick.net
2	ups.analytics.yahoo.com	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	analytics.webgains.io	track.webgains.com
1	pv.medialead.de	as.ad4m.at
1	partner.o2online.de	as.ad4m.at
1	www.lead-alliance.net	1 redirects
1	www.telefonica-partner.de	1 redirects
1	www.conrad.de	as.ad4m.at
1	www.awin1.com	1 redirects
1	onetag-sys.com	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	dis.criteo.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	tr.blismedia.com	googleads.g.doubleclick.net
1	match.adsrvr.org	googleads.g.doubleclick.net
1	r.turn.com	googleads.g.doubleclick.net
1	ad.turn.com	1 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	securepubads.g.doubleclick.net
1	imasdk.googleapis.com	c1.imgiz.com
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
421	68

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-07-03` - `2023-10-01`	3 months	crt.sh
www.ye-mek.net RapidSSL TLS RSA CA G1	`2023-07-04` - `2024-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-15` - `2023-07-14`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-06-04` - `2023-09-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-27` - `2024-03-29`	a year	crt.sh
pv.medialead.de R3	`2023-06-14` - `2023-09-12`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh

This page contains 55 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Frame ID: 36A69AFDD3771165B45093260EDC0549
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 2CFFBA56CF676F315F91C392F4F93DBC
Requests: 90 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: BFCB317A37F3EB27C325ECA5E1C9CE33
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230628/r20190131/zrt_lookup.html
Frame ID: D26D1E6EDA92AED303AFCFB7DF976276
Requests: 1 HTTP requests in this frame

Frame: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 2DC731677747C475266CCC9631DFD286
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plaf=1%3A2%2C7%3A2&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795102&bpp=3&bdt=852&idt=220&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&nras=1&correlator=8628788198312&frm=24&ife=1&pv=2&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759837%2C44759875%2C31075645%2C44788441%2C44789818&oid=2&pvsid=2660720424135804&tmod=420154949&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.kt9gkv668kix&fsb=1&dtd=232
Frame ID: 7865E7814BF7AED42735B03772F98A64
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 722D852F6A01A4F936A9D911DA4B5CC8
Requests: 1 HTTP requests in this frame

Frame: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 204C0B06E6CB509D3EC5D2FE09C52593
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs
Frame ID: 950971EA6B978C1523299FFD8BCE0AF7
Requests: 15 HTTP requests in this frame

Frame: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 41804D3E63B614F2360E08437D91BC7D
Requests: 25 HTTP requests in this frame

Frame: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 10193F0D30BC1C622CBE12ADF7A1C686
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGL3zxe8BMAE&v=APEucNWvC9JehuKPsXxN895EsDsUug_Tb_PNMVX2ajL-f_1iQDHrmk8rN1gc0hfqmEUxq1B6mpSHtt86dLSvadiVv-uH8ldgJTG4avDefyUtq4_hqy4oScZqMjo6JMQCDjZwDlYF70-Azc78FEF1nhOKFpfX0EL-fbqCpgdaJCNfIn69WJFCYR4
Frame ID: F04ED7BD06066171CDFB2B5F4CFE03DA
Requests: 5 HTTP requests in this frame

Frame: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: F4E771F3A2AEBCDF8A84459238054FA5
Requests: 19 HTTP requests in this frame

Frame: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 723D0B5F2EB3200C50E4966CCC1EF2ED
Requests: 8 HTTP requests in this frame

Frame: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C33ACED41FEEA76A341C03E8B1A436A7
Requests: 25 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNUGfY4Y2pTbDUrfgaV79niTCKKA2rMztWyK_hQJqEClUonZJJuvFQvoLu4YRvWFndgnKWoTuu9uEWLNW9je13DHixQ2Vke8OI2Mbaf-56uWg7dD3MXCYSYQzmyKlNK_3xHP0F9gj_ZDz0Q9kQaUEwthYj13gU8Po3_lGH-OrjV0Rsc21xs
Frame ID: 56281391082B4659646A3D8A391910AC
Requests: 5 HTTP requests in this frame

Frame: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 1C1120A6EEA9D3D8128CCA8421A94A66
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPxZBCT7Z4BGOjvzewBMAE&v=APEucNVq2nHpQlgv7rvKvp4fHhNu8f0lYP6WnMpZXoG7OTJrsL5L4JmMD9ekEjQX7zxOgX4SK012OhA61I0nOc_kvp_pO6Dc-rrBB9pRgaQ0IyupXFdzTkxEI3waIceFUsg9_r34GJOZ9Oj78lvzn0HYpeBRsh50L9P8ptfGItUNEwvOjgfJf9E
Frame ID: 0850A214F4E0BE5541F48FE88B16DC71
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGL3zxe8BMAE&v=APEucNWo5S3TKEcFgB0e52pCGlO-Yurh3-gzcvR4Vstfc5zmj_nIvFbeAkvpM0Fc_gr6WOezcmPNmuxn6bMooyRmWaqHfLIhG_Ar4t-B7JkOcmSYK7oGM8bArXrtkG6xeC52DT5_6EEhX6J5xqwF0Whbv6EXoJM9k3c-WkS8RJBLvz1h1EAfQqg
Frame ID: 8E2A4E95C47F16CE028145E34CB2A09A
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795840&bpp=11&bdt=150&idt=193&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&nras=1&correlator=7615271090621&frm=8&ife=1&pv=2&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.zafs6fgov3b&fsb=1&dtd=207
Frame ID: 70C27293029BB1AD371B6763B9A1027F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-dzjwAEwAQ&v=APEucNVEGqE28e1SCdKagF7VFcGgxVRl0mO8qF7tPccyRPbjCA-FJ2-OeFEtmpjtSl72l_WN0da9cpQrZt5-yuvxhY60z2ZtgyIicIkv_V2IcW3Gquqfg3AkOwIN8Kg96pEA4UZi_DDC7RnbmN3l3vuIaYgfpPVmBMWWkgr5VelVTIy5qEz2mrg
Frame ID: 2A35078942E7B8E8BBA2B2EE6F77C554
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795852&bpp=2&bdt=162&idt=204&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7615271090621&frm=8&ife=1&pv=1&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.x6ye899klhof&fsb=1&dtd=210
Frame ID: 3D4A62F963FBCA14E7215002523E3DD7
Requests: 1 HTTP requests in this frame

Frame: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 3A1789C60AB1C291970592F90CD69EF3
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CeGSgbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoErwFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneHzCKEKffzcErttJB8InSBODeCK5WaMhfCm697Cu-pwosMH8nJU-gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6gAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY1OTM1MjMyMTAwMTAxNTQYAA&sigh=amXfQtTduHE&uach_m=[UACH]&cid=CAQSKQBygQiDQ0E_HgKOp2u_bl_ZuRi96v2x4zDrNavzw-XSOxD1hnmmuCdOGAE
Frame ID: 1F0A5C3B617C1D9E311630055A25F741
Requests: 8 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1grzkdwnbc4qnbr44mbea6jq8kvxv146qet84v69bnt8xvysw224176bzx9b17m9zjb2vd0ep5t2h8h4cvt5akg426r98zydhv6nkd1mzgw9jzxfnkbyya36p1cjjm7q748ypwq5x0qzzrc25vx5ds1z34hx93csac9qbp1nttrk81ezdr55jr7ymh0wg0zsktn3dx3bwzbr3p1g5znpceghvvqbp23966298pvy16fxww3sa6jr5ngcr7yp29ns507209gd9hnjzyx0wzwz13x69xnbzn0n22ac3sfcyxe6aagen8wngzvhfr888t4cpxmwft5nmpa26j76symnyvndca5qhmxaq1nvv4ja08ydh010bks48hvvbcj7h1rcq1pj2mp85s79r56rcbtgzysxcqzsajpp6t8h40f8xgkdvnrp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: FB96FCB1A34FEC385E516041959DC239
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D9FC439A5AC943954D6C2AA7880B28B8
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8F8ED2F1957156FE75F017F61A7E5986
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250
Frame ID: C54934CA9BB4ECF6E1A4E6E4EBF59F40
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1D7107EBB5D14A4E1B1E4010F200976F
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2659805833&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796227&bpp=3&bdt=253&idt=321&shv=r20230628&mjsv=m202306290101&ptt=9&saldr=aa&nras=1&correlator=5009419851692&frm=8&ife=1&pv=2&ga_vid=1109457596.1688658797&ga_sid=1688658797&ga_hid=373157153&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075758%2C31075780%2C44788441%2C44796477&oid=2&pvsid=3572277614357598&tmod=41027345&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.i97vbe93h7xf&fsb=1&dtd=336
Frame ID: E848C26AFF3566A1286D18A067ABE56F
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250
Frame ID: DDA7A24D9F78C43B66EB5BADF268C351
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3171367898&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796230&bpp=1&bdt=255&idt=373&shv=r20230628&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5009419851692&frm=8&ife=1&pv=1&ga_vid=1109457596.1688658797&ga_sid=1688658797&ga_hid=373157153&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075758%2C31075780%2C44788441%2C44796477&oid=2&pvsid=3572277614357598&tmod=41027345&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.jqvbfcw68pku&fsb=1&dtd=378
Frame ID: D553AE89B47785313D8C080457B7E29B
Requests: 8 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250
Frame ID: E672C99477DC4DD0AC7A3796EAE690F4
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250
Frame ID: F9B66322DB2CC2DCB5AC53B6DD22CF81
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2662790276&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796398&bpp=2&bdt=235&idt=284&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&nras=1&correlator=4936208904555&frm=8&ife=1&pv=2&ga_vid=425751634.1688658797&ga_sid=1688658797&ga_hid=1949911629&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759876%2C44759927%2C31075812%2C44788441%2C44796477&oid=2&pvsid=3255360019821991&tmod=455624242&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.frhsdltklgd0&fsb=1&dtd=297
Frame ID: D1B8C3275052109AA80218BC9482080C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A53435C2FC441AF1E04849EAE54CDE83
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BC25754D7CA946BF5827B19353B5DE9C
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3171325989&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796400&bpp=1&bdt=237&idt=331&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4936208904555&frm=8&ife=1&pv=1&ga_vid=425751634.1688658797&ga_sid=1688658797&ga_hid=1949911629&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759876%2C44759927%2C31075812%2C44788441%2C44796477&oid=2&pvsid=3255360019821991&tmod=455624242&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.po2q7pahivpw&fsb=1&dtd=335
Frame ID: 70CDAABA1D5C4676B076B2495A8FC419
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2C4D6BBECADCD050CAF0616777A86F53
Requests: 3 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 042CA09D02CAAA8519170191FC8919EA
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: F02E8E8781C36A6621ACF17AD109D431
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1j3tz8nvawghrrjrmqa5m5m7q88h7fhn7y86tszcd3cgbb2fzrdmh33sv23w38dtcf86k59wyj8a7m469a5pnb6yqz9zrzdk5z2s93w719gqx5h8jem1w2vf1qzrnch7fntckx1etn36qcfdncfxje9b5wn7z586f1728x71wxxyck3yqtp5dsky0d3p4zwcf766r2v07g9bqqqdaq4wjev8byq59mqqwdevaevn8fgf9nb31azdzssv93sgjrpngyvwrpthfyy14rt83h4np0f99a4agpb4xfdkdpt9dngheskamdhnqp786ky00k4g4jp7nr02fh5x3fvmg1rww2na3490tx2mzshz1fppxyyz9c96dj0231ybjeanhkq66fjyghhkww2gpkr0vnk4ehb9tnkgkecyzec5x2bp5ksxbbsr28&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: A0904084317CB69F5998CA7E3572BCB3
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4123FC648A11A455A8EC28C9F124E993
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 4526A7227E03430DF50C746AE9CDE8EC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js
Frame ID: 4F9A60087307A29D37AC2EF5F6D5BCFD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js
Frame ID: C1875CFFE15DF2FEECB8AFF077DCB6F9
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 975DE273824A5B0AD2B97AB10CB36214
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js
Frame ID: AA66E63F4FA07FFFD47A64E000ACD307
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FE00305EB0F098113D0F2717CE34FD15
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C01D5F3F241D74F19ADF6D82C983ADFB
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js
Frame ID: A428501AFBEC4C2C0D28B6BC8F2A7AF8
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=3e77392f383aed809b6b2caba5d05ef3%2F16291801696100112602&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797420&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krkhdwxfs8jneybn7hhbm7p13mtsbaadvsdstxtsen7k8rx3hegnfq0sa1bjstktak5v4py534r16yzsne8cwxcr8mbebfnjn3mma19y7n3zm5288cs9pn6042j6kpnadqrg38dtc48jpv9vm2t2rg496dkx8877x55tbjvcrg2t2nzpxw4vt13bppm1p7e3gz81fvffabxapxh3ysepymdwdbz7vpqq76md3etefj6ss5r6k4ysshh8q8ast833535gmvsga7a7act3g60%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: 1B542269B19FDE8D8563314D4C81F251
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 38986735C054B16C06277DEB71A2468F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 08CFFDBB02682C02B079F5894CE5CA79
Requests: 2 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: D4BF5B3B408D8AECD143D5BF708A6D00
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

421
Requests

93 %
HTTPS

39 %
IPv6

48
Domains

68
Subdomains

53
IPs

8
Countries

7796 kB
Transfer

15808 kB
Size

23
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 124

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1&C=1

Request Chain 128

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKbjbCcURQXzoM5TmRlrZgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1

Request Chain 129

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFQsqJUZVqRRVqYGz-62odU&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEFQsqJUZVqRRVqYGz-62odU%26google_cver%3D1

Request Chain 130

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcwNjg5OTQ4MTIyNTU1NjE4OA%3D%3D

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO5Y2eltiU9PTsssuhUp8N0&google_cver=1

Request Chain 169

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEM6kWBIUyLjpC63sWP8HECs&google_cver=1

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1&__user_check__=1&sync_id=387f7e53-1c15-11ee-8cca-1ee5b9e10406

Request Chain 172

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=38793f69-1c15-11ee-8bda-18a305860306 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Mzg3OTNmMGUtMWMxNS0xMWVlLThiZGEtMThhMzA1ODYwMzA2

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1&__user_check__=1&sync_id=387f77fc-1c15-11ee-ae7d-16821cb20206

Request Chain 175

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=38796348-1c15-11ee-8196-180e33a50506 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Mzg3OTNmMGUtMWMxNS0xMWVlLThiZGEtMThhMzA1ODYwMzA2

Request Chain 183

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1

Request Chain 184

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKbjbCcURQXzoM5TmRlrZgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1

Request Chain 185

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFQsqJUZVqRRVqYGz-62odU&google_cver=1

Request Chain 186

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcwNjg5OTQ4MTIyNTU1NjE4OA%3D%3D

Request Chain 261

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENRgVCoHL5VHrMVh2n7aazo&google_cver=1&google_push=AaAOQGGN6sd7mEaVYGXcyRV_yp425TSmYylpyOsU4_fWe2SOiR2EO5VOQTqB0RfZSOkJk7EC_zJQqLwr-dr4GN7BS1qXKGJ_c0L8WQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzUwMzQ1OTEyMTMzMzk2Njc5MA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENRgVCoHL5VHrMVh2n7aazo&google_cver=1

Request Chain 264

https://ads.travelaudience.com/google_pixel?google_gid=CAESEP-JfLJ2asJd4ylrQSlA5YU&google_cver=1&google_push=AaAOQGHvkFQy2n8CF60A8QshbHWY0OaZm20TtBNohQzyj6jegZl0uLVxr3ezm0ZrRbknK15DEp8rYcA1ol7ZQyXlgTAhiHiPjm8eKA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=AkqdFVJ8RKq9NaTmO6K6Dg2&google_push=AaAOQGHvkFQy2n8CF60A8QshbHWY0OaZm20TtBNohQzyj6jegZl0uLVxr3ezm0ZrRbknK15DEp8rYcA1ol7ZQyXlgTAhiHiPjm8eKA

Request Chain 265

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEEnHoO2Pdw8ledjC2RPPHgQ&google_cver=1&google_push=AaAOQGEsUd5pPybDKGW3NbSSL7gw9dgmx78N4ww7LW5rnwQfVJkbObKKwpeg4fKw5clVbpCjhnl2eJkJglo7QAZA0IG_0lNxHDYSZg HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEEnHoO2Pdw8ledjC2RPPHgQ&google_cver=1&google_push=AaAOQGEsUd5pPybDKGW3NbSSL7gw9dgmx78N4ww7LW5rnwQfVJkbObKKwpeg4fKw5clVbpCjhnl2eJkJglo7QAZA0IG_0lNxHDYSZg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEsUd5pPybDKGW3NbSSL7gw9dgmx78N4ww7LW5rnwQfVJkbObKKwpeg4fKw5clVbpCjhnl2eJkJglo7QAZA0IG_0lNxHDYSZg&google_hm=QmicW4KQQK6ka2PwSuIVLA==

Request Chain 266

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECgFkwID3T84OcYZIV_4ZfA&google_cver=1&google_push=AaAOQGGRM9pnaUW9ZiCsKqMPZZzZHgNcQgORYoN9_S9z8UrnDOn4cqvBsP-MG9ujlKbB7KMYIbumfJd_VUgDrXBzSGeQ4dAU2_soiQ HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECgFkwID3T84OcYZIV_4ZfA&google_cver=1&google_push=AaAOQGGRM9pnaUW9ZiCsKqMPZZzZHgNcQgORYoN9_S9z8UrnDOn4cqvBsP-MG9ujlKbB7KMYIbumfJd_VUgDrXBzSGeQ4dAU2_soiQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzc1MjMyNjg2MDEzMzcxMzc5Mg&google_push=AaAOQGGRM9pnaUW9ZiCsKqMPZZzZHgNcQgORYoN9_S9z8UrnDOn4cqvBsP-MG9ujlKbB7KMYIbumfJd_VUgDrXBzSGeQ4dAU2_soiQ

Request Chain 267

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJFQkCb3TZEn3CIqxUVd4UA&google_cver=1&google_push=AaAOQGGqennTtMvP9PgHJX9ojPdt-RhBFqLqk369pdVw0Azcok9JVheZ03d089kpie2gWHr1CtxUbc7g-Lnnqp8lX4GQ5zGsTx_Bx0o HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGGqennTtMvP9PgHJX9ojPdt-RhBFqLqk369pdVw0Azcok9JVheZ03d089kpie2gWHr1CtxUbc7g-Lnnqp8lX4GQ5zGsTx_Bx0o HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 302

https://fw.adsafeprotected.com/rfw/st/1534583/72389219/skeleton.js?adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fe226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fe226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:4bb07627-7473-b080-43dd-fcbc3405c939,c:hBrKFS,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6b6dfd5f7-r8rw2,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:218,mot:0,app:0,maw:0,fm:tJfidB7+111%7C112%7C113%7C114%7C115%7C1161%7C1162111%7C116212%7C117%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a1%7C11a2%7C11b1%7C11b2%7C11c*.1534583-72389219%7C11c1%7C11c2%7C11c3%7C11d1%7C11d2%7C11d3%7C11e1%7C11e2,idMap:11c*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:259,oid:3887f8bb-1c15-11ee-84be-fe4d0cb519ec,v:19.8.425,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 323

https://fw.adsafeprotected.com/rfw/st/1534583/72389219/skeleton.js?adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fe226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fe226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:921c1f00-4a3b-efa8-f11e-02ea53925ab1,c:hBrKHY,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-6b6dfd5f7-w2m7n,rg:ie,pt:1-5-15,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:369,mot:0,app:0,maw:0,fm:tJfidB9+111%7C112%7C113%7C114%7C115%7C1161%7C1162111%7C116212%7C117%7C118*.1534583-72389219%7C1181%7C11821%7C1183%7C1191%7C1192%7C1193%7C11a1%7C11a2%7C11b1%7C11b21%7C11b22%7C11c1%7C11c21%7C11c3%7C11c4%7C11d1%7C11d2%7C11d3%7C11e1%7C11e2,idMap:118*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:388,oid:38881fe8-1c15-11ee-9d3f-66fc4ca1a307,v:19.8.425,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 344

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM6vBoyaMbEPG7aXhytJZ9E&google_cver=1&google_push=AaAOQGETr8gRnsnBsteSzq9l36-vVqYdh3An2KmMP8lOHffZEX3k4pjva8Zn4u_p79fsT-FzEF6VO3sYv32SB9PdQDaKMLofb91A0md2 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM6vBoyaMbEPG7aXhytJZ9E&google_cver=1&google_push=AaAOQGETr8gRnsnBsteSzq9l36-vVqYdh3An2KmMP8lOHffZEX3k4pjva8Zn4u_p79fsT-FzEF6VO3sYv32SB9PdQDaKMLofb91A0md2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UWh1aEVGRTUxUWhyaWQ1&google_gid=CAESEM6vBoyaMbEPG7aXhytJZ9E&google_cver=1&google_push=AaAOQGETr8gRnsnBsteSzq9l36-vVqYdh3An2KmMP8lOHffZEX3k4pjva8Zn4u_p79fsT-FzEF6VO3sYv32SB9PdQDaKMLofb91A0md2

Request Chain 345

https://ads.travelaudience.com/google_pixel?google_gid=CAESEP-JfLJ2asJd4ylrQSlA5YU&google_cver=1&google_push=AaAOQGGdN7oQ9t5Lo_NGGs6gicZushV1YroEzYjnypfVibg_oOBxE_9OjsJKe8_2C5nhoAnJ5rF6CQiXqgSiDhqx1jliMR2ZgqTOly2j HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=AkqdFVJ8RKq9NaTmO6K6Dg2&google_push=AaAOQGGdN7oQ9t5Lo_NGGs6gicZushV1YroEzYjnypfVibg_oOBxE_9OjsJKe8_2C5nhoAnJ5rF6CQiXqgSiDhqx1jliMR2ZgqTOly2j

Request Chain 346

https://d5p.de17a.com/cookies/google?google_gid=CAESEIbTpo_iLz41OGfNOU5x8fg&google_cver=1&google_push=AaAOQGHtkGS1cwVLnIC4_Srvf-JbqfoW7f1Vul1Zb2QuScJ7rUm_zmZe6k85h9R2jEp0h4ChhK6P8HmlWHeD7ipef8XdqEpQX4QZ6Cc HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIbTpo_iLz41OGfNOU5x8fg&google_cver=1&google_push=AaAOQGHtkGS1cwVLnIC4_Srvf-JbqfoW7f1Vul1Zb2QuScJ7rUm_zmZe6k85h9R2jEp0h4ChhK6P8HmlWHeD7ipef8XdqEpQX4QZ6Cc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGHtkGS1cwVLnIC4_Srvf-JbqfoW7f1Vul1Zb2QuScJ7rUm_zmZe6k85h9R2jEp0h4ChhK6P8HmlWHeD7ipef8XdqEpQX4QZ6Cc

Request Chain 349

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDLGIV-P-92DobCCOzybWYY&google_cver=1&google_push=AaAOQGG0IJlCsG56-No4N_0h0cXZvmMIPmQ4mYSv_UpzvHz6cEUElAcLlfB76c-fNjbVevtHr6CtcCar6I-0srkDaX6UFCfx1vqbpL4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGG0IJlCsG56-No4N_0h0cXZvmMIPmQ4mYSv_UpzvHz6cEUElAcLlfB76c-fNjbVevtHr6CtcCar6I-0srkDaX6UFCfx1vqbpL4

Request Chain 396

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidJBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8oneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_412871_1688658797_397c4340-1c15-11ee-b199-223078f3fa88&insert=AW&&gdpr=0&gdpr_consent=

Request Chain 407

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117683V1226132702M%26subid%3DviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CL2_tJ64-v8CFabzEQgdduQIWQ;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117683V1226132702M%26subid%3DviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://www.telefonica-partner.de/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023070617531886585109777X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&cons=0&spid=2023070617531886585109777X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&partnerid=12218

421 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x6uf5z9e3262.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 422ms
108ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1324
Content-MD5: XPHdOVCmWyxrVVstkB9xGw==
Content-Type: text/html
Date: Thu, 06 Jul 2023 15:53:12 GMT
ETag: 0x8DB5ED08476F0C5
Last-Modified: Sat, 27 May 2023 16:36:27 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 63f6c3cc-a01e-0037-1121-b090a1000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 98ms
97ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: 63f6c430-a01e-0037-6521-b090a1000000
Date: Thu, 06 Jul 2023 15:53:12 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 297ms
100ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 06 Jul 2023 15:53:12 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 63f6c4d8-a01e-0037-7521-b090a1000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 196ms
98ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 06 Jul 2023 15:53:12 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 63f6c48a-a01e-0037-2f21-b090a1000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 296ms
149ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x6uf5z9e3262
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:11 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 260ms
144ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:11 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 2CFF 77 KB
78 KB 227ms
55ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 055cdd05e796f4d0f1646fc1d6deb08100e4039b711bf29f440db5f1c0699d34

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79261
content-type: text/html; charset=utf-8
date: Thu, 06 Jul 2023 15:53:13 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 2CFF 90 KB
91 KB 39ms
8ms Script
text/javascript 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 18:18:28 GMT
x-content-type-options: nosniff
age: 509686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92629
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 29 Jun 2024 18:18:28 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 2CFF 10 KB
2 KB 77ms
75ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Thu, 06 Jul 2023 15:53:13 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 2CFF 40 KB
12 KB 151ms
25ms Stylesheet
text/css 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 6849352
x-accel-date: 1681809442
x-77-nzt: AZySIYh1VgP/SINoAA
x-accel-expires: @1713345442
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: f6587a1d6be637f16ae3a6643f12bd17
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 2CFF 233 KB
82 KB 51ms
30ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6B70JBQEWN

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fc7a16817ef85c26945edbf2a928b94cf5ff5795f711b56c7a948145244a887a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83410
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 06 Jul 2023 15:53:14 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame 2CFF 23 KB
23 KB 46ms
45ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=_rFPfKl06UhtNq7q3VEXtsuURovHRF9RyIxU7UhcFe01UZbejYfBfpTeSjEw2JppKgjuYk9-9VRAAtzX0x0LHnEGtKwjbNDgbbTCuzAjqrg1&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Thu, 06 Jul 2023 15:53:13 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Thu, 04 Jul 2024 13:26:37 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 2CFF 542 B
897 B 27ms
26ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849404
x-accel-date: 1681809390
content-length: 542
x-77-nzt: AZySIYgzFGL/fINoAA
x-accel-expires: @1713345390
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: f6587a1d6be637f16ae3a664db8f9119
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 2CFF 2 KB
2 KB 44ms
19ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849352
x-accel-date: 1681809442
content-length: 1651
x-77-nzt: AZySIYiT+xL/SINoAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: f6587a1d6be637f16ae3a66425b0591b
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 visneli-irmik-tatlisi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame 2CFF 11 KB
12 KB 54ms
26ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/visneli-irmik-tatlisi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 54d132fb58287602c5cd91cb07939980debaf99f46395ac5bf5992aab2c6b8d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 62501
x-accel-date: 1688596293
content-length: 11738
x-77-nzt: AZySIYj+CWb/JfQAAA
x-accel-expires: @1720132293
last-modified: Wed, 05 Jul 2023 22:03:58 GMT
server: CDN77-Turbo
etag: "64a5e8ce-2dda"
x-77-nzt-ray: f6587a1d6be637f16ae3a6645811aa1b
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-taze-fasulye-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame 2CFF 13 KB
14 KB 61ms
34ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/lokanta-usulu-taze-fasulye-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dc63503c3f3c59f9996f4ceee5ed9bfeff55f0714094188f7a9174e6a15a2a47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 149768
x-accel-date: 1688509026
content-length: 13770
x-77-nzt: AZySIYjLaUD/CEkCAA
x-accel-expires: @1720045026
last-modified: Tue, 04 Jul 2023 21:39:20 GMT
server: CDN77-Turbo
etag: "64a49188-35ca"
x-77-nzt-ray: f6587a1d6be637f16ae3a66417f3af1b
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-taze-fasulye-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame 2CFF 14 KB
15 KB 71ms
44ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/firinda-taze-fasulye-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2180f29f86c7567e451861d1c1db1df4e665191dbc790c421a2b168138336f3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 231615
x-accel-date: 1688427179
content-length: 14484
x-77-nzt: AZySIYjI6pX/v4gDAA
x-accel-expires: @1719963179
last-modified: Mon, 03 Jul 2023 23:14:30 GMT
server: CDN77-Turbo
etag: "64a35656-3894"
x-77-nzt-ray: f6587a1d6be637f16ae3a6648fc6b41b
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 visneli-dondurma-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame 2CFF 13 KB
14 KB 78ms
51ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/visneli-dondurma-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e7d8342248029f1df308d3f2cb02a6a7a87714307aca80532eb853c198cc92f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 321321
x-accel-date: 1688337473
content-length: 13657
x-77-nzt: AZySIYghySv/KecEAA
x-accel-expires: @1719873473
last-modified: Sun, 02 Jul 2023 22:22:54 GMT
server: CDN77-Turbo
etag: "64a1f8be-3559"
x-77-nzt-ray: f6587a1d6be637f16ae3a664a6a4b81b
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kremali-mantarli-tavuk-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/09/ Frame 2CFF 16 KB
16 KB 77ms
52ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/09/kremali-mantarli-tavuk-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 987661af2505d84576a6058c6afa89ebbfa78c0c6de5ab5a48fe3a8bead6cdf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6846111
x-accel-date: 1681812683
content-length: 15999
x-77-nzt: AZySIYgV0RL/n3ZoAA
x-accel-expires: @1713348683
last-modified: Sun, 19 Sep 2021 21:21:28 GMT
server: CDN77-Turbo
etag: "6147a9d8-3e7f"
x-77-nzt-ray: f6587a1d6be637f16ae3a6641f7fbc1b
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 fellah-koftesi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ Frame 2CFF 15 KB
15 KB 77ms
53ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/03/fellah-koftesi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 274d7c618c1972083333f7020a9768ca0d10519473f54110f184e09d269bdb47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6848908
x-accel-date: 1681809886
content-length: 15478
x-77-nzt: AZySIYjyLPH/jIFoAA
x-accel-expires: @1713345886
last-modified: Wed, 01 May 2019 22:56:32 GMT
server: CDN77-Turbo
etag: "5cca2420-3c76"
x-77-nzt-ray: f6587a1d6be637f16ae3a664f1d5be1b
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 guvecte-soslu-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame 2CFF 12 KB
12 KB 77ms
53ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/guvecte-soslu-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: fb9ac4b913ac47cf0a369f46cbd8c62a93eacaf589a5d9ed521089825007ad11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849153
x-accel-date: 1681809641
content-length: 12396
x-77-nzt: AZySIYgjZ1b/gYJoAA
x-accel-expires: @1713345641
last-modified: Thu, 30 Apr 2020 00:50:55 GMT
server: CDN77-Turbo
etag: "5eaa20ef-306c"
x-77-nzt-ray: f6587a1d6be637f16ae3a6645981c01b
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kiymali-patatesli-karnabahar-yemegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/11/ Frame 2CFF 12 KB
12 KB 77ms
53ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/11/kiymali-patatesli-karnabahar-yemegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a1e6952582dbccbab77a8f077c2b160bd137db15e10b07f6713bddb98178d6ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 879634
x-accel-date: 1687779160
content-length: 12156
x-77-nzt: AZySIYhWnT7/EmwNAA
x-accel-expires: @1719315160
last-modified: Wed, 01 May 2019 23:07:55 GMT
server: CDN77-Turbo
etag: "5cca26cb-2f7c"
x-77-nzt-ray: f6587a1d6be637f16ae3a6647820c21b
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 baklavalik-yufkadan-fistikli-katmer-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ Frame 2CFF 15 KB
15 KB 76ms
53ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/04/baklavalik-yufkadan-fistikli-katmer-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 845eb9ea29b7a5637e5caa0a807e46db1ad49dd0bfd4dd1145a6ea3e6895555f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849185
x-accel-date: 1681809609
content-length: 15175
x-77-nzt: AZySIYiBrn//oYJoAA
x-accel-expires: @1713345609
last-modified: Wed, 01 May 2019 22:41:25 GMT
server: CDN77-Turbo
etag: "5cca2095-3b47"
x-77-nzt-ray: f6587a1d6be637f16ae3a66428b0c31b
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mamzana-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame 2CFF 14 KB
14 KB 89ms
66ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/mamzana-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8d217a0ba13b4d33c2d1ba046f7be4a494140cf3ffe9ead9d56a6c009d3aca69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6847813
x-accel-date: 1681810981
content-length: 14387
x-77-nzt: AZySIYio0GT/RX1oAA
x-accel-expires: @1713346981
last-modified: Tue, 22 Dec 2020 22:40:01 GMT
server: CDN77-Turbo
etag: "5fe275c1-3833"
x-77-nzt-ray: f6587a1d6be637f16ae3a664c7c1a31c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hatay-eksileme-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/11/ Frame 2CFF 13 KB
13 KB 88ms
66ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/11/hatay-eksileme-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bafb6f1a7966556d8f77b6e8f2015033d8d39883c55b46db687ed299f6d57a80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6847520
x-accel-date: 1681811274
content-length: 12908
x-77-nzt: AZySIYhs1jv/IHxoAA
x-accel-expires: @1713347274
last-modified: Sun, 15 Nov 2020 00:07:53 GMT
server: CDN77-Turbo
etag: "5fb07159-326c"
x-77-nzt-ray: f6587a1d6be637f16ae3a664e3dfa61c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 valide-sultan-corbasi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/04/ Frame 2CFF 11 KB
12 KB 88ms
66ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/04/valide-sultan-corbasi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 81edaeb1fa8ee92d6ff74b25c17ee3c4281188958a1e5506ccb8fca25469a639

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6848857
x-accel-date: 1681809937
content-length: 11543
x-77-nzt: AZySIYjKBov/WYFoAA
x-accel-expires: @1713345937
last-modified: Wed, 01 May 2019 23:15:03 GMT
server: CDN77-Turbo
etag: "5cca2877-2d17"
x-77-nzt-ray: f6587a1d6be637f16ae3a6649bafa81c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantarli-et-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/08/ Frame 2CFF 14 KB
14 KB 88ms
66ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/08/mantarli-et-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 17161789662498342bcddeec410c1700c09eddcbace6cef97762e1b657553c75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849153
x-accel-date: 1681809641
content-length: 13860
x-77-nzt: AZySIYhCl6j/gYJoAA
x-accel-expires: @1713345641
last-modified: Wed, 01 May 2019 22:27:51 GMT
server: CDN77-Turbo
etag: "5cca1d67-3624"
x-77-nzt-ray: f6587a1d6be637f16ae3a6642f63aa1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-patlican-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/05/ Frame 2CFF 15 KB
15 KB 88ms
66ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/05/firinda-patlican-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: fe665a455aceb9598500cae8ccd808cbffe5a3525c32cdc7bcbaa0e83a58ac0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6848594
x-accel-date: 1681810200
content-length: 15015
x-77-nzt: AZySIYgZEMP/UoBoAA
x-accel-expires: @1713346200
last-modified: Wed, 01 May 2019 22:25:01 GMT
server: CDN77-Turbo
etag: "5cca1cbd-3aa7"
x-77-nzt-ray: f6587a1d6be637f16ae3a664e56bac1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 eli-bogrunde-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 2CFF 17 KB
17 KB 88ms
66ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/eli-bogrunde-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2eac5014c6a4d3caaf4a4ad525637c9033c42a9263bdf85df1649f768f84f0b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849329
x-accel-date: 1681809465
content-length: 16989
x-77-nzt: AZySIYgsBdr/MYNoAA
x-accel-expires: @1713345465
last-modified: Sun, 10 Apr 2022 23:03:17 GMT
server: CDN77-Turbo
etag: "62536235-425d"
x-77-nzt-ray: f6587a1d6be637f16ae3a664900dae1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yufkadan-findik-lahmacun-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/01/ Frame 2CFF 16 KB
17 KB 87ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/01/yufkadan-findik-lahmacun-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d82c4906e4b728e92a7fcec80c1f8bcb5b16502d30a9de09a361dc503a70145a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849243
x-accel-date: 1681809551
content-length: 16684
x-77-nzt: AZySIYg6sEL/24JoAA
x-accel-expires: @1713345551
last-modified: Wed, 01 May 2019 22:52:17 GMT
server: CDN77-Turbo
etag: "5cca2321-412c"
x-77-nzt-ray: f6587a1d6be637f16ae3a6646f7fb01c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-kereviz-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/10/ Frame 2CFF 12 KB
12 KB 87ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/10/tavuklu-kereviz-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4c6847d6c187314e234ace1a963c78c659d2429c0790444c674b5d72180822bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 248661
x-accel-date: 1688410133
content-length: 12025
x-77-nzt: AZySIYhxxKP/VcsDAA
x-accel-expires: @1719946133
last-modified: Wed, 09 Oct 2019 22:00:21 GMT
server: CDN77-Turbo
etag: "5d9e5875-2ef9"
x-77-nzt-ray: f6587a1d6be637f16ae3a6641dacb21c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-pirzola-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/06/ Frame 2CFF 12 KB
13 KB 86ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/06/firinda-tavuk-pirzola-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 09d46eb1397a55833670832dcac4edf7f7e1d2b170b3eb7c11557cadcfe0a784

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6847765
x-accel-date: 1681811029
content-length: 12609
x-77-nzt: AZySIYikEH7/FX1oAA
x-accel-expires: @1713347029
last-modified: Wed, 01 May 2019 23:19:17 GMT
server: CDN77-Turbo
etag: "5cca2975-3141"
x-77-nzt-ray: f6587a1d6be637f16ae3a66476f6ba1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pilic-topkapi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame 2CFF 15 KB
15 KB 86ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/pilic-topkapi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7c61fa1cf06e1231a6cbcbd22e6fd065c2934749e2e2af038318feaa79f54c93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849361
x-accel-date: 1681809433
content-length: 15292
x-77-nzt: AZySIYj3HpH/UYNoAA
x-accel-expires: @1713345433
last-modified: Mon, 26 Apr 2021 22:52:38 GMT
server: CDN77-Turbo
etag: "60874436-3bbc"
x-77-nzt-ray: f6587a1d6be637f16ae3a6645f32bd1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 2CFF 15 KB
16 KB 86ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3003238
x-accel-date: 1685655556
content-length: 15552
x-77-nzt: AZySIYj2hf//ZtMtAA
x-accel-expires: @1717191556
last-modified: Thu, 01 Jun 2023 21:24:53 GMT
server: CDN77-Turbo
etag: "64790ca5-3cc0"
x-77-nzt-ray: f6587a1d6be637f16ae3a6642507bf1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lahana-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame 2CFF 14 KB
15 KB 85ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/lahana-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b927930fac90644d24523c173be181b6ecf87293484531a003184e2cfa4a38d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6848812
x-accel-date: 1681809982
content-length: 14792
x-77-nzt: AZySIYjgTLfvLIFoAA
x-accel-expires: @1713345982
last-modified: Wed, 28 Oct 2020 23:06:52 GMT
server: CDN77-Turbo
etag: "5f99f98c-39c8"
x-77-nzt-ray: f6587a1d6be637f16ae3a664a432c11c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-firin-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 2CFF 16 KB
16 KB 85ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/sebzeli-firin-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9b0cb6e6dea44f630d8b2ff60353714c253e2756a4a792d58326ea10df0f9780

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6847823
x-accel-date: 1681810971
content-length: 16376
x-77-nzt: AZySIYgB/G//T31oAA
x-accel-expires: @1713346971
last-modified: Tue, 05 May 2020 23:50:47 GMT
server: CDN77-Turbo
etag: "5eb1fbd7-3ff8"
x-77-nzt-ray: f6587a1d6be637f16ae3a664b83cc41c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebze-koftesi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/01/ Frame 2CFF 16 KB
16 KB 85ms
68ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/01/sebze-koftesi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 79cc0de9025efbefae5ae3b4c382540ab104ad1521c1ea00bc559942dd0895e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6847378
x-accel-date: 1681811416
content-length: 16263
x-77-nzt: AZySIYgvErH/kntoAA
x-accel-expires: @1713347416
last-modified: Mon, 20 Jan 2020 22:42:45 GMT
server: CDN77-Turbo
etag: "5e262ce5-3f87"
x-77-nzt-ray: f6587a1d6be637f16ae3a6648324ca1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 portakalli-karnabahar-yemegi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/11/ Frame 2CFF 11 KB
12 KB 84ms
68ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/11/portakalli-karnabahar-yemegi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1792ee00a46c1eb10a64eeb031fa16aebbe0ff146875b607c05e20c637d79a0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 584476
x-accel-date: 1688074318
content-length: 11558
x-77-nzt: AZySIYjx//7/HOsIAA
x-accel-expires: @1719610318
last-modified: Sat, 16 Nov 2019 20:36:23 GMT
server: CDN77-Turbo
etag: "5dd05dc7-2d26"
x-77-nzt-ray: f6587a1d6be637f16ae3a664e5a3d21c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanakli-mantar-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 2CFF 12 KB
13 KB 84ms
68ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ispanakli-mantar-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2ac4a807a56b44b12aff4d0c1fa110cc6d83394fca1c3a15f8085b6d9c13072f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 2474734
x-accel-date: 1686184060
content-length: 12539
x-77-nzt: AZySIYhBguP/7sIlAA
x-accel-expires: @1717720060
last-modified: Tue, 06 Jun 2023 15:13:53 GMT
server: CDN77-Turbo
etag: "647f4d31-30fb"
x-77-nzt-ray: f6587a1d6be637f16ae3a6647bc6d41c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kozlenmis-patlican-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame 2CFF 13 KB
14 KB 84ms
68ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/kozlenmis-patlican-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 79df219caad67d0532cafcf090c583e3c7043ca3cf472700f881d68f255d94b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6848813
x-accel-date: 1681809981
content-length: 13601
x-77-nzt: AZySIYjSEJT/LYFoAA
x-accel-expires: @1713345981
last-modified: Sun, 09 Apr 2023 23:35:25 GMT
server: CDN77-Turbo
etag: "64334bbd-3521"
x-77-nzt-ray: f6587a1d6be637f16ae3a664fb8dd61c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kavrulmus-mercimek-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/07/ Frame 2CFF 10 KB
11 KB 84ms
68ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/07/kavrulmus-mercimek-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1a60f2cf6a7b21dbe8e153be265e9ea10c2d4b5faa4fe3d420d3ce28db6d7da5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6848812
x-accel-date: 1681809982
content-length: 10565
x-77-nzt: AZySIYgXwFT/LIFoAA
x-accel-expires: @1713345982
last-modified: Sat, 10 Jul 2021 22:31:34 GMT
server: CDN77-Turbo
etag: "60ea1fc6-2945"
x-77-nzt-ray: f6587a1d6be637f16ae3a664d94ed81c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pirincli-yogurt-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/06/ Frame 2CFF 12 KB
13 KB 83ms
68ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/06/pirincli-yogurt-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7e10c75356ec658e2f2fb4a409b04977fca9251f009aa4518d20c96ee4cf3440

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849326
x-accel-date: 1681809468
content-length: 12704
x-77-nzt: AZySIYje7QP/LoNoAA
x-accel-expires: @1713345468
last-modified: Tue, 21 Jun 2022 22:02:57 GMT
server: CDN77-Turbo
etag: "62b24011-31a0"
x-77-nzt-ray: f6587a1d6be637f16ae3a6643711da1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kek-kalibinda-islak-kek-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/03/ Frame 2CFF 12 KB
13 KB 80ms
69ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/03/kek-kalibinda-islak-kek-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4f5215cc619fb40281bfcdb56a9e0209b7b194b1c14382b053c020eff0a6a2b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 272754
x-accel-date: 1688386040
content-length: 12510
x-77-nzt: AZySIYit02f/cikEAA
x-accel-expires: @1719922040
last-modified: Wed, 01 May 2019 23:13:55 GMT
server: CDN77-Turbo
etag: "5cca2833-30de"
x-77-nzt-ray: f6587a1d6be637f16ae3a66463bddb1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tepside-elmali-kurabiye-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/11/ Frame 2CFF 12 KB
12 KB 80ms
69ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/11/tepside-elmali-kurabiye-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: afd7c7e6a78cab36a6fc20c9ff4f350e690399ffe2d65bce98e49a346346187c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6847499
x-accel-date: 1681811295
content-length: 11901
x-77-nzt: AZySIYjaO1fvC3xoAA
x-accel-expires: @1713347295
last-modified: Wed, 01 May 2019 23:40:58 GMT
server: CDN77-Turbo
etag: "5cca2e8a-2e7d"
x-77-nzt-ray: f6587a1d6be637f16ae3a6640d37dd1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bardakta-parfe-tatlisi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/06/ Frame 2CFF 10 KB
10 KB 80ms
69ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/06/bardakta-parfe-tatlisi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7f4601ae25dd1cdd382d2977d98833cf5ca4e395392f97b0b244d3bdc761c486

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 351351
x-accel-date: 1688307443
content-length: 10339
x-77-nzt: AZySIYgg/jv/d1wFAA
x-accel-expires: @1719843443
last-modified: Fri, 28 Jun 2019 21:34:34 GMT
server: CDN77-Turbo
etag: "5d1687ea-2863"
x-77-nzt-ray: f6587a1d6be637f16ae3a6646001df1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 helvaci-ali-irmik-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame 2CFF 12 KB
12 KB 80ms
69ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/helvaci-ali-irmik-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0f7226a27d44ba3b13a34640b036b2d2666f057b039861b781576c4bf8308642

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6848812
x-accel-date: 1681809982
content-length: 12238
x-77-nzt: AZySIYggor3/LIFoAA
x-accel-expires: @1713345982
last-modified: Wed, 15 Dec 2021 12:29:16 GMT
server: CDN77-Turbo
etag: "61b9df9c-2fce"
x-77-nzt-ray: f6587a1d6be637f16ae3a6648bdfed1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pirasali-yumurta-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame 2CFF 15 KB
16 KB 79ms
69ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/pirasali-yumurta-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a09a0a0b27c17ceedfae9a0c2db6819018ce22c4630ae3b4f8b0a75bbb0a86ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6848255
x-accel-date: 1681810539
content-length: 15820
x-77-nzt: AZySIYjUOTrv/35oAA
x-accel-expires: @1713346539
last-modified: Thu, 10 Dec 2020 23:23:37 GMT
server: CDN77-Turbo
etag: "5fd2adf9-3dcc"
x-77-nzt-ray: f6587a1d6be637f16ae3a66470efef1c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tahinli-pide-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame 2CFF 14 KB
14 KB 79ms
70ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/tahinli-pide-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3f0d21ed99dd514e23c62900e74f9178645ff8e7df24471e1780d022fdf88af5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6846777
x-accel-date: 1681812017
content-length: 14237
x-77-nzt: AZySIYigty7/OXloAA
x-accel-expires: @1713348017
last-modified: Tue, 13 Oct 2020 22:29:51 GMT
server: CDN77-Turbo
etag: "5f862a5f-379d"
x-77-nzt-ray: f6587a1d6be637f16ae3a6644ba0f51c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sariyer-pogacasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/07/ Frame 2CFF 12 KB
12 KB 78ms
70ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/07/sariyer-pogacasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 49780adbf742b87fcbdbcd63f63e781fed3bdae35ccdd991da86bf4ac190e009

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6847778
x-accel-date: 1681811016
content-length: 12228
x-77-nzt: AZySIYj9CiH/In1oAA
x-accel-expires: @1713347016
last-modified: Wed, 01 May 2019 23:20:18 GMT
server: CDN77-Turbo
etag: "5cca29b2-2fc4"
x-77-nzt-ray: f6587a1d6be637f16ae3a664b194f71c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sahine-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame 2CFF 16 KB
17 KB 78ms
70ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/sahine-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d98024e61787e1bdd709f051b35af56fad581b55527b74b00717435db4489828

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849374
x-accel-date: 1681809420
content-length: 16575
x-77-nzt: AZySIYgCZsT/XoNoAA
x-accel-expires: @1713345420
last-modified: Fri, 25 Feb 2022 21:40:05 GMT
server: CDN77-Turbo
etag: "62194cb5-40bf"
x-77-nzt-ray: f6587a1d6be637f16ae3a66465d9f91c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 2CFF 5 KB
6 KB 79ms
25ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:14 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1688658794.cds218.lo4.hn,1688658794.cds041.lo4.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 2CFF 56 B
363 B 607ms
17ms Script
text/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 06 Jul 2023 15:53:15 GMT
server: Oracle API Gateway
opc-request-id: /CB3CD75F95DD965B6A074F085B68ED1E/38ACC36E71FAFE03A66F09F5462967EC
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 2CFF 465 B
585 B 79ms
25ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:14 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1688658794.cds218.lo4.hn,1688658794.cds281.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 2CFF 75 KB
26 KB 444ms
49ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:14 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 2CFF 3 KB
2 KB 28ms
7ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4131404c3a3c522fd358bd21a8aa2ff219da76aa6b04c5b315a4921bc7d19d00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 06 Jul 2023 15:53:14 GMT
content-md5: fdUZlr5JoriKETS4nnMjpw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-debug: jSNMn68qLxYiQ/kXqFo6SC23cqJynrZyYF6fZD3hxLYD4sjzb/lDnZuB4qGLcTuXlhaFEuioniRzzHUGUho+Bw==
x-fb-content-md5: 02f09d034c25a617d08bd7dca66bbd7c
cross-origin-opener-policy: same-origin-allow-popups
etag: "059fdeebf2b11ff55449ad88965bdfd5"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 06 Jul 2023 16:02:26 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 2CFF 21 KB
21 KB 77ms
70ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 06 Jul 2023 15:53:14 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6849352
x-accel-date: 1681809442
content-length: 21525
x-77-nzt: AZySIYjXF2r/SINoAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: f6587a1d6be637f16ae3a6642f49fc1c
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 2CFF 307 KB
87 KB 20ms
12ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=7f04e2f9aeac77d72b56a7621f5af6fe

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a76745c954cf14052dbe9972f67b24f3cc3b994cf6b73e9c2695b8d22682ea90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 06 Jul 2023 15:53:14 GMT
content-md5: 3ci28wIUxBvK7XV5ElemQA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88849
x-fb-debug: +vHjmWe0YbxBZDzdFpJKIoQxgnwWXiDgVIuqrGjUnjKDabdRljSdUW2rShsvOkTB49bL1yAKxylBpefANajI6Q==
x-fb-content-md5: 21fc64fff77f1dd6135ca32e4a1f6b04
cross-origin-opener-policy: same-origin-allow-popups
etag: "3c71207c9c3ea6ff54d4a0381ea640bd"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 05 Jul 2024 11:00:02 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 2CFF 76 KB
26 KB 93ms
66ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6716a69ba6c145efe0304eff8b3043e6fb6c00f3997ba62439bceaa8a3f7a411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26088
x-xss-protection: 0
server: cafe
etag: 435 / 19544 / m202306280101 / config-hash: 12271679515500602931
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 2CFF 120 B
307 B 49ms
48ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:14 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame BFCB 891 B
1 KB 48ms
47ms Document
text/html 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Thu, 06 Jul 2023 15:53:14 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2CFF 140 KB
48 KB 91ms
54ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3d1c33e353963271fe4c7c9a8a777c6f248cb3c098bd566766c5b6de3bfad22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48954
x-xss-protection: 0
server: cafe
etag: 1485886239426294126
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 2CFF 489 KB
182 KB 52ms
50ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:14 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 2CFF 236 KB
58 KB 78ms
17ms Script
application/javascript 13.224.89.83

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.89.83 , United States, ASN (),
Reverse DNS: server-13-224-89-83.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:35:27 GMT
content-encoding: gzip
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront), 1.1 03b8fedec120c9a0833a57a86eae03ae.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, ZRH50-C1
age: 1069
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: ZNcZQPfmy44lNA1SBe9yLXX2-93YDoMLXoyzdU3NwOug8V7I845kog==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 2CFF 36 KB
7 KB 279ms
89ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1688658794973&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.12463113962525729
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: de3e960c740726916d344e9ac9d6bcc354ba3a160c141ecb3de2a5dbe96a5e6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 2CFF 12 KB
2 KB 89ms
88ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19544
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:14 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 2CFF 50 KB
5 KB 243ms
63ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=469071
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: fba73c5ecc7a5b5e9153aab5f9ff8c2edd7b12176dd446dbc0cd1eb34f76092f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/ Frame 2CFF 392 KB
125 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ab758e32437cf86d59e683d808940365c56bf6893f391a96d19e731b21bf154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:24:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8919
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127514
x-xss-protection: 0
server: cafe
etag: 13498126467117012333
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 05 Jul 2024 13:24:36 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 2CFF 0
306 B 15ms
14ms XHR
text/plain 13.224.89.83

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.89.83 , United States, ASN (),
Reverse DNS: server-13-224-89-83.zrh50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:28:53 GMT
via: 1.1 03b8fedec120c9a0833a57a86eae03ae.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: ZRH50-C1
age: 19462
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: mYcJETXHLKDJrNN26UHIOB2kO05OmP3J0uep6G2gv597DqDD1TIqoA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 2CFF 6 KB
3 KB 42ms
14ms XHR
application/javascript 13.224.89.83

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.89.83 , United States, ASN (),
Reverse DNS: server-13-224-89-83.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 d92debab8d9ca0518390aebaec8733a6.cloudfront.net (CloudFront)
date: Thu, 06 Jul 2023 05:29:27 GMT
x-amz-cf-pop: ZRH50-C1
age: 37429
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: YEEwfxhIA68j3ygaXxdA_bJtJtBvTp962da5NH7yME8XJw0TTDKqbA==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306280101/ Frame 2CFF 344 KB
118 KB 87ms
73ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0de649ad4e9484db0bad1efa8d7a27492c7e08b2ff530e88e2643828228d411a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121030
x-xss-protection: 0
server: cafe
etag: 9215478023983521509
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230628/r20190131/ Frame D26D 10 KB
5 KB 26ms
6ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230628/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 35047
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 06:09:08 GMT
etag: 12368291122986407432
expires: Thu, 20 Jul 2023 06:09:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 2CFF 10 KB
3 KB 47ms
46ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 2CFF 23 B
461 B 174ms
110ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=do3AVibE82o24&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: SFH0RD6FPTD9FFJH70T0
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 8eX7CzlFYOIgtZCU71CQYUUBCGmwgYdlf5MXW4kCifG-ijzkOsweng==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 2CFF 11 KB
5 KB 46ms
46ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=469071
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 2CFF 17 KB
5 KB 28ms
7ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19544
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:05:35 GMT
content-encoding: gzip
age: 2860
x-guploader-uploadid: ADPycduEEvePto5c_zkyY4RDtsO94YsQ3BDWBUMYtG_iaKK4Rf0oJaIp8EDvllpRISTWWFTQAYAMdhJuy1lx6bVfvYViV1PuRvQs
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 2CFF 0
210 B 47ms
46ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688658795265&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.7527941698074001
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 06 Jul 2023 15:53:15 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2CFF 107 B
457 B 40ms
19ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2CFF 28 KB
12 KB 734ms
734ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2660720424135804&correlator=1454262260022978&eid=31072020%2C31074948%2C31075409%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=2&adks=2912144807&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688658794973%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3a9adabaee084c52a7f6a15b71f6df66&sc=1&cdm=ye-mek.net&abxe=1&dt=1688658795296&lmt=1688658795&dlt=1688658794251&idt=898&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=u8eklhmxstt4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d976a6e8b8eb97f60affccad54e6f39a7db1eedfc4e8a3cad2bde80637b94c58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11818
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425927494
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2DC7 6 KB
3 KB 69ms
15ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Fri, 05 Jul 2024 15:53:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2CFF 28 KB
12 KB 316ms
316ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2660720424135804&correlator=1454262260022978&eid=31072020%2C31074948%2C31075409%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=3&adks=1502660170&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688658794973%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3a9adabaee084c52a7f6a15b71f6df66&sc=1&cdm=ye-mek.net&abxe=1&dt=1688658795307&lmt=1688658795&dlt=1688658794251&idt=898&adxs=349&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=kaeob249c4f5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d38824ade153944f94fb1040acaa7fb7e997f765e459dcd86cee55e174f69b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11814
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583945
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2CFF 28 KB
12 KB 515ms
515ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2660720424135804&correlator=1454262260022978&eid=31072020%2C31074948%2C31075409%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=4&adks=4216338523&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688658794973%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3a9adabaee084c52a7f6a15b71f6df66&sc=1&cdm=ye-mek.net&abxe=1&dt=1688658795310&lmt=1688658795&dlt=1688658794251&idt=898&adxs=985&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=d9vfd09ds9pp&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7dd5dfe52b7c79ecca9a59cdc14fbbed57e18abbc4cc69a2ed9564e8888ce5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11821
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583966
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2CFF 61 KB
13 KB 347ms
347ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2660720424135804&correlator=4337834525530538&eid=31072020%2C31074948%2C31075409%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=5&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688658794973%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3a9adabaee084c52a7f6a15b71f6df66&sc=1&cdm=ye-mek.net&abxe=1&dt=1688658795313&lmt=1688658795&dlt=1688658794251&idt=898&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=dpo089bd5tfm&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7fbf63c63a233c218d1071fbbe249a2205290bd75c8278b68ce2e384c69b5f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13685
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7865 603 B
219 B 293ms
292ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plaf=1%3A2%2C7%3A2&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795102&bpp=3&bdt=852&idt=220&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&nras=1&correlator=8628788198312&frm=24&ife=1&pv=2&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759837%2C44759875%2C31075645%2C44788441%2C44789818&oid=2&pvsid=2660720424135804&tmod=420154949&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.kt9gkv668kix&fsb=1&dtd=232

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 2CFF 7 KB
3 KB 221ms
52ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19544
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Thu, 13 Jul 2023 15:53:15 GMT

GET
H2 200 zoneview
ng.virgul.com/ Frame 2CFF 0
210 B 48ms
48ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688658795345&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.5751629465228034
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 06 Jul 2023 15:53:15 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame 722D 13 B
258 B 55ms
20ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Thu, 06 Jul 2023 15:53:15 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2CFF 107 B
166 B 18ms
16ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2CFF 22 KB
10 KB 296ms
296ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2660720424135804&correlator=2431104894074515&eid=31072020%2C31074948%2C31075409%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=6&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688658794973%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3a9adabaee084c52a7f6a15b71f6df66&sc=1&cdm=ye-mek.net&abxe=1&dt=1688658795515&lmt=1688658795&dlt=1688658794251&idt=898&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=q6yco9kct8c2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

587eb87a9528a3580cb62d9bbae5f70100df0f2843e52d501fe6a4819d64ccd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9983
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2CFF 21 KB
10 KB 331ms
330ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2660720424135804&correlator=2862168402442841&eid=31072020%2C31074948%2C31075409%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688658794973%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3a9adabaee084c52a7f6a15b71f6df66&sc=1&cdm=ye-mek.net&abxe=1&dt=1688658795520&lmt=1688658795&dlt=1688658794251&idt=898&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=egr18x55kp27&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6ffa99b57a3f1b90eeefcad6b8d5bf8535d948357820c6c1dc41e0b31ab22633

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9875
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2CFF 22 KB
10 KB 378ms
378ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2660720424135804&correlator=3695754922355993&eid=31072020%2C31074948%2C31075409%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=8&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688658794973%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3a9adabaee084c52a7f6a15b71f6df66&sc=1&cdm=ye-mek.net&abxe=1&dt=1688658795524&lmt=1688658795&dlt=1688658794251&idt=898&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=xysm3ygj5bqa&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09a55a6be3be55d714020d08fe7b34f60619f93649c7dbbdaebf2340eb7505cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9929
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2CFF 21 KB
10 KB 292ms
292ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2660720424135804&correlator=3753140876616606&eid=31072020%2C31074948%2C31075409%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=9&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688658794973%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3a9adabaee084c52a7f6a15b71f6df66&sc=1&cdm=ye-mek.net&abxe=1&dt=1688658795527&lmt=1688658795&dlt=1688658794251&idt=898&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=qzdqty4qfc7z&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1d150f2c50d5eaf7b24fde4c1e93918f23edda182d31cbe43461635389fccf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9862
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2CFF 21 KB
10 KB 255ms
255ms Fetch
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2660720424135804&correlator=4387531890408026&eid=31072020%2C31074948%2C31075409%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=10&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688658794973%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3a9adabaee084c52a7f6a15b71f6df66&sc=1&cdm=ye-mek.net&abxe=1&dt=1688658795531&lmt=1688658795&dlt=1688658794251&idt=898&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=uiasmk9h6oq9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

10befe8e021bea12e098a8dd9398464fdd6bfe403ee282936ee7d7cacd3314c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9745
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2CFF 344 KB
119 KB 48ms
19ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19544

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02e7535563110e913669c43b9233db020deb9a4b0eaff84ab9de1b55b8ad21c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121444
x-xss-protection: 0
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 2CFF 398 KB
128 KB 56ms
56ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/6/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19544
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Thu, 13 Jul 2023 15:53:15 GMT

GET
H2 200 container.html Show response
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 204C 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Fri, 05 Jul 2024 15:53:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 204C 24 KB
7 KB 33ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 420466
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 30 Jun 2024 19:05:29 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 204C 139 KB
48 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5b65df4098cbd479526214756b32e7aa9cbfa7f28646710fb7b710f5a729ce2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Origin: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48670
x-xss-protection: 0
server: cafe
etag: 146443428588103593
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 204C 179 KB
57 KB 44ms
23ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012306202201000/ Frame 9509 222 KB
61 KB 56ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5af185c4ee2f05f5e2f6407594cd75cb32129871c2ec0f0957be6d3129a8cf54

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 05 Jul 2023 17:10:51 GMT
age: 81744
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61909
x-xss-protection: 0
server: sffe
etag: "f919e19544cf979d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jul 2024 17:10:51 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012306202201000/v0/ Frame 9509 15 KB
5 KB 68ms
18ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c52e2a15cba5be54e6986bd808f5a6aa6705b0efffd9379feb005dabdb748e32

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 05 Jul 2023 16:19:04 GMT
age: 84851
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5217
x-xss-protection: 0
server: sffe
etag: "64cbd7fca0464c6f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jul 2024 16:19:04 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012306202201000/v0/ Frame 9509 94 KB
28 KB 69ms
19ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01204747c552676cceff27ecab875807de15fc28860715608db3d368ba736b3e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 05 Jul 2023 16:18:55 GMT
age: 84860
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28896
x-xss-protection: 0
server: sffe
etag: "4dcd9a8c59f0d36a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jul 2024 16:18:55 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012306202201000/v0/ Frame 9509 5 KB
2 KB 71ms
21ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52337cf2499996a25da3c2f17c8e0492c2d728c4b22bdd9b4da2089fcedac9ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 05 Jul 2023 16:19:04 GMT
age: 84851
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1898
x-xss-protection: 0
server: sffe
etag: "b82574a955fb50a0"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jul 2024 16:19:04 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012306202201000/v0/ Frame 9509 40 KB
13 KB 71ms
22ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b17d2d0a88d045b86c025e6a7978189716ddd6776e975bb9de1ad43be17348f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 05 Jul 2023 16:18:58 GMT
age: 84857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12958
x-xss-protection: 0
server: sffe
etag: "5e14f2792a869535"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jul 2024 16:18:58 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9509 14 KB
1 KB 18ms
18ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 06 Jul 2023 14:47:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H2 200 tr_bl.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9509 3 KB
3 KB 17ms
8ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr_bl.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb8e687f8ef4d4838ea77f88aa15f238529f8273aa2d22b7efc8ff18460f7757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 03:28:30 GMT
x-content-type-options: nosniff
server: cafe
age: 44685
etag: 2395455429816220802
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3040
x-xss-protection: 0
expires: Fri, 07 Jul 2023 03:28:30 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9509 344 B
448 B 18ms
8ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 8285
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 07 Jul 2023 13:35:10 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9509 0
0 52ms
51ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CyrJSa-OmZP6kFoOTgQeW7bqgB_HavLtx_fvH66ARi7fjq9M7EAEgwLKCa2CV4pCCoAegAciMpPwDyAEGqQJ2fGVJpzmyPuACAKgDAaoE1AFP0NfpDYcerq4YcxCOWoAL0zIvS6vKxAvSCgv6URuTO0uWhky2egZP5qqWlkdxUp-0NbMLDk0WkenurqYuk9vGXUe7Zf6dZdD9po4aDB2ULF71fCxtLrMOYXO04Rnk81K1sp4tLGRrW1MGWAj26n46UPJLFlt8OYm4ASABe3AYvKhWHzQQJ2_h24ukTaSVf6dBliwD4bVxD7ShK_XkeH9Dx-gNF8vP2BHf016Rb0ZBYnJAZk53mhg7vCE4S8866-QNiG64IGISuNZhIfGFl00DGRzPiMAE46awzasE4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGAB6Dz2wOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHAxCmddIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwHYEw6IFATQFQGYFgGAFwGyFx4KHAgAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBjqwW0&sigh=1ZMhFEoqn6Q&uach_m=[UACH]&cid=CAQSLQBygQiDFk9PwbaKmBDnfYlXIgWmJSUy2iRthbCOPqL2lyGIE87jjtLFMBmOuxgB&template_id=492
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 9509 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9509 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cf9a10dcce37b965ce09235cc7f8fde8dd285afb1d06ef894966d759e6dbca8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 9509 33 KB
34 KB 31ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 02:43:59 GMT
x-content-type-options: nosniff
age: 392956
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Jul 2024 02:43:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 204C 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvrVFrJOvnYV00iQHFOQMWYr0I5ZvF9jZzcnt5wad-PCZt9GNV3BnDmSyre03bqcIh5wvhmSe5WQbxqd9txy7zh7vlbdP6jgdxtpAwf7NAdk92T24yOqDcUq6MLtyB2S9n7mX8Gzb8Nk0lKMf6rGEDYbVN3n6_P3y9zXa6FA0446iHqdU0MkUHuVcY6E9t8akSPjzebWPHNYyehvB5m0pvn-F7JJIPaiRrxqUnb8Y10O-VTnG3wHxgoPyzJaV8KS3G5kDFjtXEO2IsOclXPkCzOEojSF-h6q11N4ggcQhR8W2k0-CFtA_u4T1UdU4glDIsc71oqm4Z8InofcuT0KY_qL58lasVzBSqIvcay&sai=AMfl-YQ_8j_jt8ivORqI6FJeLWsZRIuEr9ICjPRwQS74jZccr0l6KcUIYUEv_0IIfWlWdk46k7QohOFlTZjZEPyYyYcO3GcQ2k_wBKLu4Ro9oPw&sig=Cg0ArKJSzGJzIyS1Np5BEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H3 200 container.html Show response
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4180 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Fri, 05 Jul 2024 15:53:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 204C 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1ea01c7916bb81513f18a61a66138d20a0ed950361ff98535412e22f62c18a4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306280101/ Frame 204C 344 KB
118 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9a352097bcd435d948bc34267a5f735aea5306ace7753e094ab33de62c66312

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121031
x-xss-protection: 0
server: cafe
etag: 11719354769056225341
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H3 200 container.html Show response
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1019 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Fri, 05 Jul 2024 15:53:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F04E 624 B
245 B 47ms
46ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGL3zxe8BMAE&v=APEucNWvC9JehuKPsXxN895EsDsUug_Tb_PNMVX2ajL-f_1iQDHrmk8rN1gc0hfqmEUxq1B6mpSHtt86dLSvadiVv-uH8ldgJTG4avDefyUtq4_hqy4oScZqMjo6JMQCDjZwDlYF70-Azc78FEF1nhOKFpfX0EL-fbqCpgdaJCNfIn69WJFCYR4

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Thu, 06 Jul 2023 15:53:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4180 78 KB
27 KB 150ms
150ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4180 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A1bCr4U_I-2a5CnmFFxkBJ4yqVDiPHsOARTauT1Xf7a0j0_OgKzeImZTAZ7r4V1D5XkCes9SbxJbYhH9muIgnfYxIt_O-yCzMHhKlm1cYrP0NHyjw

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4180 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13999638763211372160&x=1&ct=76

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame 4180 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/window_focus_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:24:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8916
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 13:24:39 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame 4180 20 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:14:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59947
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:14:08 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4180 179 KB
56 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:15 GMT

GET
H3 200 container.html Show response
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F4E7 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Fri, 05 Jul 2024 15:53:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 723D 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Fri, 05 Jul 2024 15:53:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C33A 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Fri, 05 Jul 2024 15:53:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9509
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

22ms
21ms

Image
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

date: Thu, 06 Jul 2023 15:53:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 tr_bl.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9509 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr_bl.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb8e687f8ef4d4838ea77f88aa15f238529f8273aa2d22b7efc8ff18460f7757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 03:28:30 GMT
x-content-type-options: nosniff
server: cafe
age: 44685
etag: 2395455429816220802
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3040
x-xss-protection: 0
expires: Fri, 07 Jul 2023 03:28:30 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9509 344 B
368 B 7ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 8285
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 07 Jul 2023 13:35:10 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F04E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1&C=1

43 B
632 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGL3zxe8BMAE&v=APEucNWvC9JehuKPsXxN895EsDsUug_Tb_PNMVX2ajL-f_1iQDHrmk8rN1gc0hfqmEUxq1B6mpSHtt86dLSvadiVv-uH8ldgJTG4avDefyUtq4_hqy4oScZqMjo6JMQCDjZwDlYF70-Azc78FEF1nhOKFpfX0EL-fbqCpgdaJCNfIn69WJFCYR4
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F04E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKbjbCcURQXzoM5TmRlrZgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1

43 B
632 B

10ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGL3zxe8BMAE&v=APEucNWvC9JehuKPsXxN895EsDsUug_Tb_PNMVX2ajL-f_1iQDHrmk8rN1gc0hfqmEUxq1B6mpSHtt86dLSvadiVv-uH8ldgJTG4avDefyUtq4_hqy4oScZqMjo6JMQCDjZwDlYF70-Azc78FEF1nhOKFpfX0EL-fbqCpgdaJCNfIn69WJFCYR4
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame F04E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFQsqJUZVqRRVqYGz-62odU&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEFQsqJUZVqRRVqYGz-62odU%26google_cver%3D1

43 B
893 B

33ms
33ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEFQsqJUZVqRRVqYGz-62odU%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGL3zxe8BMAE&v=APEucNWvC9JehuKPsXxN895EsDsUug_Tb_PNMVX2ajL-f_1iQDHrmk8rN1gc0hfqmEUxq1B6mpSHtt86dLSvadiVv-uH8ldgJTG4avDefyUtq4_hqy4oScZqMjo6JMQCDjZwDlYF70-Azc78FEF1nhOKFpfX0EL-fbqCpgdaJCNfIn69WJFCYR4

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
an-x-request-uuid: f8c95e55-f014-4694-a674-b9c7b3df21f9
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 45.141.152.76; 45.141.152.76; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
an-x-request-uuid: ee07a037-109f-491a-aef5-898f5e6863a6
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEFQsqJUZVqRRVqYGz-62odU%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.76; 45.141.152.76; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F04E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcwNjg5OTQ4MTIyNTU1NjE4OA%3D%3D

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcwNjg5OTQ4MTIyNTU1NjE4OA%3D%3D

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
an-x-request-uuid: 6be64c89-341e-4a80-822a-2ab17f215b58
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcwNjg5OTQ4MTIyNTU1NjE4OA%3D%3D
x-proxy-origin: 45.141.152.76; 45.141.152.76; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5628 640 B
262 B 47ms
46ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNUGfY4Y2pTbDUrfgaV79niTCKKA2rMztWyK_hQJqEClUonZJJuvFQvoLu4YRvWFndgnKWoTuu9uEWLNW9je13DHixQ2Vke8OI2Mbaf-56uWg7dD3MXCYSYQzmyKlNK_3xHP0F9gj_ZDz0Q9kQaUEwthYj13gU8Po3_lGH-OrjV0Rsc21xs

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1019 78 KB
27 KB 109ms
108ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1019 42 B
63 B 42ms
40ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-De7QSL6J0_q3fSxgpejT9NBcwQHHPMe0y5FM8oJi22m8bwNur3x8Mz2DCaYknXcCZNg6Km7hiK1fLLubncHZHyHPWr9py1z4JFzy-1RmramUJ2h90

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1019 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5245267120890927011&x=1&ct=76

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame 1019 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/window_focus_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:24:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8916
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 13:24:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame 1019 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:14:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59947
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:14:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1019 179 KB
56 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:15 GMT

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ Frame 204C 0
0 41ms
41ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 container.html Show response
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1C11 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Fri, 05 Jul 2024 15:53:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0850 466 B
235 B 52ms
47ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPxZBCT7Z4BGOjvzewBMAE&v=APEucNVq2nHpQlgv7rvKvp4fHhNu8f0lYP6WnMpZXoG7OTJrsL5L4JmMD9ekEjQX7zxOgX4SK012OhA61I0nOc_kvp_pO6Dc-rrBB9pRgaQ0IyupXFdzTkxEI3waIceFUsg9_r34GJOZ9Oj78lvzn0HYpeBRsh50L9P8ptfGItUNEwvOjgfJf9E

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F4E7 78 KB
27 KB 93ms
88ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F4E7 42 B
63 B 48ms
43ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C4HM85U_0E4hRHjIuGJcXXbR0xhxnixSbFb8S8AMfxcSh83m5tmkqf7y-HvbZalax36aqIAMrBDFf_SRUcOtldGc_FDXbtwhKqJxq01p_0p_meTv0

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F4E7 0
20 B 46ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15721191698472491212&x=1&ct=76

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame F4E7 3 KB
1 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/window_focus_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:24:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8917
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 13:24:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame F4E7 20 KB
8 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:14:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:14:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F4E7 179 KB
56 KB 26ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 723D 24 KB
6 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 420467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 30 Jun 2024 19:05:29 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 723D 139 KB
48 KB 64ms
59ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

10b4a5993395ec976a13b48f92dbd1adcbd98e3cd36f3447a31524c185ebeb50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Origin: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48673
x-xss-protection: 0
server: cafe
etag: 3177382873524613749
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 723D 179 KB
56 KB 33ms
28ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8E2A 466 B
235 B 50ms
47ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGL3zxe8BMAE&v=APEucNWo5S3TKEcFgB0e52pCGlO-Yurh3-gzcvR4Vstfc5zmj_nIvFbeAkvpM0Fc_gr6WOezcmPNmuxn6bMooyRmWaqHfLIhG_Ar4t-B7JkOcmSYK7oGM8bArXrtkG6xeC52DT5_6EEhX6J5xqwF0Whbv6EXoJM9k3c-WkS8RJBLvz1h1EAfQqg

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C33A 78 KB
27 KB 87ms
84ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C33A 42 B
63 B 45ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BqYQOlzw3dD1SSSCV9j2DqO-b4riB76rMp5mp5j_2kwVw9h0_JzAnjPwZiOgr2hOEugaWJ8PyfTHXS0H87ej61hLEM1Z-DBwz027b44emgWRdWj1w

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C33A 0
20 B 45ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1639417165347488685&x=1&ct=76

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame C33A 3 KB
1 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/window_focus_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:24:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8917
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 13:24:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame C33A 20 KB
8 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:14:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:14:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C33A 179 KB
56 KB 33ms
30ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 204C 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 70C2 0
16 B 139ms
139ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795840&bpp=11&bdt=150&idt=193&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&nras=1&correlator=7615271090621&frm=8&ife=1&pv=2&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.zafs6fgov3b&fsb=1&dtd=207

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2A35 624 B
245 B 49ms
47ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-dzjwAEwAQ&v=APEucNVEGqE28e1SCdKagF7VFcGgxVRl0mO8qF7tPccyRPbjCA-FJ2-OeFEtmpjtSl72l_WN0da9cpQrZt5-yuvxhY60z2ZtgyIicIkv_V2IcW3Gquqfg3AkOwIN8Kg96pEA4UZi_DDC7RnbmN3l3vuIaYgfpPVmBMWWkgr5VelVTIy5qEz2mrg

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
expires: Thu, 06 Jul 2023 15:53:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1C11 78 KB
27 KB 100ms
98ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1C11 42 B
63 B 42ms
40ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CQxsmY-q8PJ1sc412HXCgOO0_40iTXxqw3BBZAMimBK2JsxN1BRZuvNsplYdyQN82oOtSDo5BeX2qyLaJn9jsAzP0kj-gRH6YUy5f7fA-rAtlwzLM

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1C11 0
20 B 44ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7740164138472844135&x=1&ct=76

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame 1C11 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/window_focus_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:24:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8917
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 13:24:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame 1C11 20 KB
8 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:14:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:14:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1C11 179 KB
56 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3D4A 40 KB
14 KB 211ms
210ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795852&bpp=2&bdt=162&idt=204&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7615271090621&frm=8&ife=1&pv=1&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.x6ye899klhof&fsb=1&dtd=210

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

234ea698174488586fdff48dc31715f87142f5b9ed08e62f632bcac17791c098

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 14682
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 5628
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO5Y2eltiU9PTsssuhUp8N0&google_cver=1

43 B
115 B

120ms
120ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO5Y2eltiU9PTsssuhUp8N0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNUGfY4Y2pTbDUrfgaV79niTCKKA2rMztWyK_hQJqEClUonZJJuvFQvoLu4YRvWFndgnKWoTuu9uEWLNW9je13DHixQ2Vke8OI2Mbaf-56uWg7dD3MXCYSYQzmyKlNK_3xHP0F9gj_ZDz0Q9kQaUEwthYj13gU8Po3_lGH-OrjV0Rsc21xs
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO5Y2eltiU9PTsssuhUp8N0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 5628 43 B
305 B 138ms
120ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNUGfY4Y2pTbDUrfgaV79niTCKKA2rMztWyK_hQJqEClUonZJJuvFQvoLu4YRvWFndgnKWoTuu9uEWLNW9je13DHixQ2Vke8OI2Mbaf-56uWg7dD3MXCYSYQzmyKlNK_3xHP0F9gj_ZDz0Q9kQaUEwthYj13gU8Po3_lGH-OrjV0Rsc21xs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 5628
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEM6kWBIUyLjpC63sWP8HECs&google_cver=1

23 B
165 B

40ms
40ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEM6kWBIUyLjpC63sWP8HECs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNUGfY4Y2pTbDUrfgaV79niTCKKA2rMztWyK_hQJqEClUonZJJuvFQvoLu4YRvWFndgnKWoTuu9uEWLNW9je13DHixQ2Vke8OI2Mbaf-56uWg7dD3MXCYSYQzmyKlNK_3xHP0F9gj_ZDz0Q9kQaUEwthYj13gU8Po3_lGH-OrjV0Rsc21xs
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Thu, 06 Jul 2023 15:53:16 GMT
pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEM6kWBIUyLjpC63sWP8HECs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 5628 23 B
165 B 93ms
41ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNUGfY4Y2pTbDUrfgaV79niTCKKA2rMztWyK_hQJqEClUonZJJuvFQvoLu4YRvWFndgnKWoTuu9uEWLNW9je13DHixQ2Vke8OI2Mbaf-56uWg7dD3MXCYSYQzmyKlNK_3xHP0F9gj_ZDz0Q9kQaUEwthYj13gU8Po3_lGH-OrjV0Rsc21xs
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Thu, 06 Jul 2023 15:53:16 GMT
pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 0850
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1&__user_check__=1&sync_id=387f7e53-1c15-11ee-8cca-1ee5b9e10406

43 B
548 B

33ms
32ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1&__user_check__=1&sync_id=387f7e53-1c15-11ee-8cca-1ee5b9e10406
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPxZBCT7Z4BGOjvzewBMAE&v=APEucNVq2nHpQlgv7rvKvp4fHhNu8f0lYP6WnMpZXoG7OTJrsL5L4JmMD9ekEjQX7zxOgX4SK012OhA61I0nOc_kvp_pO6Dc-rrBB9pRgaQ0IyupXFdzTkxEI3waIceFUsg9_r34GJOZ9Oj78lvzn0HYpeBRsh50L9P8ptfGItUNEwvOjgfJf9E
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 28
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1&__user_check__=1&sync_id=387f7e53-1c15-11ee-8cca-1ee5b9e10406
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 113
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0850
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Mzg3OTNmMGUtMWMxNS0xMWVlLThiZGEtMThhMzA1ODYwMzA2

170 B
188 B

25ms
25ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Mzg3OTNmMGUtMWMxNS0xMWVlLThiZGEtMThhMzA1ODYwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPxZBCT7Z4BGOjvzewBMAE&v=APEucNVq2nHpQlgv7rvKvp4fHhNu8f0lYP6WnMpZXoG7OTJrsL5L4JmMD9ekEjQX7zxOgX4SK012OhA61I0nOc_kvp_pO6Dc-rrBB9pRgaQ0IyupXFdzTkxEI3waIceFUsg9_r34GJOZ9Oj78lvzn0HYpeBRsh50L9P8ptfGItUNEwvOjgfJf9E

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Mzg3OTNmMGUtMWMxNS0xMWVlLThiZGEtMThhMzA1ODYwMzA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 48
Connection: keep-alive
Content-Length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame 0850 0
126 B 26ms
9ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 8E2A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1&__user_check__=1&sync_id=387f77fc-1c15-11ee-ae7d-16821cb20206

43 B
549 B

33ms
33ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1&__user_check__=1&sync_id=387f77fc-1c15-11ee-ae7d-16821cb20206
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGL3zxe8BMAE&v=APEucNWo5S3TKEcFgB0e52pCGlO-Yurh3-gzcvR4Vstfc5zmj_nIvFbeAkvpM0Fc_gr6WOezcmPNmuxn6bMooyRmWaqHfLIhG_Ar4t-B7JkOcmSYK7oGM8bArXrtkG6xeC52DT5_6EEhX6J5xqwF0Whbv6EXoJM9k3c-WkS8RJBLvz1h1EAfQqg
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 138
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESENh601mXpNOayKky31lffLk&google_cver=1&__user_check__=1&sync_id=387f77fc-1c15-11ee-ae7d-16821cb20206
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 60
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8E2A
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Mzg3OTNmMGUtMWMxNS0xMWVlLThiZGEtMThhMzA1ODYwMzA2

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Mzg3OTNmMGUtMWMxNS0xMWVlLThiZGEtMThhMzA1ODYwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGL3zxe8BMAE&v=APEucNWo5S3TKEcFgB0e52pCGlO-Yurh3-gzcvR4Vstfc5zmj_nIvFbeAkvpM0Fc_gr6WOezcmPNmuxn6bMooyRmWaqHfLIhG_Ar4t-B7JkOcmSYK7oGM8bArXrtkG6xeC52DT5_6EEhX6J5xqwF0Whbv6EXoJM9k3c-WkS8RJBLvz1h1EAfQqg

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Mzg3OTNmMGUtMWMxNS0xMWVlLThiZGEtMThhMzA1ODYwMzA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 19
Connection: keep-alive
Content-Length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame 8E2A 0
15 B 27ms
10ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 container.html Show response
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3A17 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:15 GMT
expires: Fri, 05 Jul 2024 15:53:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 723D 0
0 51ms
50ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstWhseDVk4BcrLJnzFYmcIDvWeTFcs59yL1HfAZMl1tj8E1oqSg0gYbL1SoeuFVQbcDgRdanhPjCitY_a0HA7XO95cZPnSP6SQXaGgpCEBrKLgNwU3MoAZAozahB1fJDMKmhwRrG_xOqsa6wpCie68-YK-CrL9h7Vm70tO8E-Eff68XmykXHmxuXDG43ZsIPyKMtHmvlIK-7MaRM9RYzy8MDdJVIpkAEA6--EZ44rPJ9wBJGn9vdbUbXlaVGx86SzT-iRFvASH2sEuDkRsNsOUY07816IOPF-0jLV2KxyT0rcEsTLdxM419VHKu3Tx2LdXDrIo9HO2WaG8M7l74k11BQGdESTxQBgHPEQCl&sai=AMfl-YSqAqpAGMLZo60a9gJERg9zl6DACFXVrrNyu_YvZoK6mku-SUNOm__tWoD6hyGlYVeT1mCjc-H4NhQ65F4xXdljP4zEosupDJ7bqnA5rSo&sig=Cg0ArKJSzIokVNhoAtlGEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4180 0
20 B 40ms
39ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5957357211219&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4180 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5957357211219&version=m202301230201&ct=76&x=1&cor=13999638763211373000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4180 104 KB
40 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CgTuR6PHQhmAnZRgHpmUtaUNevqUCY6EdCGX8sQC47lmqn_GRzS_EqMalNHnWo_EExI-RW03GoYmMoiwEqtyXPRxdxyg&cry=1&dbm_d=AKAmf-DxwOw_NmJXSK7fEhKZNm7qcM0PhhomW6X6iJV5QBNrnsrnWh00zR43qCpS5vc5_bLCgM15iS9Mzb25MVtilsPihyRNf_IJEJJdgL9OssqAFF7wPYXb9pW5xwXbea5qqC-AkqWVmg-KIT43DhBNnLEtjVrz-bh54ewUEyj6FSo83DTnXW7gYUMROHndGgqA2YXhhy2jG4M4-MsEsl_mPwsyM6iI2rEdlWn4FJb1dEU5f6nuMMz0bcIqEF7YikFsANZ1Pwj9qbMi3o7RQsJecFthXZO2LRtDJUWjv8qLeaRqZaj0LwZ_BBMjY2bSus52UnMmXCI0MpvCUvHzGwNZKUt1UmGP2FYAWKpwdaUAMugE59g_NJtGu5D9j30Nsgfbitq-P6-HdYfB0sT_1tKMqVWiu4G4L9R9bVZ6RBZvcuP3QWEV0bVCk60QywyFkQpsK4SXLlOwoze69QRxwGxZzQWL6z4yRC_5gJQem6sZlWyRMQ9Gg6eaaInOnJ0C3MdHWUcybh9r1JHafiMZXCD1o94r-Gc4VRmlT7Wu3STnPcPZfhnRlRH_zwVMtwb0dBrNjvcNg23dx_Tcz2GHCp6cq69uGEsPD0RPspKihKCuvNRXDjS1-bQ4pMVSfKLsvXsDPnqoUMHNUtTulwXPFeyoU_oyNBAxglzmsi5S6giCAnKv71gzqrx3k9-Iu6dUjbbz8PZAZRGwMjvgVMZUXskYFb6gT-LXElVThRGpbVtpuwfgHvesmeubSlcZAHg8ca-akpOOf0yVte5TCA3DD61rtoJ8MFxdLve5hPgiwl1nvHPMpK4S0p_56fDBvNCUViLI04GOTsMCsOGbn9bkLvEnhMLYvI8PkylXmaVq_eSMytr3ESxWFO2xTgNfygRf5Km2xF0AWnyGmo16-9etmFRwQ4aL1Tszqe804jWi0e-m4_7H8Z0kwfVLyWhvXVcRuAjBMXUUFCf9RXjgfDyDOrdDdhLWLrjyGCJ7QYIVxdFx4xM4NCwMhFddZaMcL9zkd1TCDesJUPpTRFoJDkq5gLXusqjdf5VcbG6zcZG45mUyHgCSPQtaBrGSvlQvVNj-uLxexo8Be75RYmNq5JQ9F-LgRFcMd2n8gNR7wJ94DVs6w_unjTUghh-uSOY7iFtPFNiFgMl_56nyyN0jNG9dwqWE4h-vxNwbK3ZAne68RiWkl4iQ_-l9OndMJIqqXpvagjq7b5bQhJy8kN6meQkvkIEK_juN_wBx-t6C1xHnRcF2kMxbmTCHUyFUEyvAtIOXqipjCUIG9e8zQu-_q1PHJmlFKhBkmYUT-Ee5zjkG6rzhI8pVplFcFK7krqGctdpEUsv09d02RgHx9_gNBPWKCt-f0Rh8UoOqa1SajkytgxBpG1AQ6BjZ4ErRAgxaGsJULsPC3ojpC8P4C5IRFYJS6IlvZqYaCU7Ac6XIzGddGBNT3kLHb_ApnW-rAHFNm7zD8CHIoWgFf0IzQVM13FBSh5HWe2dNMvmLc5ibfes2xFzRsbPwcED4QWZKzGH6PiUcpoxiQDkDQCP6MtSN2L1QXjVIINL1PYQjqvVsPRE8yETJ3NRG887-Pj3k5NuRMQZ47sb7PlNrEF_ygyMycGHNytb_TAQ8CKPJmA7yOOvS0UJ0jeV_AR0bD8WtKof6zxREvMXT2brlKxfdbkYyOOKmEAHNE5y5dYMdaTNlRjDZeOzaJSBNdr0L5zYCDtZ_W_DfdL8I14OFhvXXqK1KXyVrmfZMiRfejFwvK_43mv3lskDRPftDWY_8gFgqfd1SYZGckOEWgDEWbjWomIMaFzNhrALLc8urW2M6ip6h9rjtt6vRY3O5Fej-UvCxqva_E6Vbjpa6vu0mr4LT7I01AZJfq_1MLBgtuQ5PEVkaObpwKGODcNjXR-jelB4WWCncVLSLnX9WMkA9cV84ZIOChml-MxUbW-Z-q5J88uDETmVSwU2Oy5DVJOOQ9Aawq-kZbJpbYaKkOZIcoUilOjm5eCWWYT4OmMIv-WdLGvsgDyzczdEV7ewE5RuA9Dzm3MADj_zhKHMewamz5M3ndZLtRirf8816hxkSZ1bdSCyUv6XYX3as-3-lTxgzmimsHqZBw4dk0vKownbFjdukbrjo_sxPjMXVWmUGbcs6Hgneb4AkfGgPWTAMUt6X5LnwcDTIANU5PjjnGLgaZeuCx73cDtHWgX3I2lzx-jcDnJUJtZCrkmpx230qRxFZWyPoOF64W7Dy6HNimlFaieFfWhOTlhvvhgBYrqlf2RNZCcLY58Uiy_abihCeEsy4Sbxghwd9RZTT63TIKN0Tv0tlLNlP2xyXAn_bZSB_htURySdRFYKHOpSvQe432KWIqAHSInRpsdjh5ZzNCKu9Rhlyh3Me5do_GmDFEqMPUebi85bdD45KFpjm2KYaNjRf_FRHbGQaYJLfkpyybYwaW6ndP_DRJtuCyTupsBM5kpjUsOKsI-9tw00GAsYLCgjv2M_Av4usyR5Dwnk4IBEa5-sgc-W4TMGRAl6lX4W7-08Kv9CufSyl6JaeRPgZQm6LevJnaxmQmpmuY3zVJDxZMbX3VAoww0A8B9lIcGJnZvopDcy704wJlUijM1BriLRrNEfHi0PgxNTnrP2RDUyNy5uLwSOWHNVCSZqDIV44Dw_KhgtpXZr0rqZqEbeMOayurplaFc9-xHXkpwypy2IEVr9VPQ5LhW3PLDZJFde25jFbxg9u2l6rbMgdolhpmUxGDrlTnpOlCYhJvBFfktgyoenAJ3imybY8Vy1BtHvhUyPzj6eJRPVdI0gr7fGkuU7Kk26WymBzXO158KOJXe8zcXg8UxG4iDiICpPVfN1n5iS-2jdK8iKfBNsuCPTQxDdm-9f-nWWp4ylwpf1NkfGP_XT7FifKUuIdqowx4-X6l9ELW18W8MBJ5h4BW-sIDf4rh4HgMC1du55zGzVqiUjkpx_SDBNZtA337hSAhkXQA6wS96pFlvH2dJd0sVOb-ws8UCiTYfpupZEhr9J61jCC4cidlIXivRbyuqUaTX6RJ3CQF7qIAUzBEr-jxWbMmfenYus53FQh_9xUFP8bmktqvPyx49Wvtu5FPa9jCsvxrnWbPg_MLy_j9u_fb6AydArVExPzVPoQwwJlgXu-I3-9ARap4T9_Y_FySr6DtjMkDQ5pGZ48_lJHZW4yg5XFyPu3eArujkOcWHeBPGMI06DQjTvQtk9DI2FzexcbKv7fpLIAf8xJxkMTzjZvQT3ezIJJoVOEzBEJMalvCwN4m2r1lYRQpXJRoyF_bd-QBH25EgMvVP2NklxzpifyygLzZnw9Dt9-u118_twrZUthij-cp00kV3k7SI60g04c6hH57gFl0LljZ0VCaX3pt3V29_3Q-WKuxyD3_T9_383ERE_4UJO74y-IujHE_Sx5aSMjk6ZG6fYkXqySEbsPmQj46g-NiQYmFeIds0F14qgjbtDOryQ4ek3tuarJER2rKSeKYc1nZGSedvAbViawe-fiUojf78KjuSO0piXF4nYR1m7-9LHGtWJE8uKg_mwlnU0FwF6sGZga7iNhh4V6CrtDdL29B0HB_yiLhj0qu0bUJenEOwdC7nU3lhPndprpCF2fevRG7x8hgna_-jAtqbAnO7ACWhU&cid=CAQSbQBygQiDqf6Axe-iDaxDj_MBLUfdKdUA9l5yhtm2LYibYeNZiAq43qW0osCRTwVoN_RXoLd-m0Fjf4bANqBYauv53N7MjfG2aTJYjlyd_EBVYJXQvrYhcX3JeXmJV1mP9ybkQJ_Ton3Y3KeAD-gYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13999638763211373000&adk=1599433117&idt=155&cac=0&dtd=31

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09770ff362066a199024fe4720a4c1c85724adb439af8b2ab5254a4155b4d696

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40741
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 723D 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 961b64817ba01f674d1a51b15ce211bcaa9232ae3d441ef67f614fc40d411ac4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2A35
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1

43 B
632 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-dzjwAEwAQ&v=APEucNVEGqE28e1SCdKagF7VFcGgxVRl0mO8qF7tPccyRPbjCA-FJ2-OeFEtmpjtSl72l_WN0da9cpQrZt5-yuvxhY60z2ZtgyIicIkv_V2IcW3Gquqfg3AkOwIN8Kg96pEA4UZi_DDC7RnbmN3l3vuIaYgfpPVmBMWWkgr5VelVTIy5qEz2mrg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2A35
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKbjbCcURQXzoM5TmRlrZgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1

43 B
632 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-dzjwAEwAQ&v=APEucNVEGqE28e1SCdKagF7VFcGgxVRl0mO8qF7tPccyRPbjCA-FJ2-OeFEtmpjtSl72l_WN0da9cpQrZt5-yuvxhY60z2ZtgyIicIkv_V2IcW3Gquqfg3AkOwIN8Kg96pEA4UZi_DDC7RnbmN3l3vuIaYgfpPVmBMWWkgr5VelVTIy5qEz2mrg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Jul 2023 15:53:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDNlqSMNDeEgUyqj47bbh0c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 2A35
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFQsqJUZVqRRVqYGz-62odU&google_cver=1

43 B
842 B

14ms
13ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFQsqJUZVqRRVqYGz-62odU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-dzjwAEwAQ&v=APEucNVEGqE28e1SCdKagF7VFcGgxVRl0mO8qF7tPccyRPbjCA-FJ2-OeFEtmpjtSl72l_WN0da9cpQrZt5-yuvxhY60z2ZtgyIicIkv_V2IcW3Gquqfg3AkOwIN8Kg96pEA4UZi_DDC7RnbmN3l3vuIaYgfpPVmBMWWkgr5VelVTIy5qEz2mrg

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
an-x-request-uuid: 5fb1cb81-d75c-4528-8276-b3fb820bd216
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.76; 45.141.152.76; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFQsqJUZVqRRVqYGz-62odU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2A35
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcwNjg5OTQ4MTIyNTU1NjE4OA%3D%3D

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcwNjg5OTQ4MTIyNTU1NjE4OA%3D%3D

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
an-x-request-uuid: a34d8db9-9736-452c-b36e-dbc42007c2dd
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcwNjg5OTQ4MTIyNTU1NjE4OA%3D%3D
x-proxy-origin: 45.141.152.76; 45.141.152.76; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C33A 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8533414987491&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C33A 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8533414987491&version=m202301230201&ct=76&x=1&cor=1639417165347488800

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C33A 104 KB
40 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A8GhF3d_Qjj1KQN4L7ZBv7qDDHSKhxNw4xCVuGo4hrntnzgJRbc68o5dlmB-_bsQ1dixB2PCW5MawGTs4q30n6OW7z1Q&cry=1&dbm_d=AKAmf-DoI_d8SoqMnt5wQVCbLSkQciT_5GdCDFamGjsVhjq4bkcgvH8qnWEf0FrGjX56cx_LURjbJYn3TR5q4HV31RwsKIosvzqfVY60mXbomPc0M1MlXgg-z0NCHTStvMFORBCQ-6hIEqoeSOL0hmQ434vHYipAWuB7KRZ_7Ei3DgZrWbwNZtWwazY_usdf_jiNIRc9bLnpkznrjRY_iJWEgEN1z8GqS5kpcW03PImO5MvGXKvWypp42ZPdmy3QncVTfFz44v8XZyZWwhPt0INRtPYkdAR1WLeFzbFW1VSLTJQ0cB5lIB6GCF4qMm5g7IITkp3d5oQ03zgNMWW1HIW31ufFkmgmxxUgFsVJX8-AspdRJDv9kF3CH2eJxtl4VuT7dvzqgAORRof08lHi36ethtGFD5SwnyidKtYVm2RA-fVupZMfhfXLpizD0XtuqsbwuGSB5hNWRbNIxk3ObiHlhEdl40hVWSUjkeyNrFoh_AHkP7lM3KC32OdBcNQoprMQQHfC7r7e1-KrL6axI4jw58DFfWFh6rsbsrEsqsi-9hBl2ueCa61lj_zOb86bmDvviwXnXgSLOjgq6QFnQGruM4UwjL1SzFayoYkINbUE4AkSPxGjMqZRHkfyVX1zMrD_ovdK4PCZQ9mf8p2CAk9MI5spO2dTRfDEtGYM6b-B6PlRfV9DWZ64cVDmn9G2T47UQTWVWWM3xoEQ0t7NU1y7wQbpPESSmrEi4L_Xt2-Ln3uIYBpL2XH7BO6lH2gWK1DSVIsKbwMRnNc4ObbCYodnzPyFtzdnCiJmb005cOJJwrfR_loTHBbkmgD0b0IbqZ59sAZS0vgBqyrot6SWirEOOU95yf1w3BdI_TWvS73GavAiUXOJSO8xZotzTzL4jwf7aAqBBtd7WfOf3wgQveADhrXajhz-shgMLgqYBYE2p5yqBcYmwIned8xgIoSjQHbvQkNoUlt0EIl-w6j-PO4vjZawf0bl2fIVHc2dc0dy7O2zymZnCve726GeyjCCLEXW341yR9y8sCf0HHiEjHB7COyQskdykWS8NPmWnng9RQWwxmIrxLzexDf1ByA0pynwvmdPJYYv1APeREPtaH6jHDQg7assI7EOeT21gimF-69gEcRaNFOLKphnu5dsRfPbLpupbEtqZvRRBC932tPIcbuqOX2i_5GfSxIWwHZFHJeyMQHpXbcNIiqow_WnTVTZ7gTRd6pKrnlpoN9aRz7De2uW87YbQ4_4FXpJTkTk1w_TZbriGTxW-bEKmORiBYKEEu9Ijpn_Aeou8W_SWjPw61qZUD9OChGB1e_JCrL3OYJvWLn9E9rcInrbKX-OsXyJFurX2OO7PCzwtPQDH7eW0ObIJfUlRLXwiKhGcifUhYaY2UCFeBdxZ04uGXB2Q5SaLPiLzM0m0ZWYNimyBk0NAA37woG67xkuMCRWxeXnzRwoKP76whrEYZ_DbDAcq1ul3XaNshWMSIblMFWKObY6r14WO6wv1RwX99xsrXqaWSJrtpupmKszGrqZ0wGyabqtS8G-B2dWxo9EUvo9FZs-lWObvOM77lwmOPRzXMyWXncFQYiNKel2kTbz8bZ7ldC4v5kxRgGmnKZp8UmQ5bPrhCfdcYhSYfSVVMI010onYvq0SWFni_JVecj4VVFppVfgVw3OUUzTLajkwZCgTT1POMHcQQxdb_JjU_pHaFJ6ky398WFdSsd8fDS-LPSpymmdb2ZdqnxoX7I452Jnk4WotMdNiIpArSpMj9RKhI_XEXc0E4d85ZwzCgjkdQ2MNL65hBnvjT70RVinO4P50rkhpNr0o4xpqgWCBMJ5JnqmhCQIhW1IHbqyGeXueVGbhbtnFlxecVXe0Mb2YuU4TGpTqkxmHCxuc5NaE3-0K9VzvsZmt8SI6Z-NOq13j4gSJ9pYplMQHbg1LwcgxfuWOnzRX29TrJlbFpYd5ehAYFzoztXZ5rkFF-TjDsbWlfDUQphDLvY-6x-p0MmC4ZhczNYs8nWYOEyODKFS724LIsi1KBKrdULd5tgk9fV7jMnjRVaGM6d_pDnrBmLY53QeTsjsmPO9gUOo3KW5yHoY-IkjMJPqE5IbrqnKMeOnE9WluK_tG4qwAl6GqV_QuqiaaKeQfkC7saeq2jI758pHZy8ykXMoHDCK7e7zkxLWA_pRmTCyzFjvh8PrePzD1lFHkbPo9Q39fOJKpteGnaetDUC6JzaXYR6tXJepgR0gCzklYMrBqN7_jq2pk9t1qSL0YQ_6HTHsipVKnBtcKDIVruLh7t5tKTyDeKYVWsEf_Nb46g-nc8L5lyQeEj120w_tYw9RvRk5TAsE1VSKt9uYe1mrSbiPL8ZNU9duwysBdpBo575ZGo4RrezGS_p3VJZoGD0tWxg2tX0L34xrtTrJLKHU_CjuGz__2Lsc9YD5Axzd2waZ-c32ElXhtffzK5gaSnpqDwvbuE5dR2AQEYZQzCJ2sZ25k7L-ZJxpmRsmJOWY102yuoQA9E6S7-r0pYuuQ8ledi_Q4UGQ6lpwmcvlHUFAvGjsov-i3IJVjOzdyZx3V-V3hG_iMXphxvKTXRIldTQIAezV2lX4WJiPQ0PQWyTmh5qJRrLlJLuYKLS-zaUUqAI4n9PAr5XvjVbNXAhMCBlIdBYgP6-Pfqftyhna3QZ2kUMlU3eN4zpDewNA164tXrHOKkdciuXqEbnhC1dDOKehYJ18iv5BC8MN73DMKJjr2ZofG5POZ29ZSwNyXN-Wkh2A32Sv2kv9CdLelqnQK7okIV5-dfBl7WaF18jGhWFOvlrM2B2YNoVdTtS7CARKA60Lx8BoDXk0VZvWQej-sqszZw36fjlxRhEmAic3btqUOn88nxbjzTJfx6LpwNv4z1OsjfvuaBjPDjNHbuBX--ry4G0deiranhLMdY6XNjJTzdElxnwp710Zip8PwGsTvEUnoKfWqaqA2657WxHPIXSO1Lak0W7RHZImdsbpHkpWjWy7JnajXCYzivQYVj9Z5Yo0B6ho3TNJx1l86mzid5k8fP_mIMpOkb1nxnw5Krm35xI3HoC1LVyBCH8E5JjqTyygM5_qLa6dGltC5y7J8FaKL8fcNEheXqWwZ90OlfJHUXGUFmwRLLezEsOhLPAF96KTy4RovqOjFZH3oHMbpvMlflDzglQQFx-kqEzq1KQ51QGP6dJFXuV6xSaMObpw67hYmM18Lv2SEspqIY-kH7WjZt48sUzxplw6V8DQJNx8KDS6fhEakUa9Cr4p8PFW0UNUTc69_S_OsXOGjMPaZ1g9ZckadU3DDEXuIhGXgasb1gbjjEbBXptrFgg6oMoJ8cAlCmWYtl0jP2giZORHT671NVjCsnUPhmaWYq71JTokIUJn42vxR5xTUyC7IPU-I6Dz7JdqNwfFmFwDLdVpbQMFugtz8iipUOUQe1UBkBjrBhbwUpnDw1fRK6zcF0Sp6hhOk3r9c4YTZYjQg0QF30CiGQFU2_cPN0CPA3ZIveB1yZKWoAj2qRdG-PqLwsQOjuy2Tyzoo2r9ZcT-JpDmVpnLAQHxCDEPYwfXn_Dssa8xov4E5Ns5mF8aVaZ2cSb_UDYZYZ0JXc5Y3G3-TZBx_Qz0TuvF2KzSB9voLTefZh83vIqUB_c-bpk&cid=CAQSbQBygQiDcrmEQgq7Y0iXVS_uI1ejx17Aa4y3Ny3vI7cnwXYh4GVI6Rp3yYcWxthez4GtEnd14V7BM44HU4S-i0a58EmwTrr3pmIxzbEBv3hDxZHTdRbcJpUbbxPJw_RZamzjyOyCslpcgfn30Y8YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1639417165347488800&adk=578009112&idt=92&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d5f894c0bc1b6fa916f7051b02f1d7bf524e6849e2864ca87ead888f213c32c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40816
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 3A17 24 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 420467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 30 Jun 2024 19:05:29 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3A17 139 KB
48 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac75a37acc4aafd6957a795a25f094543dce2876dbd121ee725a7478b2b4641d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Origin: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48670
x-xss-protection: 0
server: cafe
etag: 3875030794516571459
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3A17 179 KB
56 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1019 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3944740305196&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1019 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3944740305196&version=m202301230201&ct=76&x=1&cor=5245267120890927000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1019 94 KB
38 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BXDYFO0e1fp4Zygv5UhzYKlFH11QzVG8CJxPYqEbgFrooK7uxCaxQ3jfZeXYiu-jtZd6D3HHillSo1tVFypS2OjsDB00yy1pq42GX4MCZXXhs3xigs9zIG1WWbH0-zfiuqMbgp9dV8v_NtLZ_VvefXcAEslgHMRow6us1sHNh8Vt6S2O4&dbm_d=AKAmf-CGL927TM3MVvKj3FRCX6DDY29C3l5yiOjdvdkHJ7gKxdDL2MnIGfGIRtqFjIbeDcPNnSdYZkDR42b8sX4m2dmDiNazNfOm1uJTn-M_WB3oOyOIqpz9wEPqGvjfngg5yEae28wxElkftdWOuKg0wMaMd208l8pwwPH4MYMO3rqpIl8Yz57-3aVW6fJLC0k_0ALViVWCaSdHs9LsI8bGPm4olo0gPjabFVYQu8HRoubyOtke5iKuR87kWNomXjzkG5Vzrjld3paHPXyfay-q87JZzUr2XeB4vflyiMyHu5rA-eX4ppX8i88l8Xf43QDyDgdQtDii2Kwg0BE97oNeB9fnkQUd1yMCdjvhe-N7XiT9WGjbU57SpdenIW6r_mtKB8qrLLV_1XWRrtMSlp47NmSlCA7_GneT0oceDKRbuk6JFkiPrRoNQ6Z81OiryezyYlWeHTvklSrv-5E6EMEQSmcGt6bl0C1TOMn26cPDHgPpzxE3FqshA_q7liEZwE-OiPTHvaNgCRd0VFxEbComUD6Q-9WHCmCC88aEzrIgUMwPzoZw4SbSuiqEkgCkixbWRDcqOK8ou6wPyLl2dAdJQPtxlxAXk483uQpKUOJZuiVJPxpH64xjf5mrtHSZ9hXVVP963HW9U7IscwSQgVMGTphOC7z1moJshNYw-DCM9bZbq02QdCHOL-j9ZZkb81mt113cEPyR3ixbDb2JZXki-E5o9ZyUqA06UDYkth6lLWWAJlCCwa9T2URN3I609xrixxecrLv--Y03NfwMWofpZQtoEIA4sQZJb7rmggfUcMxCsc4AhoWrXdra4mH02-Q7c-e84_MMwrXJxNl6KvmDrzeb3LqQopV809XrXMfh1VxZNRbh1r55Def1ZAseY22T9EWMaF5pXgx3HrU7ZaEgG8zAy6lM24R3aTzhw7mwYo_xUs4vr3phKQ6vTcC08KorZqpB8Yt98F6W_X0SNNwhMDRqfWzhFnq-1L327qYgIRCKipJHBWKlFNVx7Btu2slm7miPFI3Fs_xTYGPNhd8PwGgPalGUs-V9I0h1TgyTDfmrTXzbeEE5JG8Mmi_pFMOQDLARB_qHsgDRGw5gxiY3iXadhwtuHF4n8Z9q8agKIOXPU4IlK9QuifQTEFNqaQ2efj072_FwvBSTeD8pQhzsc1TzWnC-ZneGsVkvgnW4jmwBbRoAoVH4fQZdtRqkg864QanZCVru_opWGDhg12fcGPSoZRoEer4grZyzY9Oqpj0br78giJ2sCp8nO0tw_YAxNsYF0y0elo65_lViXkUO7L9tCjnfapNwx-bdOHVQqB82hsQdAczNVjaMv6I83WP9Q2_Dpt_ZJ9zMJwCpupTJiGSleI_FVETwmDjQJ3iK7txSevUNKWmoD9z-11e5cdT4kAOXngw3S28jaASqpFT4IaHqkEbXBSgaNnmzl8YXmloukeJJ2a5TXnXFkRw71VtGbkUvbVd7v-CJXqAAEXI_OXxNxmfjQkbOBRcuSFKlG5Fd-iaJUCPIsZ2KepIeF6krgpP6BvgFj62Ae7izoqmuED03NIUP2-6KgWxAtWqabXBVcFgL9RfrMh_2CL3cq7agK_cH1EtF5EoqgiDmzG06eHRS6Tt-0R5E9i3E9XjFKLPcyG_Guy8hvTjpWt_nBFjiH12KsxAlT_xcisGnKXAZWSlMDLMX3fldufKlXAAeDb8K3LFtLdk6_RQb96lt0lle-cK6Czlqros5SRi-3TYFTHaqt4Rv-dUsW7vbG787U5U8MnZ_a2jL2dDpVa6U9ThRpDljRNrt429W0FxzBR9IZWrERsWJrRSjdHUj-chaGLW21Z2xqGtih2xH52oczz6bjlLtNBjzIgQV8cOIJ906w6HUXYyIjMgfDdhbKpGzGDUBkjn0F_SSGqSKpp0F4mh7vrSHroqFib26LolZWud5m8AVsb-Le0oyHYsJC1A5NrwZkSonrMscTqvEVTXJKUaSzNJRh_jPXsq3ySdHNetCGlHI5vFcSfLT2SkeV_00Z4FqAtPLOBOXNTPfxYIMkDsTCC8FpbP8CpM8G9ODy0N_42STf9nCuXA1z2tZ__i3Pu2imFF7DCCu0MN3E-a3VPifyCg7ulrKuXq2sUWl3GUOGQvR24VUk6PecgguHxWK8JjLV9LX6Zv2ql6GI3IZNAluhMNMJ2Hvgpv7nBwLKp1iR_LpciZoyuX-2zp6Juo-REWKzD20NdSkiCEBWLi_O4VOskiE8-6HyNvw5Ec3Mvp268wa87OdNTrL7k0Wh-bJCC2J6O03WvpiFc-nPMxJ_i8d0d_O7cJxiqybCVG38Nu17qabOzQ3muTlAbOFBZZEtIC_5oqsEgHhsveJ1IwsbVtL-5Us3q279MnzdPjKqqf501yd3Bs3Uzdg5IiUN8XneZqLfixyHT18T0DPG14Fzd7tyjPhF32FoHDAvfbML1dAP-yE89C_Be6NFV_DKk5OdLkuWpi5AfTOHTKXdhPZAUxNqQUt38QHF_sfptpUHbz4yWYn9ag6t2LlHaWdv5624gc-XC55wVIkj_RkZLmXZ2ds4oV9YwuIunxlUxSPLlrVXETQYgrD7o3mr_e8rWxzV2SNOBPYGbFnHprpOc3UyG-9B1driq6ggvIBJabhb2kY8qoNl6-StU6DzNffEuuCbYWXT5t6XuJd_5Gw2-9lgW6Nr8Ecj1b1l1YvPEoH5mEz66HwwWqvbRhzcYWa_hN05esU9JKwBztgksiIizsT6mLhhwwZrL6cFmg-hIZYy_1sMPJJ4qCdaX3fQB51kmZkZ6tXs4CQTfOjZG4Gt01_GfqAQS3lmH4D1fqknZn4OjQXryHR0WD1S2SfxR-FFgQ7Qyxk_e5I_xaa2qWDNY1i-nAhYBgCeFGQDpdh7nmnM6Xa9xOW0SnV1kXA3Lv81yqrDv_6YJE0FuM6FlFa0fA4hShQHJW7K9YWc4NK_VhVOr7UtjF-ZMGS6nYOvrK31Ga2Hd6u_I5KI8mn64cRZN2MvF9tvsIBt9Cz9wZrwLtM72TE2AMOhwOCqeR672Cp9GNGV_TueqxBcuM1CgDFs00u6bSrlP_eVQSXlb0tpXH4dSw8OOVgaHEWqdehTpfhR2cjVoWjQN1K0nagIj129cR5Q43BnDv6hNl4Y4HKMWrVLQl9XxDvLFq8NqsIoemZWYxtPu6kAPqweOgBBNabFiIJ5-QsI_YEx3M-GP9kkpFEQoMPMAYMAK7-YZzRafzsYr9LvRitTqGai8bnwGtTcQwMFoaHqEc_GEewHvPHHtT1lq-IbgaFDig2ovBVWy0U4vAxBxQ0J7ZJg0JRcB8Pe3As1tWji1MSGV8scEUYWelBKV9fxWm1xHACBYBYDKfBeOYPmvtvb7MXQSO0lZvK0A-Cab8Bc59mQaMKDV4W-h0AZatuWFayzjDW-LZ5TOhDrnT1LkkkqNx8l2DogwHGAE1Qzf9l-D8YhvCSzaBCPUwDzK1wi6dcv_GoxPKZapp_MxJ0MpifNSVIEV1SgAwZ3TiF1ktPya-cptn_Yopr66yo4iiJWbDGtC2AYlO_U-GN1e11vNRfCb8nk6k5MZUI72pUwVOZkoorT6wf02gxsM_uC3jPkZs2oqF2lM8Ts93lT5PpnXbDfm24qNh9IlkXom3Nfj8ON9YNaXl_w5h0HdrPu9RvMhwTp893liuZQ55A-jYTeuK54jQDpmt2gtHecCRLC5ptIu5CzqujPpbs7PxSrYWi4ZBc7Iu_Gw&cid=CAQSbQBygQiDkdBE-Cltud8vTmlnYEy2cEFgM7x1QtwdZTBAo88vyF9Se-QwEULYoXPkInkJYS6Flum1H1SzPTm_PlGVavcxdtXk9v_JtLniRdqSxq9Q0LeUGvMXr-U0utBKWvErzpk3hunKKvVBA6oYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5245267120890927000&adk=2465470143&idt=114&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a294a38ea4b9a3ceb77299626c45d911332e5fa71b803e99c9bccce17d632df4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38811
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F4E7 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8853637618414&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F4E7 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8853637618414&version=m202301230201&ct=76&x=1&cor=15721191698472490000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F4E7 77 KB
36 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BivpsO32oYlzhxwNuOJR5RCDtQJkjumwwc8UsOv0XnM9eSPWA60XXW2XTvRYIPxSTFDybomh_o9YIVdRH3pzZak3hXvLSugWDcA-K5tog0kChbDsVxP_iUdBz3tKoOudicw_deGBmJg1umvZcrugI-rRl50k_DctAnw55z63MQqkf2ZZY&dbm_d=AKAmf-BXxKB1oIY8E8FVmqDF8XuApftWvtXi4bRT837SGnG40AWD3JQnFTDqms8CdVu2YmsZdpAivVju1kOPo2R7bjGmZPNXCaENdKJZQ5DdQ4bwtbQdGxiTfKdNVKa6FmaRZyXOYK3_ycAtuRVuTovO0e78IoUj80lc9cScCCGGR6Scx2KYXguxR1SV9QBeUkbYIuLS7SZqF7NwUfQGiw_eF2yCY2T53AdaNnnU6sONWQkGGARTUZUNaPNX8KxVs_bpNDalkEkNUfJ5uElWLP_YhMnswTpNZPjcLrRuBoJif3b67_tLhwaCTtL_LazAQirgweXYtXroKelV3sJMKtvGeYd6fh-jmAL3sGoTSrn3xQAXWteb2nwQ46mk5zq7p7iGL-CaLcdzcAmrd4vjrxBFR6f7pllBNuNyBSAwXeZPozY3Ej-AahdN7JVu-fy15i_s_eeXDliKTnzZvt-vHkTHYfjsPETcR2K4eRA2srK0fRxbgq9AWxgjhgO0zucnpWS6YK023_P78paqESOL7tp4Nq42sXLIksgstv0gvk2OQ1ddrLv_114KqT9K4jSvYvfCxxUOYVWpLmvl6ZMBwjfCcNIKo9QbFNtewdfJJSE8_nY4xR4J7zgz3JWz7ioKZdXaXPySzVRDZoH5ygmHEC5iOnYCmIWS9vfT3reaxkEQlJMdm8f2lf3GffFGiSo2Ff5iwc3C9kBeBirx5EoxxcdFB8ikg3a-QQ-VuinC0DTGCwL2t_nP4veiJBoCEzL4-wqYx3yW2ILYY6Qo3VB8gmcpajC1mwdjBm3SWKLPYpElIAWCtBsLEJkKQnI4MCjquyrN2H0F_d0gcG_deM84vwsqh-My389ccma1hC7YJpdsdtbuggejQUn3hUiqdmiVlHvAfbRcxB0Cjctt8orp421OCmqSvWXFsyebFKhZY8JFZXSAd9SdPYYTqlJY0uzjx4i_zZBGG3L2JTroa86wf3cnaMElsPuzodVY36FX4sktqAcHua5UaHwmSSLsviALllp3B1o91s-msFwarxAGdjFmxPM3uFKTHrr45rbj1XEUhsH3zLUshnlYkK_-2UutdeWByAXBAgtHIb0H-_gbiqmCtyeGoeTtuN1gxeUGo4keD4g11Lr_vOXmVcWdbag9Jj1elXKlZ7ztej2gHnR_ySolKD-Nb1XmWbYpWoxXbpf5NMTSC1bA-hXssWYLSl_wU1LSKZRZgpBBweU94SozgI66oPfNtOzPDg3bV9dbV67XdRr7FYZBXBe3carXDd36itPyi6Qj3CaUxaNCTq_U6cnPE2W6qzBguICWXt_3cUhs4CeXL8l3gSd68teKD-2FtynWStmYIONa4Ec8n9RHdxvnUZ-xAkiTW1Cow6HXoDRaJSMC5pVhvf34CsD7bfQO4YQBnJ-rDdjkVjFO2QOAMykWmIKOyHzZ_C2rVvnipNqA_a5q6TfLr43Rf9Qy-ec5Y7jb6bp7BZ0_8g85w1Plq8lY3hWhRs3PJpUtS1q9dmOxttNAPA_gRLys_WI11VqeF3cJmvmo2Iw3at-YMceMnPXDHtGz1eoXWr7L-4bonmUDCu36Ltl3jjOJvXdDwlV1cKTfdhWVOeNjNgYmJoj9UmtUnyEC5NhuIwQGG4YbRUkpnT8yRLMiczB3xs3DmdgxXVdP9_amRPVin96c0bU3C2d8mOudaX7dj6NUZLS-pGnik79KbIr29_LMV6k3xykw9pconHQSQfQXDuKh9cAhyun7tlLQYtbqF9Et1bYK5f5T_mpt1XaloHKrPxYXhLk9gHETT9dXG-nThjiKGP2-kgrvRJs-vyEH9hd_LsZutvUveIebxmf6uNeLYUctAW8w0gFnVAiQ8v35kk3oVETt-wpwvSqIkF0QSwEwZl_rkCn1AC-hHVNU8xDQqnuwhdwvLU99CR9R2XP6uVHjkXyUvW5Lx4KCH_s57rFQ3hnuUk7mOIPC8pCs6qSc7vg2R8VFe6urdSBScITQcjy489H-yFnHorQ80r0L3agG1CnQ26ZxER07eATmLgGbYVTcHOR8CH_XgF-9WXk3IwjmYIAabpryESYr8sQ-vlLs79ZK9G9vWx8pQrz5t9a0eagvllaTClhXkfpJjwOrsmcjpVkY302IztNzxRpg6S_XMIJDaT3mFgcejQiPbftXenr3PmYi09mI2hPEgc5jcTXan3i_mvIiGcCi3RCSILQSCRroARbNGeFY4ksMXR0sHfB55AD9LUed-oo-d4pFsOpv7DVthwJfkpdvwP9DYbWlVDvTbtw96zMFqjiCh85YaY0m6QiRbIN4ixnyUP66HwNslQJJmNztQ_ZiWBzJNNy9vT4xSCJ7sdwpyToplRhtsWhg51iemtEYqb9YKp6TMaJx5cYiRImzLg51XV2isxHI0EoxRGBs-LQ2UziY-iXjSXSTD-QhtWGNwz3XKOBuvz-QmVfydcybJlyDK41MmluJEP9Zz2AbTEKl20zA3Gw0n9ePTBdD_0rSwfkBYZY6vxp-x1I3eY1Y6ow99juPKLn6BfH8D-hfoBey5RDnFHEcttXctQhAKgzfAgmDLQXd94Dy3NsTYij8s5x-2zgThANPOf_k6JHeuzpfUK-e8DWyuMy3E3hregxdlucUntF-E7MzPI8XlTkRjmIRNV5npfLAJeWeb5bjR3OjnifOfnk3iNvFDrOa4ZbkfN5FzRaF92UiRipMYI9wJ1zUEB3FwFAG7TZZ6kA2aT7e8auYt3FHNyjpUCGHs6c3EL8Aii6NhllR3n4_X8IzB7zsXIq7DEqQcR5h8d7gnRtb-0YXNUZgpMMZpIcvOq037QBakOGMxPL5tEwhORxPLR2g4vTY10QeWE9IGmblf8cefrfH8dlDfPf_iXG0IoIk6ib9ioUNha7AelHdFtvMUDCBjhUlxfjeq01R3yQBQBGdksLybLPuX2Ui_NGxVDvv0nJpKlZXCm8kib9hg7A-UZcdOD7qsl62NX_Ui7dcwnb8ikEDqpvMfSNDaWOgr6GYn3FMjmlyGbcYhrRdXf3hNCgZv-bLIZGcA_wjyCwYY7y4aSLKJbYj3Lej2Sk6BytnB0FH22wZK5KO9KwJjiU5OelG7JQ_uYDttBQAPEZxCfMs5BiRv9IjeqoEdqJdrnLXKIikyyj5kF9hewm9prBVP60_pFAnXo9Mp3StZ98yTcnywlcdQgClYjNDbz_pTBARhZ73Dhmsr7uuqO_t0UBXOF62E7id7VbrairOR_0Ni4HGKbqyiWh3wfdZ_mVRHxP0bHH7o0-ZcIBaFRcqCoHNp0IXNPzWUSgnSlTAOG4bw46SVsiww4mp2RX_ut-ciseM1F6-l1iNmw3TcjyfReSCiG8_EFiuKi9tpdOEKfaTqqlPqrwDRX_85Q4FajLsjljW3MIIXJx6JmiZmtXTCjR11uF1PbIMtNBVMo1_Q2tjd2zReMYUM1wmz8KLaSUxjJ8VsFDM4n16JrOLY7FIf8_b_MyL8BegQ07MH00IlKddMESspTan9xyUPlwLlyImWvfrCl9_-O9nBxItP-laGipamktDEBbLow&cid=CAQSbQBygQiDqTAJZeB_Wzg7ZXl9fxh27GPhGSS1rd7HpAwYl6x_dDGo-acb137lfq_RMasUhj7Nv-r8ruu7RskwfduYYqi_5HEDQcgV1y0Ao0dgA8R1jhlSZMJC8OUvygt5eIQhKdX9i0LhNCpNrS0YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=15721191698472490000&adk=212707235&idt=97&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ba7815d5a25a8e7ec1e4cf95f9af85dac9e452444723bfd70e254ce11e25b58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36747
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/ Frame 723D 344 KB
118 KB 78ms
77ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com&bust=31075780

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

29b4da2fde5c9ef1da7a852440ed34e28a6d3f341a3aabf54fe224bd662b3e0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121031
x-xss-protection: 0
server: cafe
etag: 9143263690761075650
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/imp/ Frame 2CFF 0
210 B 47ms
47ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/6363a944e4b0125bde9e6739?g=1&t=cpc_annotation&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688658794973&userId=vnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 06 Jul 2023 15:53:16 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1C11 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3250438469845&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1C11 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3250438469845&version=m202301230201&ct=76&x=1&cor=7740164138472844000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1C11 94 KB
38 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4_mnBn293ea-uTznbYsPKqEltVwTUfUIu43sOc2xW8UKwPfN3J2uU03q5gQKF4n_Qe53keQjWDuhi0vmqAXDlpujrjf4T9h8libWYS65aRdA1TdsBp6IMYIeG6gWa-M7Gj6mb8iAJ0WWqYj1uXrmaiOk9lWg8nEo1rHJd7qdQ_1DB6jU&dbm_d=AKAmf-DpQcIX3qclIzRhyCpnxSgepcBUsW0tkDnPqQxTn-H_KBoHtfhp2-mKSF3UTQQNspmlh_cfatvoyobbZP0MEVIrXPCksMW-4wC7cZvG6sqa2QuiQ-h_74bUYiIAWsK5olDpAO9SnmK5vv_7vFiUjaPR-dTh-bjmWKkgBS0Qww5wg9QLc0CwHIjN5NFhtfBRBanv2XJ3-e8g6a0AglXC8iWRw0XDauS3qmlPzPIwFDCod3yLARQH8AmQANw1c4wR-qtlVw_THha083jp2N_9ne026YUGPs1xx3PU6xVbO2hnMw_pSZ3weDr7nM9Exl915gR09jpgMMGHbsMLzXmiHDuHi7lUREOf-rFAn1VBKAy-vjVZWklh-lQ4f-wyOiYP9F407OU3yuoywHh6WYM0m2RgfEr9jheTNqLkbCPLGqRh5CAfv3_Hs0YiuZTDAVDnvAqI5hfKWjAR3jJJAxnkLSAm3M5tphaR7bfFEtku8xgJBvtF_TiL_gURgsVJUBbJkhVt7YFZOdYfwoCrHWGZuN4SEgTkvZeWqwZhWt0tABon1y0z1FJEdoceevDO1HkYhFvkBQakqKA9mav6aRrDGx6IyBVA3_0Bnom8dHplQpQe64t6tNCULe9fChyaycyq0YxBPxA9PhszRJYsJv6FEw2uhkYrbqUqN4qJiDdaKQdRJ7Gl5LwpE71d1IpM_-bM3nWGIIkUVPPIcnMjbAdJDPwYychThxXLiN3fdhANcpDIYxbafuVmCwsD4jgfKcljRRHcTcXUlVSNbiRj8q2PHqwabfNarH_bMdjds6aTXC1oDGf51Vpr_6NLezzSJN1RRhGhk-pLDgZsjwQd5gV6O6JlvIa8ZD42HN5jiu6s8Ct7z_kUUiQSs7t3CTZ1-Cq412JjxZkWRfSLJ6w9y3DNCIt8_ZQ7LNB1jUh8aqfWC3CdmBYxAi3QAjMl5XrMXd1Q1iG5-MeqOt5UXZmUBuGDgSkHgK4XPMrjISsieeqWc9K9343Mbd8Qjcj5Zkz-7xrYwZ9-JmHND8hCHf9S9hErqc6fU1p9EhPOdyJh23g2I5EkZggATLJPiydYbd0I8GyR49POVSMPXe8I9VDlVwfnhPZJfYEBkUqVsZWk_ToOx6TPNGiQS7Awli5xohIv3sfM-d6np13d_9QzUtgzvTrNIrsrqNDZrn8TDC4JFZABCU6PNOwhBQVYgy_n3cwY1CpJ3IBia8PBrgUlu-n0oj5AkpR0sm6WPvZbp5bpNXCyaoZSx7lLrRnseSMXn--EToahvF5ULhbbYOijeMKiy2Z4jcO95Mw6b2Awv3iG_H0gjQHezgycR_VBX6ogt7Mkj989AhQx4CP-cwbkoxHz69h6i75riPkGUgCvJAR4KHADoj9Ml5rGP7sKkSJEOSkfFZK54AK2x1B4NlRGmFaD-jmlkU8IQ8GI3GKMKbKiLUEh8M16AeYzhe5LIiLKUWlFy8EoGQSKXxFN3bajFZ93jktKj504XnaTmMmiRasrw1Zyu66AnIVy5uONqfmDxUghIk-QHgI7Hkkq0pzjSLYktbOPmMbMllj1g9QcGMAKE-_0nAj3mX7pS6THwmuXxKIglDPHFIAaOlKVjr91OgnsyGiJKIZJ0r0JkMg1b0bCG-r53S4aFkT5Ryy31CAU4VGlJtgUqx5CUT-getoLoGs1qyrgsRUGEAgAPvxYBmKZEF7qA9pLtZiGFrrHdaEqMpcQT8DspZzsMp8O0fL85WNHaGWC9ORyg1_qG6o1Py28jq6Cbexuo5Y9UPkbvEV_Dlpk7K6d3_ElKeffka0zJxKg6B12GmjvFKLQNVBScRXWrUJ8I6B8DP_9SH7SmYyW4hQIoXp4vgOnnVmYMH5U6LQE_HfZjhzBt5C9r361IY6zMgl-Lq8brbLYN9UwKuKQcabQDhkwR7Gc3KeeQ2RKETEkSFm3k-e6ziWDsjra69byJQqfXnwjKJpM-W_o6JtsFEa98kxLMroVL57nnxv1V12PQGqIdepNuya7o2kZ_SNc0CUTCuD-vXVieh2Kqfa7dO1XnUb4EIVTorTJoe0oddqU6daji-5Dgk363vBcocF40nDifq0Lcuej87lVck7U6l2RtcD6s7mW8n1R__2LTw4f5_Fk4uGcLJL8i_-89H1Ak19ZxEWJzdNcsyznorAVEgZB1Xn9CPeHMk0H7hmjLdkVDMTutvCCQYmDOtFNZxbL4um1PUPbn2AISdZvg2h-qC643z0YCNHemWyPvXfYCUDsGZRKJ5AKLZq90LubqM83MC7ZF5lz4jUC9rY5jo69j3R1ztAVe0loI-zobbVO0RknRIOabJhll5vnpAWbGHXU0kdptNXUWD1vkhQ5viC9PfYeFvNLXLfNBYcFzIlfcRFk85F0MWy7L1hLVtUpYgyVMYqiSSqwUEHjNxcvGxbzcpToceQcqTrRlclC4pEjXV1bX8_oGO9BliFo0RAQypYaWI-HcS_WZueHo24Cmv5ojwdwsIDP46Jvj4oHIb12WYAqopepuA3ufiqAa8ojXLiXX7d1G29UCY5Nbd98Wx5beGmLxLbFt-GucVKhTJs3KRe4Hfg3bTzL6gHSYZ2_ZAM7-ns6BiYpfef6sEEk4mJ-gZ2qCK6D1FILg1OACXyVTbHeALr88vDR1daGx7LJiqlwp3V3B9PM8-cZ6ZFqvjri8K1O3lCA9rcQ_TdaY-Y3kXIlpNsWVA7nwWKyvN1bH83WHSYG30VgNG0aY1PWqLf9AsXvWDzP3ZstyjGonpy15sj35GMUnhR8kUUvDInrMqjqXr8Qoc6UIWHraLCKP23nMA6aKy_lIS38q4cPTpTEgL_JZlu-q-W8HrgTecMA_FltbgjAryVBLCFqgDwNlTrFx0ac1v6s3yMlgFN9GMoZtE0_PQsJHeGMZ7-9QZjyw6RNUEtkZ2CP_ljRBXWlDSlIy1FLpGjGJBlWxZG1cOSTVRyylwZ9IMl_Iy47mlZ5W14HIfo65VPTkRdo9rJ2U8SA3UW5rlG4XgmKn4fFufgA8tRfMnobnDKxwl7RWxNFAW5VP5Us_9MSZmNt_5C2eHfxc_9HAxy9db8Vf9TTHDZn9GT_7HQc1ldOt6Yqzz_PJtnxDDME2SUflwDWcoJpgJPG1bCQUBwqWlZnDVhlI6AE5JxXwpmx-n-nKq701qNn3LPY7rGovuVIbQ2cFfT4XSoBp4naWTdIaI0Me6ceOtLPEQ-pmmOVfR57GKR4LxWCZ2IDDlzOyaFBZijQqU3lRyzvCwYUwyfJtkGK-z4GyYtmEWADKmTlY7DU4-Fu-CmqoJUKVQTQ53FrCVtVq_h9wKuROSp4wV2rNK2v9noZ1OyYOvK39IJ7I2_FXccudN3WDXmppHzEXsvHIgxpNCVx_qxG28IjNzPqrhx4Z7Zm24wy3CQwvNAXDu-tTFSlChAnqocxxX2LzN_Fif_tHguOGC-GmbLnvsiyF0dWYRi2wc7IIkjF27ng7yqPnct19gtEd6TX0G6PmJMKfFUG18gRSndf1A7gGwAcYKcKPrrNY2vsIO24Myy45xUWvH-p-sQPaxgG2uO2f3CA9IHDnvtysEcpYM7L6LoptaEXcbAF0CNmzUQAfkYqPVjngcg6wIieHJLmCbYCIQe7iodZBFeD4C_kgdBhVhC4bWLQ0FFsgcY7aXxT-HiycG-hKqvn9g&cid=CAQSbQBygQiD02WQ24zOMxuhNpLg2RA8PQ9n80NxKEFXxp2K_64jAloRzVM37FVbtr9ZjQ4hoWwEMZiaG-4ptU3ncDnTWNSlqkHOmMXP9_ZPiS8J647IXa3V-Rh1qZyrDv4TqkEgGd8Db3fQHWjDwfoYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=7740164138472844000&adk=3860319555&idt=103&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48925fca00d6c2b9bbda2d9aafc04057ca8f885d35a6082b59b98b8e54019c99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38664
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1534583/72389219/ Frame 4180 47 KB
12 KB 112ms
33ms Script
application/javascript 52.49.75.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1534583/72389219/skeleton.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.75.151 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-75-151.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c0cf847dfc82a6d56fe265db907b769a15271829d37f96a2e4ddc8ba341e3b17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4180 172 KB
61 KB 37ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Origin: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 10:17:23 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/ Frame 4180 11 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CgTuR6PHQhmAnZRgHpmUtaUNevqUCY6EdCGX8sQC47lmqn_GRzS_EqMalNHnWo_EExI-RW03GoYmMoiwEqtyXPRxdxyg&cry=1&dbm_d=AKAmf-DxwOw_NmJXSK7fEhKZNm7qcM0PhhomW6X6iJV5QBNrnsrnWh00zR43qCpS5vc5_bLCgM15iS9Mzb25MVtilsPihyRNf_IJEJJdgL9OssqAFF7wPYXb9pW5xwXbea5qqC-AkqWVmg-KIT43DhBNnLEtjVrz-bh54ewUEyj6FSo83DTnXW7gYUMROHndGgqA2YXhhy2jG4M4-MsEsl_mPwsyM6iI2rEdlWn4FJb1dEU5f6nuMMz0bcIqEF7YikFsANZ1Pwj9qbMi3o7RQsJecFthXZO2LRtDJUWjv8qLeaRqZaj0LwZ_BBMjY2bSus52UnMmXCI0MpvCUvHzGwNZKUt1UmGP2FYAWKpwdaUAMugE59g_NJtGu5D9j30Nsgfbitq-P6-HdYfB0sT_1tKMqVWiu4G4L9R9bVZ6RBZvcuP3QWEV0bVCk60QywyFkQpsK4SXLlOwoze69QRxwGxZzQWL6z4yRC_5gJQem6sZlWyRMQ9Gg6eaaInOnJ0C3MdHWUcybh9r1JHafiMZXCD1o94r-Gc4VRmlT7Wu3STnPcPZfhnRlRH_zwVMtwb0dBrNjvcNg23dx_Tcz2GHCp6cq69uGEsPD0RPspKihKCuvNRXDjS1-bQ4pMVSfKLsvXsDPnqoUMHNUtTulwXPFeyoU_oyNBAxglzmsi5S6giCAnKv71gzqrx3k9-Iu6dUjbbz8PZAZRGwMjvgVMZUXskYFb6gT-LXElVThRGpbVtpuwfgHvesmeubSlcZAHg8ca-akpOOf0yVte5TCA3DD61rtoJ8MFxdLve5hPgiwl1nvHPMpK4S0p_56fDBvNCUViLI04GOTsMCsOGbn9bkLvEnhMLYvI8PkylXmaVq_eSMytr3ESxWFO2xTgNfygRf5Km2xF0AWnyGmo16-9etmFRwQ4aL1Tszqe804jWi0e-m4_7H8Z0kwfVLyWhvXVcRuAjBMXUUFCf9RXjgfDyDOrdDdhLWLrjyGCJ7QYIVxdFx4xM4NCwMhFddZaMcL9zkd1TCDesJUPpTRFoJDkq5gLXusqjdf5VcbG6zcZG45mUyHgCSPQtaBrGSvlQvVNj-uLxexo8Be75RYmNq5JQ9F-LgRFcMd2n8gNR7wJ94DVs6w_unjTUghh-uSOY7iFtPFNiFgMl_56nyyN0jNG9dwqWE4h-vxNwbK3ZAne68RiWkl4iQ_-l9OndMJIqqXpvagjq7b5bQhJy8kN6meQkvkIEK_juN_wBx-t6C1xHnRcF2kMxbmTCHUyFUEyvAtIOXqipjCUIG9e8zQu-_q1PHJmlFKhBkmYUT-Ee5zjkG6rzhI8pVplFcFK7krqGctdpEUsv09d02RgHx9_gNBPWKCt-f0Rh8UoOqa1SajkytgxBpG1AQ6BjZ4ErRAgxaGsJULsPC3ojpC8P4C5IRFYJS6IlvZqYaCU7Ac6XIzGddGBNT3kLHb_ApnW-rAHFNm7zD8CHIoWgFf0IzQVM13FBSh5HWe2dNMvmLc5ibfes2xFzRsbPwcED4QWZKzGH6PiUcpoxiQDkDQCP6MtSN2L1QXjVIINL1PYQjqvVsPRE8yETJ3NRG887-Pj3k5NuRMQZ47sb7PlNrEF_ygyMycGHNytb_TAQ8CKPJmA7yOOvS0UJ0jeV_AR0bD8WtKof6zxREvMXT2brlKxfdbkYyOOKmEAHNE5y5dYMdaTNlRjDZeOzaJSBNdr0L5zYCDtZ_W_DfdL8I14OFhvXXqK1KXyVrmfZMiRfejFwvK_43mv3lskDRPftDWY_8gFgqfd1SYZGckOEWgDEWbjWomIMaFzNhrALLc8urW2M6ip6h9rjtt6vRY3O5Fej-UvCxqva_E6Vbjpa6vu0mr4LT7I01AZJfq_1MLBgtuQ5PEVkaObpwKGODcNjXR-jelB4WWCncVLSLnX9WMkA9cV84ZIOChml-MxUbW-Z-q5J88uDETmVSwU2Oy5DVJOOQ9Aawq-kZbJpbYaKkOZIcoUilOjm5eCWWYT4OmMIv-WdLGvsgDyzczdEV7ewE5RuA9Dzm3MADj_zhKHMewamz5M3ndZLtRirf8816hxkSZ1bdSCyUv6XYX3as-3-lTxgzmimsHqZBw4dk0vKownbFjdukbrjo_sxPjMXVWmUGbcs6Hgneb4AkfGgPWTAMUt6X5LnwcDTIANU5PjjnGLgaZeuCx73cDtHWgX3I2lzx-jcDnJUJtZCrkmpx230qRxFZWyPoOF64W7Dy6HNimlFaieFfWhOTlhvvhgBYrqlf2RNZCcLY58Uiy_abihCeEsy4Sbxghwd9RZTT63TIKN0Tv0tlLNlP2xyXAn_bZSB_htURySdRFYKHOpSvQe432KWIqAHSInRpsdjh5ZzNCKu9Rhlyh3Me5do_GmDFEqMPUebi85bdD45KFpjm2KYaNjRf_FRHbGQaYJLfkpyybYwaW6ndP_DRJtuCyTupsBM5kpjUsOKsI-9tw00GAsYLCgjv2M_Av4usyR5Dwnk4IBEa5-sgc-W4TMGRAl6lX4W7-08Kv9CufSyl6JaeRPgZQm6LevJnaxmQmpmuY3zVJDxZMbX3VAoww0A8B9lIcGJnZvopDcy704wJlUijM1BriLRrNEfHi0PgxNTnrP2RDUyNy5uLwSOWHNVCSZqDIV44Dw_KhgtpXZr0rqZqEbeMOayurplaFc9-xHXkpwypy2IEVr9VPQ5LhW3PLDZJFde25jFbxg9u2l6rbMgdolhpmUxGDrlTnpOlCYhJvBFfktgyoenAJ3imybY8Vy1BtHvhUyPzj6eJRPVdI0gr7fGkuU7Kk26WymBzXO158KOJXe8zcXg8UxG4iDiICpPVfN1n5iS-2jdK8iKfBNsuCPTQxDdm-9f-nWWp4ylwpf1NkfGP_XT7FifKUuIdqowx4-X6l9ELW18W8MBJ5h4BW-sIDf4rh4HgMC1du55zGzVqiUjkpx_SDBNZtA337hSAhkXQA6wS96pFlvH2dJd0sVOb-ws8UCiTYfpupZEhr9J61jCC4cidlIXivRbyuqUaTX6RJ3CQF7qIAUzBEr-jxWbMmfenYus53FQh_9xUFP8bmktqvPyx49Wvtu5FPa9jCsvxrnWbPg_MLy_j9u_fb6AydArVExPzVPoQwwJlgXu-I3-9ARap4T9_Y_FySr6DtjMkDQ5pGZ48_lJHZW4yg5XFyPu3eArujkOcWHeBPGMI06DQjTvQtk9DI2FzexcbKv7fpLIAf8xJxkMTzjZvQT3ezIJJoVOEzBEJMalvCwN4m2r1lYRQpXJRoyF_bd-QBH25EgMvVP2NklxzpifyygLzZnw9Dt9-u118_twrZUthij-cp00kV3k7SI60g04c6hH57gFl0LljZ0VCaX3pt3V29_3Q-WKuxyD3_T9_383ERE_4UJO74y-IujHE_Sx5aSMjk6ZG6fYkXqySEbsPmQj46g-NiQYmFeIds0F14qgjbtDOryQ4ek3tuarJER2rKSeKYc1nZGSedvAbViawe-fiUojf78KjuSO0piXF4nYR1m7-9LHGtWJE8uKg_mwlnU0FwF6sGZga7iNhh4V6CrtDdL29B0HB_yiLhj0qu0bUJenEOwdC7nU3lhPndprpCF2fevRG7x8hgna_-jAtqbAnO7ACWhU&cid=CAQSbQBygQiDqf6Axe-iDaxDj_MBLUfdKdUA9l5yhtm2LYibYeNZiAq43qW0osCRTwVoN_RXoLd-m0Fjf4bANqBYauv53N7MjfG2aTJYjlyd_EBVYJXQvrYhcX3JeXmJV1mP9ybkQJ_Ton3Y3KeAD-gYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13999638763211373000&adk=1599433117&idt=155&cac=0&dtd=31

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/ Frame 4180 30 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4180 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 117827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 07:09:29 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1534583/72389219/ Frame C33A 47 KB
12 KB 101ms
32ms Script
application/javascript 52.49.75.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1534583/72389219/skeleton.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.75.151 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-75-151.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6249b6c5546ab09655fad34f41396d24047307961eed88d41f21144d10658ea3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C33A 172 KB
60 KB 32ms
12ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Origin: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 10:17:23 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/ Frame C33A 11 KB
4 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A8GhF3d_Qjj1KQN4L7ZBv7qDDHSKhxNw4xCVuGo4hrntnzgJRbc68o5dlmB-_bsQ1dixB2PCW5MawGTs4q30n6OW7z1Q&cry=1&dbm_d=AKAmf-DoI_d8SoqMnt5wQVCbLSkQciT_5GdCDFamGjsVhjq4bkcgvH8qnWEf0FrGjX56cx_LURjbJYn3TR5q4HV31RwsKIosvzqfVY60mXbomPc0M1MlXgg-z0NCHTStvMFORBCQ-6hIEqoeSOL0hmQ434vHYipAWuB7KRZ_7Ei3DgZrWbwNZtWwazY_usdf_jiNIRc9bLnpkznrjRY_iJWEgEN1z8GqS5kpcW03PImO5MvGXKvWypp42ZPdmy3QncVTfFz44v8XZyZWwhPt0INRtPYkdAR1WLeFzbFW1VSLTJQ0cB5lIB6GCF4qMm5g7IITkp3d5oQ03zgNMWW1HIW31ufFkmgmxxUgFsVJX8-AspdRJDv9kF3CH2eJxtl4VuT7dvzqgAORRof08lHi36ethtGFD5SwnyidKtYVm2RA-fVupZMfhfXLpizD0XtuqsbwuGSB5hNWRbNIxk3ObiHlhEdl40hVWSUjkeyNrFoh_AHkP7lM3KC32OdBcNQoprMQQHfC7r7e1-KrL6axI4jw58DFfWFh6rsbsrEsqsi-9hBl2ueCa61lj_zOb86bmDvviwXnXgSLOjgq6QFnQGruM4UwjL1SzFayoYkINbUE4AkSPxGjMqZRHkfyVX1zMrD_ovdK4PCZQ9mf8p2CAk9MI5spO2dTRfDEtGYM6b-B6PlRfV9DWZ64cVDmn9G2T47UQTWVWWM3xoEQ0t7NU1y7wQbpPESSmrEi4L_Xt2-Ln3uIYBpL2XH7BO6lH2gWK1DSVIsKbwMRnNc4ObbCYodnzPyFtzdnCiJmb005cOJJwrfR_loTHBbkmgD0b0IbqZ59sAZS0vgBqyrot6SWirEOOU95yf1w3BdI_TWvS73GavAiUXOJSO8xZotzTzL4jwf7aAqBBtd7WfOf3wgQveADhrXajhz-shgMLgqYBYE2p5yqBcYmwIned8xgIoSjQHbvQkNoUlt0EIl-w6j-PO4vjZawf0bl2fIVHc2dc0dy7O2zymZnCve726GeyjCCLEXW341yR9y8sCf0HHiEjHB7COyQskdykWS8NPmWnng9RQWwxmIrxLzexDf1ByA0pynwvmdPJYYv1APeREPtaH6jHDQg7assI7EOeT21gimF-69gEcRaNFOLKphnu5dsRfPbLpupbEtqZvRRBC932tPIcbuqOX2i_5GfSxIWwHZFHJeyMQHpXbcNIiqow_WnTVTZ7gTRd6pKrnlpoN9aRz7De2uW87YbQ4_4FXpJTkTk1w_TZbriGTxW-bEKmORiBYKEEu9Ijpn_Aeou8W_SWjPw61qZUD9OChGB1e_JCrL3OYJvWLn9E9rcInrbKX-OsXyJFurX2OO7PCzwtPQDH7eW0ObIJfUlRLXwiKhGcifUhYaY2UCFeBdxZ04uGXB2Q5SaLPiLzM0m0ZWYNimyBk0NAA37woG67xkuMCRWxeXnzRwoKP76whrEYZ_DbDAcq1ul3XaNshWMSIblMFWKObY6r14WO6wv1RwX99xsrXqaWSJrtpupmKszGrqZ0wGyabqtS8G-B2dWxo9EUvo9FZs-lWObvOM77lwmOPRzXMyWXncFQYiNKel2kTbz8bZ7ldC4v5kxRgGmnKZp8UmQ5bPrhCfdcYhSYfSVVMI010onYvq0SWFni_JVecj4VVFppVfgVw3OUUzTLajkwZCgTT1POMHcQQxdb_JjU_pHaFJ6ky398WFdSsd8fDS-LPSpymmdb2ZdqnxoX7I452Jnk4WotMdNiIpArSpMj9RKhI_XEXc0E4d85ZwzCgjkdQ2MNL65hBnvjT70RVinO4P50rkhpNr0o4xpqgWCBMJ5JnqmhCQIhW1IHbqyGeXueVGbhbtnFlxecVXe0Mb2YuU4TGpTqkxmHCxuc5NaE3-0K9VzvsZmt8SI6Z-NOq13j4gSJ9pYplMQHbg1LwcgxfuWOnzRX29TrJlbFpYd5ehAYFzoztXZ5rkFF-TjDsbWlfDUQphDLvY-6x-p0MmC4ZhczNYs8nWYOEyODKFS724LIsi1KBKrdULd5tgk9fV7jMnjRVaGM6d_pDnrBmLY53QeTsjsmPO9gUOo3KW5yHoY-IkjMJPqE5IbrqnKMeOnE9WluK_tG4qwAl6GqV_QuqiaaKeQfkC7saeq2jI758pHZy8ykXMoHDCK7e7zkxLWA_pRmTCyzFjvh8PrePzD1lFHkbPo9Q39fOJKpteGnaetDUC6JzaXYR6tXJepgR0gCzklYMrBqN7_jq2pk9t1qSL0YQ_6HTHsipVKnBtcKDIVruLh7t5tKTyDeKYVWsEf_Nb46g-nc8L5lyQeEj120w_tYw9RvRk5TAsE1VSKt9uYe1mrSbiPL8ZNU9duwysBdpBo575ZGo4RrezGS_p3VJZoGD0tWxg2tX0L34xrtTrJLKHU_CjuGz__2Lsc9YD5Axzd2waZ-c32ElXhtffzK5gaSnpqDwvbuE5dR2AQEYZQzCJ2sZ25k7L-ZJxpmRsmJOWY102yuoQA9E6S7-r0pYuuQ8ledi_Q4UGQ6lpwmcvlHUFAvGjsov-i3IJVjOzdyZx3V-V3hG_iMXphxvKTXRIldTQIAezV2lX4WJiPQ0PQWyTmh5qJRrLlJLuYKLS-zaUUqAI4n9PAr5XvjVbNXAhMCBlIdBYgP6-Pfqftyhna3QZ2kUMlU3eN4zpDewNA164tXrHOKkdciuXqEbnhC1dDOKehYJ18iv5BC8MN73DMKJjr2ZofG5POZ29ZSwNyXN-Wkh2A32Sv2kv9CdLelqnQK7okIV5-dfBl7WaF18jGhWFOvlrM2B2YNoVdTtS7CARKA60Lx8BoDXk0VZvWQej-sqszZw36fjlxRhEmAic3btqUOn88nxbjzTJfx6LpwNv4z1OsjfvuaBjPDjNHbuBX--ry4G0deiranhLMdY6XNjJTzdElxnwp710Zip8PwGsTvEUnoKfWqaqA2657WxHPIXSO1Lak0W7RHZImdsbpHkpWjWy7JnajXCYzivQYVj9Z5Yo0B6ho3TNJx1l86mzid5k8fP_mIMpOkb1nxnw5Krm35xI3HoC1LVyBCH8E5JjqTyygM5_qLa6dGltC5y7J8FaKL8fcNEheXqWwZ90OlfJHUXGUFmwRLLezEsOhLPAF96KTy4RovqOjFZH3oHMbpvMlflDzglQQFx-kqEzq1KQ51QGP6dJFXuV6xSaMObpw67hYmM18Lv2SEspqIY-kH7WjZt48sUzxplw6V8DQJNx8KDS6fhEakUa9Cr4p8PFW0UNUTc69_S_OsXOGjMPaZ1g9ZckadU3DDEXuIhGXgasb1gbjjEbBXptrFgg6oMoJ8cAlCmWYtl0jP2giZORHT671NVjCsnUPhmaWYq71JTokIUJn42vxR5xTUyC7IPU-I6Dz7JdqNwfFmFwDLdVpbQMFugtz8iipUOUQe1UBkBjrBhbwUpnDw1fRK6zcF0Sp6hhOk3r9c4YTZYjQg0QF30CiGQFU2_cPN0CPA3ZIveB1yZKWoAj2qRdG-PqLwsQOjuy2Tyzoo2r9ZcT-JpDmVpnLAQHxCDEPYwfXn_Dssa8xov4E5Ns5mF8aVaZ2cSb_UDYZYZ0JXc5Y3G3-TZBx_Qz0TuvF2KzSB9voLTefZh83vIqUB_c-bpk&cid=CAQSbQBygQiDcrmEQgq7Y0iXVS_uI1ejx17Aa4y3Ny3vI7cnwXYh4GVI6Rp3yYcWxthez4GtEnd14V7BM44HU4S-i0a58EmwTrr3pmIxzbEBv3hDxZHTdRbcJpUbbxPJw_RZamzjyOyCslpcgfn30Y8YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1639417165347488800&adk=578009112&idt=92&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/ Frame C33A 30 KB
11 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C33A 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 117827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 07:09:29 GMT

GET
DATA 200
OK truncated
/ Frame 4180 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6625f8aeecc3112a534b4448a293d91a4d557aa0f0efc1a7efd04ead590778dd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3A17 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss2galJYp4Ph74IzN_o1AEYTU-7WXnNsutD6PBSFTcbwAw7WoPXxMqObR6Ps7AXnQnro3YO3UTU1fW7XePbALhNIOGMy6k2ywybm2e_t6r8feEwnX2SPA0urSGhneVqwUmqgbG92LzSS07Wo7AtYJH9NA-T-BJlmRj6g5b2sG76R9f1l4K2WIO_BaGQphyb2ZnQLJOwsKrCJUMb51HUwsQ-5IKe_xQkUcN-Zg-pb5baeGpd_PId7cIaaVfnajR3ZxoNAaJ31TcLJNU1jJxM_OhMUWUZuWI-kiiHkQX41SmCUIdww3z103dbgilUFyeYrsRuxRj_07RovMNgs-LHW_DEwL0-YSzoWAtPrvll&sai=AMfl-YRZLC9LH2wx4BPFkEJRBIlnWoCnllrjP6Ynz3SrqyI0Tme4O0t7iMhcOV6inBI3URVnefqXkpKI4T6bX_Ouh0FZrZgPJLq-T_c33ykcHTk&sig=Cg0ArKJSzPMPPH-aphtwEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C33A 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72356b8137f173857b5b6e53aea8bdc4347b5b10d3a1a12298454379bf6e95d7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3A17 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7bc5190432005d6132efe88fcb9b367ba7becf5fae2b547f6ce18e1be9ffb22a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/ Frame F4E7 30 KB
11 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BivpsO32oYlzhxwNuOJR5RCDtQJkjumwwc8UsOv0XnM9eSPWA60XXW2XTvRYIPxSTFDybomh_o9YIVdRH3pzZak3hXvLSugWDcA-K5tog0kChbDsVxP_iUdBz3tKoOudicw_deGBmJg1umvZcrugI-rRl50k_DctAnw55z63MQqkf2ZZY&dbm_d=AKAmf-BXxKB1oIY8E8FVmqDF8XuApftWvtXi4bRT837SGnG40AWD3JQnFTDqms8CdVu2YmsZdpAivVju1kOPo2R7bjGmZPNXCaENdKJZQ5DdQ4bwtbQdGxiTfKdNVKa6FmaRZyXOYK3_ycAtuRVuTovO0e78IoUj80lc9cScCCGGR6Scx2KYXguxR1SV9QBeUkbYIuLS7SZqF7NwUfQGiw_eF2yCY2T53AdaNnnU6sONWQkGGARTUZUNaPNX8KxVs_bpNDalkEkNUfJ5uElWLP_YhMnswTpNZPjcLrRuBoJif3b67_tLhwaCTtL_LazAQirgweXYtXroKelV3sJMKtvGeYd6fh-jmAL3sGoTSrn3xQAXWteb2nwQ46mk5zq7p7iGL-CaLcdzcAmrd4vjrxBFR6f7pllBNuNyBSAwXeZPozY3Ej-AahdN7JVu-fy15i_s_eeXDliKTnzZvt-vHkTHYfjsPETcR2K4eRA2srK0fRxbgq9AWxgjhgO0zucnpWS6YK023_P78paqESOL7tp4Nq42sXLIksgstv0gvk2OQ1ddrLv_114KqT9K4jSvYvfCxxUOYVWpLmvl6ZMBwjfCcNIKo9QbFNtewdfJJSE8_nY4xR4J7zgz3JWz7ioKZdXaXPySzVRDZoH5ygmHEC5iOnYCmIWS9vfT3reaxkEQlJMdm8f2lf3GffFGiSo2Ff5iwc3C9kBeBirx5EoxxcdFB8ikg3a-QQ-VuinC0DTGCwL2t_nP4veiJBoCEzL4-wqYx3yW2ILYY6Qo3VB8gmcpajC1mwdjBm3SWKLPYpElIAWCtBsLEJkKQnI4MCjquyrN2H0F_d0gcG_deM84vwsqh-My389ccma1hC7YJpdsdtbuggejQUn3hUiqdmiVlHvAfbRcxB0Cjctt8orp421OCmqSvWXFsyebFKhZY8JFZXSAd9SdPYYTqlJY0uzjx4i_zZBGG3L2JTroa86wf3cnaMElsPuzodVY36FX4sktqAcHua5UaHwmSSLsviALllp3B1o91s-msFwarxAGdjFmxPM3uFKTHrr45rbj1XEUhsH3zLUshnlYkK_-2UutdeWByAXBAgtHIb0H-_gbiqmCtyeGoeTtuN1gxeUGo4keD4g11Lr_vOXmVcWdbag9Jj1elXKlZ7ztej2gHnR_ySolKD-Nb1XmWbYpWoxXbpf5NMTSC1bA-hXssWYLSl_wU1LSKZRZgpBBweU94SozgI66oPfNtOzPDg3bV9dbV67XdRr7FYZBXBe3carXDd36itPyi6Qj3CaUxaNCTq_U6cnPE2W6qzBguICWXt_3cUhs4CeXL8l3gSd68teKD-2FtynWStmYIONa4Ec8n9RHdxvnUZ-xAkiTW1Cow6HXoDRaJSMC5pVhvf34CsD7bfQO4YQBnJ-rDdjkVjFO2QOAMykWmIKOyHzZ_C2rVvnipNqA_a5q6TfLr43Rf9Qy-ec5Y7jb6bp7BZ0_8g85w1Plq8lY3hWhRs3PJpUtS1q9dmOxttNAPA_gRLys_WI11VqeF3cJmvmo2Iw3at-YMceMnPXDHtGz1eoXWr7L-4bonmUDCu36Ltl3jjOJvXdDwlV1cKTfdhWVOeNjNgYmJoj9UmtUnyEC5NhuIwQGG4YbRUkpnT8yRLMiczB3xs3DmdgxXVdP9_amRPVin96c0bU3C2d8mOudaX7dj6NUZLS-pGnik79KbIr29_LMV6k3xykw9pconHQSQfQXDuKh9cAhyun7tlLQYtbqF9Et1bYK5f5T_mpt1XaloHKrPxYXhLk9gHETT9dXG-nThjiKGP2-kgrvRJs-vyEH9hd_LsZutvUveIebxmf6uNeLYUctAW8w0gFnVAiQ8v35kk3oVETt-wpwvSqIkF0QSwEwZl_rkCn1AC-hHVNU8xDQqnuwhdwvLU99CR9R2XP6uVHjkXyUvW5Lx4KCH_s57rFQ3hnuUk7mOIPC8pCs6qSc7vg2R8VFe6urdSBScITQcjy489H-yFnHorQ80r0L3agG1CnQ26ZxER07eATmLgGbYVTcHOR8CH_XgF-9WXk3IwjmYIAabpryESYr8sQ-vlLs79ZK9G9vWx8pQrz5t9a0eagvllaTClhXkfpJjwOrsmcjpVkY302IztNzxRpg6S_XMIJDaT3mFgcejQiPbftXenr3PmYi09mI2hPEgc5jcTXan3i_mvIiGcCi3RCSILQSCRroARbNGeFY4ksMXR0sHfB55AD9LUed-oo-d4pFsOpv7DVthwJfkpdvwP9DYbWlVDvTbtw96zMFqjiCh85YaY0m6QiRbIN4ixnyUP66HwNslQJJmNztQ_ZiWBzJNNy9vT4xSCJ7sdwpyToplRhtsWhg51iemtEYqb9YKp6TMaJx5cYiRImzLg51XV2isxHI0EoxRGBs-LQ2UziY-iXjSXSTD-QhtWGNwz3XKOBuvz-QmVfydcybJlyDK41MmluJEP9Zz2AbTEKl20zA3Gw0n9ePTBdD_0rSwfkBYZY6vxp-x1I3eY1Y6ow99juPKLn6BfH8D-hfoBey5RDnFHEcttXctQhAKgzfAgmDLQXd94Dy3NsTYij8s5x-2zgThANPOf_k6JHeuzpfUK-e8DWyuMy3E3hregxdlucUntF-E7MzPI8XlTkRjmIRNV5npfLAJeWeb5bjR3OjnifOfnk3iNvFDrOa4ZbkfN5FzRaF92UiRipMYI9wJ1zUEB3FwFAG7TZZ6kA2aT7e8auYt3FHNyjpUCGHs6c3EL8Aii6NhllR3n4_X8IzB7zsXIq7DEqQcR5h8d7gnRtb-0YXNUZgpMMZpIcvOq037QBakOGMxPL5tEwhORxPLR2g4vTY10QeWE9IGmblf8cefrfH8dlDfPf_iXG0IoIk6ib9ioUNha7AelHdFtvMUDCBjhUlxfjeq01R3yQBQBGdksLybLPuX2Ui_NGxVDvv0nJpKlZXCm8kib9hg7A-UZcdOD7qsl62NX_Ui7dcwnb8ikEDqpvMfSNDaWOgr6GYn3FMjmlyGbcYhrRdXf3hNCgZv-bLIZGcA_wjyCwYY7y4aSLKJbYj3Lej2Sk6BytnB0FH22wZK5KO9KwJjiU5OelG7JQ_uYDttBQAPEZxCfMs5BiRv9IjeqoEdqJdrnLXKIikyyj5kF9hewm9prBVP60_pFAnXo9Mp3StZ98yTcnywlcdQgClYjNDbz_pTBARhZ73Dhmsr7uuqO_t0UBXOF62E7id7VbrairOR_0Ni4HGKbqyiWh3wfdZ_mVRHxP0bHH7o0-ZcIBaFRcqCoHNp0IXNPzWUSgnSlTAOG4bw46SVsiww4mp2RX_ut-ciseM1F6-l1iNmw3TcjyfReSCiG8_EFiuKi9tpdOEKfaTqqlPqrwDRX_85Q4FajLsjljW3MIIXJx6JmiZmtXTCjR11uF1PbIMtNBVMo1_Q2tjd2zReMYUM1wmz8KLaSUxjJ8VsFDM4n16JrOLY7FIf8_b_MyL8BegQ07MH00IlKddMESspTan9xyUPlwLlyImWvfrCl9_-O9nBxItP-laGipamktDEBbLow&cid=CAQSbQBygQiDqTAJZeB_Wzg7ZXl9fxh27GPhGSS1rd7HpAwYl6x_dDGo-acb137lfq_RMasUhj7Nv-r8ruu7RskwfduYYqi_5HEDQcgV1y0Ao0dgA8R1jhlSZMJC8OUvygt5eIQhKdX9i0LhNCpNrS0YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=15721191698472490000&adk=212707235&idt=97&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/ Frame F4E7 11 KB
4 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F4E7 0
0 91ms
53ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstq_LwR0pn2s-m4-9VORfNQpVfaAxGvNL1y6Xgx_rkLEakZTGAFk9z9kte1bll4qIUTLNX145zEV6X9v41bY3bFj4VtgBga7nGsPMSdDY3zc493MYEGoofF3l_E6MBG9EhOpUDVc4a9mvedzJniDfK7ICiTY3oqMofqa-I8i6lAZRdC9Pkre1jNu34SQq-331cqhxS3Zl4lEE_47U9R2Mw3WhTboHUqIQvInyRqWN5au8TLmCVk7oxskrq3XFfAHQ7TXNTpA258reNjeQqbsU4YEAlT5sZEzIgkc924B77kd-aW9WLdEHOZjsYPf-C7GmarbJ6W2WfYGSCgtNe3FKL_J4bdB3WKXkx-DCoJCmhmZ6sWphFZaJKUc7TDOazl_VgjvqVT0MuihcP7SKBBz0zULw9kPlKpYU82TLa24970hiDujytu4owV7V12nHQ5t0ynCzsVm78klndR_3-sL7bXnp_lYhQ2kyzi7Xyj8_JopzFBjZp4QCDUJUcvhVirTGy7GcqGTVXI6Sy_aAtrG3ADxRWgXuxfK02t4r5dGbi0sjLVCEfBgTn5HXbsI2tOsyZ41S2w3we_Bzf9r6fDjVYnTYUmH5RrD6_n7-PYvApl2iigppr6UFRNnUw9qcdqT5AnrqDRT0gzEjSdWCEfqbfBbofxZrb6XqjexUYb39qHNrAw8wZoujHQYNE_cpUuECuh2V4oGtTpI7mKqFh2anuBAK8Jg6C3Kky2IxMo1dsSAafoXfz4gYhhHnA3UGfPVLoQYF8RC_uEVMx6FfGwISOlqeT2jmYY8H3GI__UDTaSvrXcj0oxX4tB6Z1nKrJXemmEm0dkBscJ3li54wkxqjYzeKbcMJExa5MSJSMXOqttWXXsE257sAmHgFHWNHM9XQLKOEG0Z9jy9QX5KrHPDOVMInWtDvq-qlsPWjXUzDuo52JALz6tkj6Goo5zP3W2LMgvj-d_LaNmSmItmX-LnMXWVOQOAbiRn_KEZaGdPIEBLhhnoGMCtXWSWO7fltIy47pbNniCPY56wP8MRdIzzm7VexVTMxr0SuWbpLEX4qzSgRJSL51GrP9ltWjFt2V8wB058QOkT2gh-mqVMN9gbd4Nqb1ed5d2f153AAfQ95Ry3QWWeqBRzsArIzcD6UCHrnIhMdZ2EPD2y8_j2OKKXv-MMV4TUsPC4hLZvZnIl6swvYp1rO9nmaoO2b930VJR-J-3Z8SEl-91kLu3igXIdZkAVP9PSQW1pbE_nMs7Q2qJKjq0AGs&sai=AMfl-YTF5a-Ebhpo_0Q6J1z2P7wVgaqrjgCO0C43dki4TOJOt9IM3OfVrbIrRUFQ41m_vW0ZUKPzkvwLjwpRJA0uAP0bFSNMOthqjLJe4JxkBcw16J0HIixt8dghvgaA25PiQkthrcgIaZBDc3bNMB3DBBrpmXL5eWlA_rURUleEjE63Cyw-AC0IV5t-PKYF861G-SF1drMz-dMPU4cWZxpB5qczrnXMR6fgfZIFx4Cug5DCSAJ28qci1STiAnYECq3K6qi5DjQsXbfJguTVpQL4_z_flC5H15BrPVwFhLNTudTr_2RQgzmP3GZ-PjpIpBZVE2BCmZFaJVZPV_vUgWhU4hrFGSqU0E38S_c&sig=Cg0ArKJSzIQUQnf_AsPaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230628.45125&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F4E7 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 117827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 07:09:29 GMT

GET
H3 200 18268443572361180106
s0.2mdn.net/simgad/ Frame F4E7 37 KB
37 KB 22ms
6ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/18268443572361180106

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f440c16c8345f330d5aa6ecf31a9f62e82239f767403a8ec0ed00f444271095a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:46:57 GMT
x-content-type-options: nosniff
age: 93979
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37866
x-xss-protection: 0
last-modified: Wed, 31 May 2023 15:20:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 Jul 2024 13:46:57 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1F0A 0
0 50ms
50ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CeGSgbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoErwFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneHzCKEKffzcErttJB8InSBODeCK5WaMhfCm697Cu-pwosMH8nJU-gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6gAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY1OTM1MjMyMTAwMTAxNTQYAA&sigh=amXfQtTduHE&uach_m=[UACH]&cid=CAQSKQBygQiDQ0E_HgKOp2u_bl_ZuRi96v2x4zDrNavzw-XSOxD1hnmmuCdOGAE

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795852&bpp=2&bdt=162&idt=204&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7615271090621&frm=8&ife=1&pv=1&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.x6ye899klhof&fsb=1&dtd=210
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 1F0A 0
0 43ms
18ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1j4pj0fayhpgmvqj9a88cb82qzdycn9s5st4rjspdbv0dprbxmz1cj5ng1m3d338cma4d4mee3p6x3y1t55advrhhas6vejqh8nmjtqjrjabvb8ayxjnjk8mj0n32vp5wh3qv5xk3qt52d3gtzevpckayb4mbrb38ceg04c0rx5b50160eam8fk5rb45bjyrc781mxf6mnjhmwhgdhe39093mbt83n0zrv4w3zwbypwvjfmjknz1q9bhcm9yw866e8gxba9jry75jcxn7yp06t2c8kpjvp9k2kmsgrqg717a73atn3b7bhke98fexksh3e5ny4hwhfxfczpan0haxq01h89q4mzxmsfvvkw7381y1f3nrfy265ws8gwtwb9whk8rzbzpzw&b=ZKbjbAABe08FkU50AAJ4dZnekFIJxhsOCWNxtQ
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 06 Jul 2023 15:53:16 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame FB96 2 KB
2 KB 62ms
29ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1grzkdwnbc4qnbr44mbea6jq8kvxv146qet84v69bnt8xvysw224176bzx9b17m9zjb2vd0ep5t2h8h4cvt5akg426r98zydhv6nkd1mzgw9jzxfnkbyya36p1cjjm7q748ypwq5x0qzzrc25vx5ds1z34hx93csac9qbp1nttrk81ezdr55jr7ymh0wg0zsktn3dx3bwzbr3p1g5znpceghvvqbp23966298pvy16fxww3sa6jr5ngcr7yp29ns507209gd9hnjzyx0wzwz13x69xnbzn0n22ac3sfcyxe6aagen8wngzvhfr888t4cpxmwft5nmpa26j76symnyvndca5qhmxaq1nvv4ja08ydh010bks48hvvbcj7h1rcq1pj2mp85s79r56rcbtgzysxcqzsajpp6t8h40f8xgkdvnrp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795852&bpp=2&bdt=162&idt=204&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7615271090621&frm=8&ife=1&pv=1&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.x6ye899klhof&fsb=1&dtd=210

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d33980a12f4cf346ee483ef70240784e4a75d535ca9a1ebb122d4f585d84305

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e2905057f813662-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame 1F0A 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:24:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8917
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 13:24:39 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D9FC 1 KB
643 B 8ms
7ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 82840
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Thu, 06 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame 1F0A 20 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:14:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:14:08 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 1F0A 0
0 16ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTxMd_rNvKYuBn2cTbVfGVoB_P8bQJ6NKpmniqhUIue0t5yN1R2y-jspJRXqVbgnBoW3BSmT_gSvl64wVhdwR_gLPZNjQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795852&bpp=2&bdt=162&idt=204&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7615271090621&frm=8&ife=1&pv=1&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.x6ye899klhof&fsb=1&dtd=210
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1F0A 179 KB
56 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 1019 172 KB
60 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Origin: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 10:17:23 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/ Frame 1019 11 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BXDYFO0e1fp4Zygv5UhzYKlFH11QzVG8CJxPYqEbgFrooK7uxCaxQ3jfZeXYiu-jtZd6D3HHillSo1tVFypS2OjsDB00yy1pq42GX4MCZXXhs3xigs9zIG1WWbH0-zfiuqMbgp9dV8v_NtLZ_VvefXcAEslgHMRow6us1sHNh8Vt6S2O4&dbm_d=AKAmf-CGL927TM3MVvKj3FRCX6DDY29C3l5yiOjdvdkHJ7gKxdDL2MnIGfGIRtqFjIbeDcPNnSdYZkDR42b8sX4m2dmDiNazNfOm1uJTn-M_WB3oOyOIqpz9wEPqGvjfngg5yEae28wxElkftdWOuKg0wMaMd208l8pwwPH4MYMO3rqpIl8Yz57-3aVW6fJLC0k_0ALViVWCaSdHs9LsI8bGPm4olo0gPjabFVYQu8HRoubyOtke5iKuR87kWNomXjzkG5Vzrjld3paHPXyfay-q87JZzUr2XeB4vflyiMyHu5rA-eX4ppX8i88l8Xf43QDyDgdQtDii2Kwg0BE97oNeB9fnkQUd1yMCdjvhe-N7XiT9WGjbU57SpdenIW6r_mtKB8qrLLV_1XWRrtMSlp47NmSlCA7_GneT0oceDKRbuk6JFkiPrRoNQ6Z81OiryezyYlWeHTvklSrv-5E6EMEQSmcGt6bl0C1TOMn26cPDHgPpzxE3FqshA_q7liEZwE-OiPTHvaNgCRd0VFxEbComUD6Q-9WHCmCC88aEzrIgUMwPzoZw4SbSuiqEkgCkixbWRDcqOK8ou6wPyLl2dAdJQPtxlxAXk483uQpKUOJZuiVJPxpH64xjf5mrtHSZ9hXVVP963HW9U7IscwSQgVMGTphOC7z1moJshNYw-DCM9bZbq02QdCHOL-j9ZZkb81mt113cEPyR3ixbDb2JZXki-E5o9ZyUqA06UDYkth6lLWWAJlCCwa9T2URN3I609xrixxecrLv--Y03NfwMWofpZQtoEIA4sQZJb7rmggfUcMxCsc4AhoWrXdra4mH02-Q7c-e84_MMwrXJxNl6KvmDrzeb3LqQopV809XrXMfh1VxZNRbh1r55Def1ZAseY22T9EWMaF5pXgx3HrU7ZaEgG8zAy6lM24R3aTzhw7mwYo_xUs4vr3phKQ6vTcC08KorZqpB8Yt98F6W_X0SNNwhMDRqfWzhFnq-1L327qYgIRCKipJHBWKlFNVx7Btu2slm7miPFI3Fs_xTYGPNhd8PwGgPalGUs-V9I0h1TgyTDfmrTXzbeEE5JG8Mmi_pFMOQDLARB_qHsgDRGw5gxiY3iXadhwtuHF4n8Z9q8agKIOXPU4IlK9QuifQTEFNqaQ2efj072_FwvBSTeD8pQhzsc1TzWnC-ZneGsVkvgnW4jmwBbRoAoVH4fQZdtRqkg864QanZCVru_opWGDhg12fcGPSoZRoEer4grZyzY9Oqpj0br78giJ2sCp8nO0tw_YAxNsYF0y0elo65_lViXkUO7L9tCjnfapNwx-bdOHVQqB82hsQdAczNVjaMv6I83WP9Q2_Dpt_ZJ9zMJwCpupTJiGSleI_FVETwmDjQJ3iK7txSevUNKWmoD9z-11e5cdT4kAOXngw3S28jaASqpFT4IaHqkEbXBSgaNnmzl8YXmloukeJJ2a5TXnXFkRw71VtGbkUvbVd7v-CJXqAAEXI_OXxNxmfjQkbOBRcuSFKlG5Fd-iaJUCPIsZ2KepIeF6krgpP6BvgFj62Ae7izoqmuED03NIUP2-6KgWxAtWqabXBVcFgL9RfrMh_2CL3cq7agK_cH1EtF5EoqgiDmzG06eHRS6Tt-0R5E9i3E9XjFKLPcyG_Guy8hvTjpWt_nBFjiH12KsxAlT_xcisGnKXAZWSlMDLMX3fldufKlXAAeDb8K3LFtLdk6_RQb96lt0lle-cK6Czlqros5SRi-3TYFTHaqt4Rv-dUsW7vbG787U5U8MnZ_a2jL2dDpVa6U9ThRpDljRNrt429W0FxzBR9IZWrERsWJrRSjdHUj-chaGLW21Z2xqGtih2xH52oczz6bjlLtNBjzIgQV8cOIJ906w6HUXYyIjMgfDdhbKpGzGDUBkjn0F_SSGqSKpp0F4mh7vrSHroqFib26LolZWud5m8AVsb-Le0oyHYsJC1A5NrwZkSonrMscTqvEVTXJKUaSzNJRh_jPXsq3ySdHNetCGlHI5vFcSfLT2SkeV_00Z4FqAtPLOBOXNTPfxYIMkDsTCC8FpbP8CpM8G9ODy0N_42STf9nCuXA1z2tZ__i3Pu2imFF7DCCu0MN3E-a3VPifyCg7ulrKuXq2sUWl3GUOGQvR24VUk6PecgguHxWK8JjLV9LX6Zv2ql6GI3IZNAluhMNMJ2Hvgpv7nBwLKp1iR_LpciZoyuX-2zp6Juo-REWKzD20NdSkiCEBWLi_O4VOskiE8-6HyNvw5Ec3Mvp268wa87OdNTrL7k0Wh-bJCC2J6O03WvpiFc-nPMxJ_i8d0d_O7cJxiqybCVG38Nu17qabOzQ3muTlAbOFBZZEtIC_5oqsEgHhsveJ1IwsbVtL-5Us3q279MnzdPjKqqf501yd3Bs3Uzdg5IiUN8XneZqLfixyHT18T0DPG14Fzd7tyjPhF32FoHDAvfbML1dAP-yE89C_Be6NFV_DKk5OdLkuWpi5AfTOHTKXdhPZAUxNqQUt38QHF_sfptpUHbz4yWYn9ag6t2LlHaWdv5624gc-XC55wVIkj_RkZLmXZ2ds4oV9YwuIunxlUxSPLlrVXETQYgrD7o3mr_e8rWxzV2SNOBPYGbFnHprpOc3UyG-9B1driq6ggvIBJabhb2kY8qoNl6-StU6DzNffEuuCbYWXT5t6XuJd_5Gw2-9lgW6Nr8Ecj1b1l1YvPEoH5mEz66HwwWqvbRhzcYWa_hN05esU9JKwBztgksiIizsT6mLhhwwZrL6cFmg-hIZYy_1sMPJJ4qCdaX3fQB51kmZkZ6tXs4CQTfOjZG4Gt01_GfqAQS3lmH4D1fqknZn4OjQXryHR0WD1S2SfxR-FFgQ7Qyxk_e5I_xaa2qWDNY1i-nAhYBgCeFGQDpdh7nmnM6Xa9xOW0SnV1kXA3Lv81yqrDv_6YJE0FuM6FlFa0fA4hShQHJW7K9YWc4NK_VhVOr7UtjF-ZMGS6nYOvrK31Ga2Hd6u_I5KI8mn64cRZN2MvF9tvsIBt9Cz9wZrwLtM72TE2AMOhwOCqeR672Cp9GNGV_TueqxBcuM1CgDFs00u6bSrlP_eVQSXlb0tpXH4dSw8OOVgaHEWqdehTpfhR2cjVoWjQN1K0nagIj129cR5Q43BnDv6hNl4Y4HKMWrVLQl9XxDvLFq8NqsIoemZWYxtPu6kAPqweOgBBNabFiIJ5-QsI_YEx3M-GP9kkpFEQoMPMAYMAK7-YZzRafzsYr9LvRitTqGai8bnwGtTcQwMFoaHqEc_GEewHvPHHtT1lq-IbgaFDig2ovBVWy0U4vAxBxQ0J7ZJg0JRcB8Pe3As1tWji1MSGV8scEUYWelBKV9fxWm1xHACBYBYDKfBeOYPmvtvb7MXQSO0lZvK0A-Cab8Bc59mQaMKDV4W-h0AZatuWFayzjDW-LZ5TOhDrnT1LkkkqNx8l2DogwHGAE1Qzf9l-D8YhvCSzaBCPUwDzK1wi6dcv_GoxPKZapp_MxJ0MpifNSVIEV1SgAwZ3TiF1ktPya-cptn_Yopr66yo4iiJWbDGtC2AYlO_U-GN1e11vNRfCb8nk6k5MZUI72pUwVOZkoorT6wf02gxsM_uC3jPkZs2oqF2lM8Ts93lT5PpnXbDfm24qNh9IlkXom3Nfj8ON9YNaXl_w5h0HdrPu9RvMhwTp893liuZQ55A-jYTeuK54jQDpmt2gtHecCRLC5ptIu5CzqujPpbs7PxSrYWi4ZBc7Iu_Gw&cid=CAQSbQBygQiDkdBE-Cltud8vTmlnYEy2cEFgM7x1QtwdZTBAo88vyF9Se-QwEULYoXPkInkJYS6Flum1H1SzPTm_PlGVavcxdtXk9v_JtLniRdqSxq9Q0LeUGvMXr-U0utBKWvErzpk3hunKKvVBA6oYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5245267120890927000&adk=2465470143&idt=114&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/ Frame 1019 30 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1019 41 KB
13 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 117827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 07:09:29 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306280101/ Frame 3A17 344 KB
118 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

992ae0b671f30ba5e941a45c2963bede77df40b511bebb3594991ab412e90373

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121041
x-xss-protection: 0
server: cafe
etag: 9214904018483726626
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 1C11 172 KB
60 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Origin: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 10:17:23 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/ Frame 1C11 11 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4_mnBn293ea-uTznbYsPKqEltVwTUfUIu43sOc2xW8UKwPfN3J2uU03q5gQKF4n_Qe53keQjWDuhi0vmqAXDlpujrjf4T9h8libWYS65aRdA1TdsBp6IMYIeG6gWa-M7Gj6mb8iAJ0WWqYj1uXrmaiOk9lWg8nEo1rHJd7qdQ_1DB6jU&dbm_d=AKAmf-DpQcIX3qclIzRhyCpnxSgepcBUsW0tkDnPqQxTn-H_KBoHtfhp2-mKSF3UTQQNspmlh_cfatvoyobbZP0MEVIrXPCksMW-4wC7cZvG6sqa2QuiQ-h_74bUYiIAWsK5olDpAO9SnmK5vv_7vFiUjaPR-dTh-bjmWKkgBS0Qww5wg9QLc0CwHIjN5NFhtfBRBanv2XJ3-e8g6a0AglXC8iWRw0XDauS3qmlPzPIwFDCod3yLARQH8AmQANw1c4wR-qtlVw_THha083jp2N_9ne026YUGPs1xx3PU6xVbO2hnMw_pSZ3weDr7nM9Exl915gR09jpgMMGHbsMLzXmiHDuHi7lUREOf-rFAn1VBKAy-vjVZWklh-lQ4f-wyOiYP9F407OU3yuoywHh6WYM0m2RgfEr9jheTNqLkbCPLGqRh5CAfv3_Hs0YiuZTDAVDnvAqI5hfKWjAR3jJJAxnkLSAm3M5tphaR7bfFEtku8xgJBvtF_TiL_gURgsVJUBbJkhVt7YFZOdYfwoCrHWGZuN4SEgTkvZeWqwZhWt0tABon1y0z1FJEdoceevDO1HkYhFvkBQakqKA9mav6aRrDGx6IyBVA3_0Bnom8dHplQpQe64t6tNCULe9fChyaycyq0YxBPxA9PhszRJYsJv6FEw2uhkYrbqUqN4qJiDdaKQdRJ7Gl5LwpE71d1IpM_-bM3nWGIIkUVPPIcnMjbAdJDPwYychThxXLiN3fdhANcpDIYxbafuVmCwsD4jgfKcljRRHcTcXUlVSNbiRj8q2PHqwabfNarH_bMdjds6aTXC1oDGf51Vpr_6NLezzSJN1RRhGhk-pLDgZsjwQd5gV6O6JlvIa8ZD42HN5jiu6s8Ct7z_kUUiQSs7t3CTZ1-Cq412JjxZkWRfSLJ6w9y3DNCIt8_ZQ7LNB1jUh8aqfWC3CdmBYxAi3QAjMl5XrMXd1Q1iG5-MeqOt5UXZmUBuGDgSkHgK4XPMrjISsieeqWc9K9343Mbd8Qjcj5Zkz-7xrYwZ9-JmHND8hCHf9S9hErqc6fU1p9EhPOdyJh23g2I5EkZggATLJPiydYbd0I8GyR49POVSMPXe8I9VDlVwfnhPZJfYEBkUqVsZWk_ToOx6TPNGiQS7Awli5xohIv3sfM-d6np13d_9QzUtgzvTrNIrsrqNDZrn8TDC4JFZABCU6PNOwhBQVYgy_n3cwY1CpJ3IBia8PBrgUlu-n0oj5AkpR0sm6WPvZbp5bpNXCyaoZSx7lLrRnseSMXn--EToahvF5ULhbbYOijeMKiy2Z4jcO95Mw6b2Awv3iG_H0gjQHezgycR_VBX6ogt7Mkj989AhQx4CP-cwbkoxHz69h6i75riPkGUgCvJAR4KHADoj9Ml5rGP7sKkSJEOSkfFZK54AK2x1B4NlRGmFaD-jmlkU8IQ8GI3GKMKbKiLUEh8M16AeYzhe5LIiLKUWlFy8EoGQSKXxFN3bajFZ93jktKj504XnaTmMmiRasrw1Zyu66AnIVy5uONqfmDxUghIk-QHgI7Hkkq0pzjSLYktbOPmMbMllj1g9QcGMAKE-_0nAj3mX7pS6THwmuXxKIglDPHFIAaOlKVjr91OgnsyGiJKIZJ0r0JkMg1b0bCG-r53S4aFkT5Ryy31CAU4VGlJtgUqx5CUT-getoLoGs1qyrgsRUGEAgAPvxYBmKZEF7qA9pLtZiGFrrHdaEqMpcQT8DspZzsMp8O0fL85WNHaGWC9ORyg1_qG6o1Py28jq6Cbexuo5Y9UPkbvEV_Dlpk7K6d3_ElKeffka0zJxKg6B12GmjvFKLQNVBScRXWrUJ8I6B8DP_9SH7SmYyW4hQIoXp4vgOnnVmYMH5U6LQE_HfZjhzBt5C9r361IY6zMgl-Lq8brbLYN9UwKuKQcabQDhkwR7Gc3KeeQ2RKETEkSFm3k-e6ziWDsjra69byJQqfXnwjKJpM-W_o6JtsFEa98kxLMroVL57nnxv1V12PQGqIdepNuya7o2kZ_SNc0CUTCuD-vXVieh2Kqfa7dO1XnUb4EIVTorTJoe0oddqU6daji-5Dgk363vBcocF40nDifq0Lcuej87lVck7U6l2RtcD6s7mW8n1R__2LTw4f5_Fk4uGcLJL8i_-89H1Ak19ZxEWJzdNcsyznorAVEgZB1Xn9CPeHMk0H7hmjLdkVDMTutvCCQYmDOtFNZxbL4um1PUPbn2AISdZvg2h-qC643z0YCNHemWyPvXfYCUDsGZRKJ5AKLZq90LubqM83MC7ZF5lz4jUC9rY5jo69j3R1ztAVe0loI-zobbVO0RknRIOabJhll5vnpAWbGHXU0kdptNXUWD1vkhQ5viC9PfYeFvNLXLfNBYcFzIlfcRFk85F0MWy7L1hLVtUpYgyVMYqiSSqwUEHjNxcvGxbzcpToceQcqTrRlclC4pEjXV1bX8_oGO9BliFo0RAQypYaWI-HcS_WZueHo24Cmv5ojwdwsIDP46Jvj4oHIb12WYAqopepuA3ufiqAa8ojXLiXX7d1G29UCY5Nbd98Wx5beGmLxLbFt-GucVKhTJs3KRe4Hfg3bTzL6gHSYZ2_ZAM7-ns6BiYpfef6sEEk4mJ-gZ2qCK6D1FILg1OACXyVTbHeALr88vDR1daGx7LJiqlwp3V3B9PM8-cZ6ZFqvjri8K1O3lCA9rcQ_TdaY-Y3kXIlpNsWVA7nwWKyvN1bH83WHSYG30VgNG0aY1PWqLf9AsXvWDzP3ZstyjGonpy15sj35GMUnhR8kUUvDInrMqjqXr8Qoc6UIWHraLCKP23nMA6aKy_lIS38q4cPTpTEgL_JZlu-q-W8HrgTecMA_FltbgjAryVBLCFqgDwNlTrFx0ac1v6s3yMlgFN9GMoZtE0_PQsJHeGMZ7-9QZjyw6RNUEtkZ2CP_ljRBXWlDSlIy1FLpGjGJBlWxZG1cOSTVRyylwZ9IMl_Iy47mlZ5W14HIfo65VPTkRdo9rJ2U8SA3UW5rlG4XgmKn4fFufgA8tRfMnobnDKxwl7RWxNFAW5VP5Us_9MSZmNt_5C2eHfxc_9HAxy9db8Vf9TTHDZn9GT_7HQc1ldOt6Yqzz_PJtnxDDME2SUflwDWcoJpgJPG1bCQUBwqWlZnDVhlI6AE5JxXwpmx-n-nKq701qNn3LPY7rGovuVIbQ2cFfT4XSoBp4naWTdIaI0Me6ceOtLPEQ-pmmOVfR57GKR4LxWCZ2IDDlzOyaFBZijQqU3lRyzvCwYUwyfJtkGK-z4GyYtmEWADKmTlY7DU4-Fu-CmqoJUKVQTQ53FrCVtVq_h9wKuROSp4wV2rNK2v9noZ1OyYOvK39IJ7I2_FXccudN3WDXmppHzEXsvHIgxpNCVx_qxG28IjNzPqrhx4Z7Zm24wy3CQwvNAXDu-tTFSlChAnqocxxX2LzN_Fif_tHguOGC-GmbLnvsiyF0dWYRi2wc7IIkjF27ng7yqPnct19gtEd6TX0G6PmJMKfFUG18gRSndf1A7gGwAcYKcKPrrNY2vsIO24Myy45xUWvH-p-sQPaxgG2uO2f3CA9IHDnvtysEcpYM7L6LoptaEXcbAF0CNmzUQAfkYqPVjngcg6wIieHJLmCbYCIQe7iodZBFeD4C_kgdBhVhC4bWLQ0FFsgcY7aXxT-HiycG-hKqvn9g&cid=CAQSbQBygQiD02WQ24zOMxuhNpLg2RA8PQ9n80NxKEFXxp2K_64jAloRzVM37FVbtr9ZjQ4hoWwEMZiaG-4ptU3ncDnTWNSlqkHOmMXP9_ZPiS8J647IXa3V-Rh1qZyrDv4TqkEgGd8Db3fQHWjDwfoYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=7740164138472844000&adk=3860319555&idt=103&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/ Frame 1C11 30 KB
11 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230628/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:23:11 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1C11 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 117827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 07:09:29 GMT

GET
DATA 200
OK truncated
/ Frame 1019 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db080a8c694b59a77fd9f94415e96397ee8ac1a1897095fac871764314d45a2a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1C11 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3944ab93f530308ef44bfc07daebe202d21c62e34bfbdf149f55875aa51b927

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8F8E 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 117763
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:10:33 GMT
expires: Thu, 04 Jul 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14117493524039618747/ Frame C549 14 KB
3 KB 15ms
15ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3e2ffee073e1eeca325070e1fa175e2a81fa40149b5f5d79fec954ba0a8112e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3110
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
expires: Fri, 05 Jul 2024 15:53:16 GMT
last-modified: Fri, 12 May 2023 09:19:30 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4180 0
0 53ms
52ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstZW4m9pRHglbja2rS7KqZ3XEgQxp1UH9p7e6ShuG6b8xhQyqtoJeFVnE0f-Tu_BnyZjAaAmLv9tsodpKTWv8_Yvh4Q-OeEL3c_wR-7-6I9Om_RPIWW1kMBKieamxbGqKZEVXIC5yUcAhYBGPgDNMUVjjdQvY6OmVdPOhXiFYQtzAX8VUYjdJrA7Ag5f-LZJ9x_c-lPXASveQvtU15sYuxjEla-2o0xRsnxPd77CNzLwHEyaKaFQRsM1WQAYvJi6hvzPQA5_t2-mBJHY36Juf3tQOsaWLSyVJOE5zfkOB1RZt2d8RJKQ6uDvYBS4W93OOZCwS4JyvT7pALZMD7u26QHan8-zSk0mtpmxxMP6kp_NtH9DI-CuF7ik8YMXrL1ilMekOcVg6ahTrGLpj1oR35wkR6VywdytYQKJFQ7yxh6QFUCMgZ5R8l0zRsYnF5NB3oXT7TtewTH7C4djdFN_13X3SQR-ncXcxpS7KtZrKEbYvSJtTj50UzfkJp2d7QiVHVmWs4HV5Dhaoh5zDD-p7qG8FRYemaaalyM4UzQtiweY3-YdUkahzys3HNR7bvU38f8DETx5XU19U4H2SRbkVKsYIM-dHfq9v842Rm4JZpDn6OL2jSUqVu3JEsBgcHXAv_8yBL5n-a6TLq_tnT3eMrzjnN_CIGuXYAqCDEp3BnsvEYxxO0xI16YYU0-uHjW3WPMcl08P3NzQno9jSjKqIn4DMD86zumX_MGyUXWGq4iSRW1VIY0yM62vbV16XthM_eZBY2TRLfN9K2MMZIxd2PZO8E7Zewh2g0NhE_EoSUt6bkQPOIdD1HAVUi1Y2FkEJPrPN6efnUHeM1pRhxa4SKNrtM0C43w_lvVVqvk6hu3KPkgbfs7N-fK9l-suDGzMwElaZRX1Nioxrx9nLcfOXdRmb1WUtqQZF2y9hFABsewLkD_Gq1-B_fAKxdv1mkdtqwiSArYi-WyeedAcFfxEwZ4DzB_l3lUyEPCN0ScqEoMl3mfPdHdaph7zGcpsyuwEv_4RftgnibEBNbpRT8T9AHoOyhgGlNIfTcsne10ZptSgOzFCXGGtr4TewYyCWuKcU2OUEgK5BjB_4TPh7FSjSNVy_O5Kj3Oge1qe0JEHz7UI68yvjSqlHsOc8KtTzj-qbG-hT0wLK8SwDw4kZ9p7kLN6C770ilk_oHZes4A8QPMvKifwx1LJqQ3ngCqwEt48yVThpQHNLXouJ8H7z4JyTcmKLXr4gYiPRol_JXBnUmSVxZ9ZLus_Ewzpb4BbP9Pe9esisKn-Cy4P3J5zA&sai=AMfl-YT_BefJrwm3sN6zcSWS8Vnjb0LE14XG2w8DFIGzNaJT2VBJ6aQosXu1vSUlsZN9mAy4X_Dq35Dt2KWWyMXdVB9fAi-7UFX1oTKG3LWdzowmQSaOrD52FfXMF01S_6wHpF0avEz-Jl_pFfyNYLXrjFrfAE-P8y23fVyKX7ujVE0Rj5DmtcPkniN3GoTPIvyZuWBX7EEQ3edRhaWvUE9h9zkuWrw8Mkk87eVfQTTE98sEWAByK7Tb__hkLlkRghBSOe1Xe-8YIDBlT9QwWbQ2uo_E6KS77lzD4cuNkba28mk3j3-S9A3FEXU3w4ndPLQ6ruZmRf3_EQnq6rToENNOo6GBcZrWuFk2F_JYvudanl9bCL-4FuBRnpR7YvhuVw&sig=Cg0ArKJSzLi8sbFy-V5EEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=268&cbvp=1&cstd=259&cisv=r20230628.20265&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
DATA 200
OK truncated
/ Frame F4E7 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02ce1da9dbab20202616080b3232910e93708f4fe50e287ace868ff87685b0f1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame FB96 114 KB
14 KB 18ms
17ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1grzkdwnbc4qnbr44mbea6jq8kvxv146qet84v69bnt8xvysw224176bzx9b17m9zjb2vd0ep5t2h8h4cvt5akg426r98zydhv6nkd1mzgw9jzxfnkbyya36p1cjjm7q748ypwq5x0qzzrc25vx5ds1z34hx93csac9qbp1nttrk81ezdr55jr7ymh0wg0zsktn3dx3bwzbr3p1g5znpceghvvqbp23966298pvy16fxww3sa6jr5ngcr7yp29ns507209gd9hnjzyx0wzwz13x69xnbzn0n22ac3sfcyxe6aagen8wngzvhfr888t4cpxmwft5nmpa26j76symnyvndca5qhmxaq1nvv4ja08ydh010bks48hvvbcj7h1rcq1pj2mp85s79r56rcbtgzysxcqzsajpp6t8h40f8xgkdvnrp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1grzkdwnbc4qnbr44mbea6jq8kvxv146qet84v69bnt8xvysw224176bzx9b17m9zjb2vd0ep5t2h8h4cvt5akg426r98zydhv6nkd1mzgw9jzxfnkbyya36p1cjjm7q748ypwq5x0qzzrc25vx5ds1z34hx93csac9qbp1nttrk81ezdr55jr7ymh0wg0zsktn3dx3bwzbr3p1g5znpceghvvqbp23966298pvy16fxww3sa6jr5ngcr7yp29ns507209gd9hnjzyx0wzwz13x69xnbzn0n22ac3sfcyxe6aagen8wngzvhfr888t4cpxmwft5nmpa26j76symnyvndca5qhmxaq1nvv4ja08ydh010bks48hvvbcj7h1rcq1pj2mp85s79r56rcbtgzysxcqzsajpp6t8h40f8xgkdvnrp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 708010
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iGisEpZUgoG2nrEkqfj%2BLuzND5LM7UQIvGHY0RBdeDIurlWpJXY%2FGs5RPq4rTHkL7qpLNksnT%2F45%2FDPEI6l5PbaYU%2BIHnCFRHHXd1ojw8g6FFN%2BKR85k0P01tQ6kNhzhD0OF5yb767I%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e29050658b03662-FRA
expires: Thu, 06 Jul 2023 16:53:16 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame FB96 25 KB
10 KB 33ms
18ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1grzkdwnbc4qnbr44mbea6jq8kvxv146qet84v69bnt8xvysw224176bzx9b17m9zjb2vd0ep5t2h8h4cvt5akg426r98zydhv6nkd1mzgw9jzxfnkbyya36p1cjjm7q748ypwq5x0qzzrc25vx5ds1z34hx93csac9qbp1nttrk81ezdr55jr7ymh0wg0zsktn3dx3bwzbr3p1g5znpceghvvqbp23966298pvy16fxww3sa6jr5ngcr7yp29ns507209gd9hnjzyx0wzwz13x69xnbzn0n22ac3sfcyxe6aagen8wngzvhfr888t4cpxmwft5nmpa26j76symnyvndca5qhmxaq1nvv4ja08ydh010bks48hvvbcj7h1rcq1pj2mp85s79r56rcbtgzysxcqzsajpp6t8h40f8xgkdvnrp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 180437
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQkiZdEOn%2FUETFl81hJqvE2JS2gXrhptIxoOibMnuWYnhBgfHH5U%2F3PCeIK%2FnDMET9y9wLp8O8fdolddL%2BMv2Zf9Fj%2FJjQT%2FZqY7SAVFrk9jBSnKxNV5wY6H7pdnT%2BLzWOo7tpQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7e29050678c33662-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 27 Jun 2023 13:46:21 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F4E7 0
0 44ms
44ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstq_LwR0pn2s-m4-9VORfNQpVfaAxGvNL1y6Xgx_rkLEakZTGAFk9z9kte1bll4qIUTLNX145zEV6X9v41bY3bFj4VtgBga7nGsPMSdDY3zc493MYEGoofF3l_E6MBG9EhOpUDVc4a9mvedzJniDfK7ICiTY3oqMofqa-I8i6lAZRdC9Pkre1jNu34SQq-331cqhxS3Zl4lEE_47U9R2Mw3WhTboHUqIQvInyRqWN5au8TLmCVk7oxskrq3XFfAHQ7TXNTpA258reNjeQqbsU4YEAlT5sZEzIgkc924B77kd-aW9WLdEHOZjsYPf-C7GmarbJ6W2WfYGSCgtNe3FKL_J4bdB3WKXkx-DCoJCmhmZ6sWphFZaJKUc7TDOazl_VgjvqVT0MuihcP7SKBBz0zULw9kPlKpYU82TLa24970hiDujytu4owV7V12nHQ5t0ynCzsVm78klndR_3-sL7bXnp_lYhQ2kyzi7Xyj8_JopzFBjZp4QCDUJUcvhVirTGy7GcqGTVXI6Sy_aAtrG3ADxRWgXuxfK02t4r5dGbi0sjLVCEfBgTn5HXbsI2tOsyZ41S2w3we_Bzf9r6fDjVYnTYUmH5RrD6_n7-PYvApl2iigppr6UFRNnUw9qcdqT5AnrqDRT0gzEjSdWCEfqbfBbofxZrb6XqjexUYb39qHNrAw8wZoujHQYNE_cpUuECuh2V4oGtTpI7mKqFh2anuBAK8Jg6C3Kky2IxMo1dsSAafoXfz4gYhhHnA3UGfPVLoQYF8RC_uEVMx6FfGwISOlqeT2jmYY8H3GI__UDTaSvrXcj0oxX4tB6Z1nKrJXemmEm0dkBscJ3li54wkxqjYzeKbcMJExa5MSJSMXOqttWXXsE257sAmHgFHWNHM9XQLKOEG0Z9jy9QX5KrHPDOVMInWtDvq-qlsPWjXUzDuo52JALz6tkj6Goo5zP3W2LMgvj-d_LaNmSmItmX-LnMXWVOQOAbiRn_KEZaGdPIEBLhhnoGMCtXWSWO7fltIy47pbNniCPY56wP8MRdIzzm7VexVTMxr0SuWbpLEX4qzSgRJSL51GrP9ltWjFt2V8wB058QOkT2gh-mqVMN9gbd4Nqb1ed5d2f153AAfQ95Ry3QWWeqBRzsArIzcD6UCHrnIhMdZ2EPD2y8_j2OKKXv-MMV4TUsPC4hLZvZnIl6swvYp1rO9nmaoO2b930VJR-J-3Z8SEl-91kLu3igXIdZkAVP9PSQW1pbE_nMs7Q2qJKjq0AGs&sai=AMfl-YTF5a-Ebhpo_0Q6J1z2P7wVgaqrjgCO0C43dki4TOJOt9IM3OfVrbIrRUFQ41m_vW0ZUKPzkvwLjwpRJA0uAP0bFSNMOthqjLJe4JxkBcw16J0HIixt8dghvgaA25PiQkthrcgIaZBDc3bNMB3DBBrpmXL5eWlA_rURUleEjE63Cyw-AC0IV5t-PKYF861G-SF1drMz-dMPU4cWZxpB5qczrnXMR6fgfZIFx4Cug5DCSAJ28qci1STiAnYECq3K6qi5DjQsXbfJguTVpQL4_z_flC5H15BrPVwFhLNTudTr_2RQgzmP3GZ-PjpIpBZVE2BCmZFaJVZPV_vUgWhU4hrFGSqU0E38S_c&sig=Cg0ArKJSzIQUQnf_AsPaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=184&vt=11&dtpt=183&dett=2&cstd=0&cisv=r20230628.45125&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1D71 22 KB
8 KB 11ms
10ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 117763
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:10:33 GMT
expires: Thu, 04 Jul 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 723D 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com&bust=31075780

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E848 0
16 B 98ms
97ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2659805833&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796227&bpp=3&bdt=253&idt=321&shv=r20230628&mjsv=m202306290101&ptt=9&saldr=aa&nras=1&correlator=5009419851692&frm=8&ife=1&pv=2&ga_vid=1109457596.1688658797&ga_sid=1688658797&ga_hid=373157153&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075758%2C31075780%2C44788441%2C44796477&oid=2&pvsid=3572277614357598&tmod=41027345&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.i97vbe93h7xf&fsb=1&dtd=336

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14117493524039618747/ Frame DDA7 14 KB
3 KB 16ms
16ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3e2ffee073e1eeca325070e1fa175e2a81fa40149b5f5d79fec954ba0a8112e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3110
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
expires: Fri, 05 Jul 2024 15:53:16 GMT
last-modified: Fri, 12 May 2023 09:19:30 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C33A 0
0 53ms
53ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstILjbijOIN-KrEYzf5XVleSVrremiaOapp9lRd4VkPt1hZWS1S7errHJ40amb3C91V-8lwz0LaOMTJN9_-3uVLlAzToHHoJjVWxuXEJCJnenZBlPBRKOcUoZrLayuxEoRCx1Ia_Fv1zrNtq43bEZx7wthc9Mltqr5kDO_oMz1RfMaD9pEyC8vWKH5cDpry8v-VPfOEGoyqhXPEq1FHUrSqeerHmB5IUhOaUaGdTZecReWkI3quv2joY7fLGz32MlJwHST2he1vKe9PaTnkVtSQZGk6TBOU_r0SlQI2zqJ67CSA5ww443CtsGCDwBJk1Hi5k-MP77fYeuNDQhN6avJJxmqixUrQJhcNCSNVPJzG1Ji6KXJWwi26QGk7uG8V6SPiyBw9qylFaMif_HLNqoKAjsPTcu2ElYyVu5Q6SuwoCiHQzlLByDQXzlFoxM65erefxYgnlOZK04r5KvVtTucgsan__5ESMxKE2ceZTjoojkHmf57PaFOt81NPDaIUhP_TRElxXQ9oVnoQuDW5kf4ZWfNb2ld3s1si1BAD5dL1WwSiL2TL4XmZIUq39PU6si6G5vV0W-Ejk87Mfy7ZzkQw9UBTFpV1YNTjFlwhTvInSQqNwrWrRkyVKEgjfVYOxlNGCMUMf5zdnp66gI_bT4N86vc7PIFig0BpIS0XOsEJSUzTH2IB21LQnxCCJik6kHB_QMOXjPoglQOh-G1pBsBP7uf9rUeu8FLC8PG9wK3z1Wa2TbjqdbL0061R3dCjhXhsuc2aeFiZiGwe7oAXcHqEDkOT1hnjVYyo8TwGbZ8vHDcvlnKSBg0Qfg1jeaxnmI6ZI-EkU1MMK3ZCpBFYTmFUOUgXSaogwF08dimg5LHp4A_ztvWvn9cOB6tffrURocaxlCHWqfD0AydKLuavOKQHA5ubk4aYObB6AT2Hcd3s8Dd3Lqn6XiB8cq-nbxkA2RRFuGDzkTS4lJvOOPceeQE8Gayk3LaD4slTQwk7U9O2UqjNXImqDxv-s-xn-V7upBtYS25E4-9nOy-TueIBCLHXB_HmWhORMoDZo3j0LpJrZlpbb0mNvWc405N7MSfKlSHsf8tOZJrNoP219NsYLwCxGZGPUIIzPIdS09f0p1DhNWV3NCzcp-JbCVQOrU-c1VRCrrMKA3TGtSWANcDe6F0N8cE3u5wtc7ffFM2ML_lgzer-6ja5gNhXjiKPx__2aUryyEGTfLW56XuQERsyt2gy4lhtiuXi0i6hMk3ZhHGPzDGN5Zjh1fekiDo-KH7EKd1AVJ61_56joMVJdl0&sai=AMfl-YRD3xl8sK_CeMjqwC2DYjUOofULPi8z9lo7WA3lfm96PFY_2M9A2iDALz3XGo7w6XgloB3X73N5rii9leOQet7e8axy6j-AdPWS3XBq9xRRSi9TduLGUxEIHXlxttHkbkslenILwT52512F1LWyyf0vXSDTq0SrS-1VK6JAusQeJKRxANvPOwwREaYROnOlHdDHA7RpSi1vL85vh_mWKtsV3LlvAQj0HWFljB3VN4EwzHW7fDlzme_ez-cTPhP9WVG_yPVGyhxO30jB-oOqmN6v61VWdmBmbevAaW9gIhRKQ7vRjVCUJKysTZtHFrLXBrI3P_zaMQZnhk3GO7GKHfoou0bU9pNNp8mxlZ8Y-r7KZYHeBd9kVS3g9hFqSg&sig=Cg0ArKJSzGORPCzhVGANEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=310&cbvp=1&cstd=303&cisv=r20230628.76897&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/14117493524039618747/css/ Frame C549 6 KB
2 KB 10ms
10ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171911
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1606
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:05 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame C549 120 KB
41 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49411
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 02:09:45 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/14117493524039618747/img/ Frame C549 95 B
122 B 9ms
8ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/14117493524039618747/img/ Frame C549 5 KB
2 KB 6ms
6ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2339
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame C549 60 KB
24 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H2 200 main.19.8.425.js Show response
static.adsafeprotected.com/ Frame C33A 203 KB
63 KB 94ms
23ms Script
application/javascript 2600:9000:2450:a800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.425.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1534583/72389219/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:a800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4d24a3646c524336d1a00d5102a4fab0629caced791ff7f05a89d12253e147d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 21:04:08 GMT
x-amz-version-id: vTMh3VsUfsPfd30Q2lhQhLoWQZlv7Ed2
content-encoding: gzip
via: 1.1 18c175f0712f202f852e6fa991d829d0.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 67749
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jul 2023 19:42:13 GMT
server: AmazonS3
etag: W/"8325ccb86878f05b0052313c53a93437"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 11A76grL8wJV-st9zbTI7bZNJ-ILTPiZnaOAwFxC1RifoXTTf9FQNg==

GET
H2 200 main.19.8.425.js Show response
static.adsafeprotected.com/ Frame 4180 203 KB
63 KB 120ms
50ms Script
application/javascript 2600:9000:2450:a800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.425.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1534583/72389219/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:a800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4d24a3646c524336d1a00d5102a4fab0629caced791ff7f05a89d12253e147d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 21:04:08 GMT
x-amz-version-id: vTMh3VsUfsPfd30Q2lhQhLoWQZlv7Ed2
content-encoding: gzip
via: 1.1 18c175f0712f202f852e6fa991d829d0.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 67749
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jul 2023 19:42:13 GMT
server: AmazonS3
etag: W/"8325ccb86878f05b0052313c53a93437"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 2s0t1KNXdyJyVzx1lxbQNOMIdyKGsxiZ236xLzqKU6s2lwgVuxSDlQ==

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame D9FC
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENRgVCoHL5VHrMVh2n7aazo&google_cver=1&google_push=AaAOQGGN6sd7mEaVYGXcyRV_yp425TSmYylpyOsU4_fWe2SOiR2EO5VOQTqB0RfZSOkJk7EC_zJQqLwr-dr4GN7BS1qXKGJ_c0L8WQ
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzUwMzQ1OTEyMTMzMzk2Njc5MA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENRgVCoHL5VHrMVh2n7aazo&google_cver=1

43 B
398 B

25ms
24ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENRgVCoHL5VHrMVh2n7aazo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795852&bpp=2&bdt=162&idt=204&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7615271090621&frm=8&ife=1&pv=1&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.x6ye899klhof&fsb=1&dtd=210
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENRgVCoHL5VHrMVh2n7aazo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame D9FC 70 B
266 B 118ms
34ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGlO7BjNqvwiem6K0NTsg48&google_cver=1&google_push=AaAOQGH7s3Oeaxo3q0fso3DB0C8LuHMSoJOXFYMSK6pWlrua8ebBkf6q6PxUGlNHBkElWvjZUbGE3n74pd2xHoBliramtmolxoBuGg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795852&bpp=2&bdt=162&idt=204&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7615271090621&frm=8&ife=1&pv=1&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.x6ye899klhof&fsb=1&dtd=210
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame D9FC 0
174 B 37ms
15ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEEZf1RPki3ho4ECdOPQHbPc&google_cver=1&google_push=AaAOQGGIjziHyN53Chg3mmsrmoe-7K5tjLEFaeUNxEUr3e2TJKVPXgLJzy1Ze2rHt8KnTPVUeCFzIIUngIRtLTB325tZ7pkNNMFAZw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795852&bpp=2&bdt=162&idt=204&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7615271090621&frm=8&ife=1&pv=1&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.x6ye899klhof&fsb=1&dtd=210
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D9FC
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEP-JfLJ2asJd4ylrQSlA5YU&google_cver=1&google_push=AaAOQGHvkFQy2n8CF60A8QshbHWY0OaZm20TtBNohQzyj6jegZl0uLVxr3ezm0ZrRbknK15DEp8rYcA1ol7ZQyXl...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=AkqdFVJ8RKq9NaTmO6K6Dg2&google_push=AaAOQGHvkFQy2n8CF60A8QshbHWY0OaZm20TtBNohQzyj6jegZl0uLVxr3ezm0ZrRbknK15DEp8rYcA1ol7ZQyXlgTAhiHiPjm8eKA

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=AkqdFVJ8RKq9NaTmO6K6Dg2&google_push=AaAOQGHvkFQy2n8CF60A8QshbHWY0OaZm20TtBNohQzyj6jegZl0uLVxr3ezm0ZrRbknK15DEp8rYcA1ol7ZQyXlgTAhiHiPjm8eKA

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 06 Jul 2023 15:53:16 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=AkqdFVJ8RKq9NaTmO6K6Dg2&google_push=AaAOQGHvkFQy2n8CF60A8QshbHWY0OaZm20TtBNohQzyj6jegZl0uLVxr3ezm0ZrRbknK15DEp8rYcA1ol7ZQyXlgTAhiHiPjm8eKA
x-host: tde-deliveryengine-production-84d9bf65c-nmxjj
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D9FC
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEEnHoO2Pdw8ledjC2RPPHgQ&google_cver=1&google_push=AaAOQGEsUd5pPybDKGW3NbSSL7gw9dgmx78N4ww7LW5rnwQfVJkbObKKwpeg4fKw5clVbpCjhnl2eJkJglo7QAZA0IG_...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEEnHoO2Pdw8ledjC2RPPHgQ&google_cver=1&google_push=AaAOQGEsUd5pPybDKGW3NbSSL7gw9dgmx78N4ww7LW5rnwQfVJkbObKKwpeg4fKw5clVbpCjhnl2eJkJglo7QA...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEsUd5pPybDKGW3NbSSL7gw9dgmx78N4ww7LW5rnwQfVJkbObKKwpeg4fKw5clVbpCjhnl2eJkJglo7QAZA0IG_0lNxHDYSZg&google_hm=QmicW4KQQK6ka2PwSuIVLA==

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEsUd5pPybDKGW3NbSSL7gw9dgmx78N4ww7LW5rnwQfVJkbObKKwpeg4fKw5clVbpCjhnl2eJkJglo7QAZA0IG_0lNxHDYSZg&google_hm=QmicW4KQQK6ka2PwSuIVLA==

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEsUd5pPybDKGW3NbSSL7gw9dgmx78N4ww7LW5rnwQfVJkbObKKwpeg4fKw5clVbpCjhnl2eJkJglo7QAZA0IG_0lNxHDYSZg&google_hm=QmicW4KQQK6ka2PwSuIVLA==
date: Thu, 06 Jul 2023 15:53:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D9FC
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECgFkwID3T84OcYZIV_4ZfA&google_cver=1&google_push=AaAOQGGRM9pnaUW9ZiCsKqMPZZzZHgNcQgORYoN9_S9z8UrnDOn4cqvBsP-MG9ujlKbB7KMYIbumfJd_...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECgFkwID3T84OcYZIV_4ZfA&google_cver=1&google_push=AaAOQGGRM9pnaUW9ZiCsKqMPZZzZHgNcQgORYoN9_S9z8UrnDOn4cqvBsP-MG9ujlKbB7KMYIbu...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzc1MjMyNjg2MDEzMzcxMzc5Mg&google_push=AaAOQGGRM9pnaUW9ZiCsKqMPZZzZHgNcQgORYoN9_S9z8UrnDOn4cqvBsP-MG9ujlKbB7KMYIbumfJ...

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzc1MjMyNjg2MDEzMzcxMzc5Mg&google_push=AaAOQGGRM9pnaUW9ZiCsKqMPZZzZHgNcQgORYoN9_S9z8UrnDOn4cqvBsP-MG9ujlKbB7KMYIbumfJd_VUgDrXBzSGeQ4dAU2_soiQ

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzc1MjMyNjg2MDEzMzcxMzc5Mg&google_push=AaAOQGGRM9pnaUW9ZiCsKqMPZZzZHgNcQgORYoN9_S9z8UrnDOn4cqvBsP-MG9ujlKbB7KMYIbumfJd_VUgDrXBzSGeQ4dAU2_soiQ
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

report
sync.teads.tv/um/ Frame D9FC
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJFQkCb3TZEn...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGGqennTtMvP9PgHJX9ojPdt-RhBFqLqk369pdVw0Azcok9JVheZ03d089kpie2gWHr1CtxUbc7g-Lnnqp8lX4GQ5zGsTx_Bx0o
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
165 B

36ms
36ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795852&bpp=2&bdt=162&idt=204&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7615271090621&frm=8&ife=1&pv=1&ga_vid=1067294201.1688658796&ga_sid=1688658796&ga_hid=467351950&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=3714816659&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44788441&oid=2&pvsid=2092179117275694&tmod=241757083&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.x6ye899klhof&fsb=1&dtd=210
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Thu, 06 Jul 2023 15:53:16 GMT
pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D9FC 0
12 B 16ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LIneJktTEhiriTQx9YJiO3RdHQ3OjYosbAK4H6fciLF6uPahGn1o3Pvsc0K0EICOnmoPgmjQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D553 32 KB
14 KB 193ms
193ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3171367898&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796230&bpp=1&bdt=255&idt=373&shv=r20230628&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5009419851692&frm=8&ife=1&pv=1&ga_vid=1109457596.1688658797&ga_sid=1688658797&ga_hid=373157153&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075758%2C31075780%2C44788441%2C44796477&oid=2&pvsid=3572277614357598&tmod=41027345&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.jqvbfcw68pku&fsb=1&dtd=378

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82749778c83a2e4d344b39fb3c5beb12cf7a81d65423b4a8d446b41caa8e9c3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 13958
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4323423352959208367/ Frame E672 15 KB
2 KB 15ms
15ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0486d620f8c483ed0fa8b56edfef5799ede455138606b4392604174847199be2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2272
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
expires: Fri, 05 Jul 2024 15:53:16 GMT
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1019 0
0 51ms
51ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuXHghkGdQIZawt0J0WUmTxNOCEsjaOaa6l42BoYHK6GegCvCzPUiaRguaZVHRFogtaEMPRE7RR1MMF67C9jwG3xxMsO_8IfCLwY-49GKAGFKBtDKJJHIbCAGuqTb1e4oyu7nZ0iUr3H7p0uaD44kalKqfOR44IFxENxUdZfRNuzhnkoFxj6ZUVqdOTZuADp8d1BhhWN8xl7nViRwyohtUpR1rtlckwNcxE5YqSLbUEBJyfFpgwNrgk9RrD0Mu8rSAOZKwVzCgAMJPWPP3iqwwd-0yxu6i1qRWof1LKgKZoBHF0A8m0XpzNTtjLr5X8IfAMEqXmgrj7GSKqEDwYePCDIhqBCLvuKhnLglj1dScKLSnisw3arUiTV8XOYVdtf64m3-TQ60vDvFxOznYxuQR8MZP-_FitgAuU0u8giLEPkFo2kKoXtFP-lmLh1jsaky3kKCEChnpBOPDq5WwRTcOP3PLY962eAxtKmMzs4PMXngNd_BJ3cIWo_FeTzk745lEEp5Dmza4_xdiVEbeCfkYzEs2E7-Io8dnqwe5tvszhrrwuvuHl1tDMif8Yh5c4zR3erF7DjR46yXAfn4DFG2zc4T0CyNm8s9zNKYmaxj8d28fDvya79od7sKfv5Rud1NKgXJJBZUYM8Cz-fHlmmhkq73NiRtt9r3J5LckQKmFlD_kl-E1WwoYkJRGY9qokD3qJ-468aeueBe5Ix6blZzaZPDDG3IF-s2Pgui4i4kDcuULH7eNxLCgWoDdZss7bG9HSmOMrtfm-AQna7_XDtF1meKX6VPTmrxXeHpFmf3cXph22QJthmMIGaSVmmvqgt6fzyYF3OgK56dnGu1r5hvv9rDSlD1oWkIu8oMNVuxP-EVr55L31IrgVa_YWoLqiP3zn5XlAeZcG3_h7pEnOK_GaoDISt8imLTK0f-1E-dn79giFHkqwj28wJvQIEgeMvWs_6ZbjefQZPa-1MvzKgzGJRtbtFq36X-xglsnQRI0KJkyarfMffRWe77kzwnvAJvBxPnW4MrX3X12H9IJs-YlT7Y7FXdbQyaZWEldtaKaF9nDonhfQ52oHmTmuF818EvZmzwu-yfTOjzuSM8nZtVBB04L4uE-kC0bBjMcMz-KKChQMREUrS77kTJPCRzgvh50JN-a6Myn8as6oJ3vjrYgYgi2Mc1ECX-MKLY4Sp0IMl66Tb8WB-8HDh9RdeW6BYsaiEFiK65Hdyw-HmeW-L0-qZ5jjybTEfVAI44s_KhXuWNMcfxqyHxbEfl_fU_9RxTkkAwvjUGgrLg5xz2hUCPESwdJ4m2OWkh4ZKA&sai=AMfl-YTNBaI18sAh1aPeRMhGuPCcOEpgQj8jzz7P0CbC69Atjfe2ti99R2MKDzJ7-4NLYm6qjvGTgZbOroVtOelUjNEmp2ps7t5DcgC1TtJavFny8YFcDbx4Acz-QGF5XimrAOZ332Rwt8SxVCEqhX7Ig5wv3QDK7ifjpW1botu7TzV_dNeexk7yc3_AON4YIZnqOwErUJHIZV4h1_5jRtDMojHgquwkxafcUSiLJCPG7dSUOUBp549mR0pOHEHpRjyv6vDyH4Gc0gn9R6WN9QA5pBwp2YxV84TnZYSGwGdD8WV-qx5QhOuPK2ccbp7pCE0Vb7mzd3j52ZncuGQU3SGNta8wZGdXoYtfuXc&sig=Cg0ArKJSzD2kultIjsxOEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=247&cbvp=1&cstd=240&cisv=r20230628.35923&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4323423352959208367/ Frame F9B6 15 KB
2 KB 15ms
15ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0486d620f8c483ed0fa8b56edfef5799ede455138606b4392604174847199be2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2272
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
expires: Fri, 05 Jul 2024 15:53:16 GMT
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1C11 0
0 53ms
53ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstLas2XB2unIvKPHCwIZsulxvwJn7iignDVVNmcGPQVpxwXYfEPjaLAujHQltooNh96ztHS7_2lHb5cao_KZPVnK2e3-CVuiagmegtUeIkTdeFvgfEv0SkJXKB0mBdcyRlVO5M6hq6inVFQcRCdU_qnnGI5Eqk3EEjtjPYqKlF4HJl7bF-kuf1wcX-Vyy7y0qTy9GxazjLecQhC-Q3OkVVALjGdy3zUELnh4VUnOj0VVIigSzM_Noo_6-rpEkkuyeXpp-6OMcBaSQBuQ4sN7JrJ0P4IUXLyQbUDLt1DFz41fJVHAF5jTx1oQo1PydhDsywqMR3jJoCUW-0hmRsYW2bFDJe5YQUu0ZvN2vixoMUyUU0QSV7QRKfK-G1VKHX5bjZ4PXTTuRhqitEWRDZUSdu10NgeLgzCeM7EsG6p5IwJjuvQsh0DOSWewcytrQgmoR5_p7PluQTfHxWnnIH9kcFbz_wBhpYHiUgZkpgbsTTqiK0JanW17r-Y7c65t_0uhw8Ra82m12IGSn63sgOe3SgXxEry4lPwWuFYMlDBcTOkulqt1UlesOPF8yMhW2ELOvECAYoXXJWsgCS3vOXBCQ4tvclwtYNlXuMIPabNFoThiGtfoAXvASbpPc2N4vUXbM0DraVp1e0IpOb7-PFJTOPEmxtEoy9Zq7pzU4CnaTjIKlSut1AJIRfAuhpblypfFok1Jm_R-hvlPPiH5cuai_lyqmhp0ZiafquuWpA61EdtC1TCiENNAqEZ0FBsvdA6V2_Nt9rQ60RMFwEIVSRdxmU1n9QE6aLkXiaQ_C1FJpYzTiXyW8WajaNZJLyGKfJGYEi3eJ6WFy7Ecfab2JXUe2QprU8RNb8K4O_xyN_S3kdlo7sylV1y2cv8CnNPcqvxwzR4B36akuoE-a9gf4lIDuJB7nd57L5mGHvHDcutAkifBfcotT75bwlZ81QbgvBn_oiTuMMfX_PsVnq5LO23Is1ipixHC3hmvSW2zefkJwRtQErCaHDTuUjVd6RrFbmtGPPz6r2vCDW_zc2SHlvPT3MrVmKi8g5RMSq4-oJyNZWyD74esMP27V4kKmV5HpfkH7KHZhSp92A2KBYEJhQQX7VXOaZMJvAxqx_4PDcsfsy1MuarEtU0ftBq80tYAHVRccAGNTVoeuvtSkxoXtOZIMsrg33n1wcIAYoVB3dkg8WG9j0FQiBeNHJBxwRLWjYIwFbW2l7Mhc86hcDb3xxsGp6Xmkgig7FLD83_06OP6L_tvYOx3g9bYa1AFQj8qfZaGhuiIf-OiEHSabIMhWgtdqHMIyKCCzNynCqFfQiroWB2-zzy&sai=AMfl-YRgnBb6HuY6Bs9ltilRZqThSpEqPs-youQxi071RWMeIdVoFAU_texFvAcIa3xXiLPlOo7PJLvdQDOtn1Ou4qMZsNPBUP1sZHObMOwez7iSkh7MiaYvPFvdQUR123_W2CEvxK91gyODKdRmHfBQUJi1kmuYNRJZYIB4HN05e4kW6TKHcp2z-_Y3pxlsy5gSo2z7GVNI7ktKL6v1KwLIs7zjp0nfiWelcBZY6z4OgBmrSk0ROM22iWQltfNbuCDfqrQVp1tEbp4_EbSe8p474vXICbB0ruyycUsxHJQc2ifUZnnNBziUfYcheLgYBOI3yRSXLCfXIY2dnhLBxiz-x5VxRA_JiE4uCIg&sig=Cg0ArKJSzNW_7-y8M2XaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=228&cbvp=1&cstd=222&cisv=r20230628.87947&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/14117493524039618747/css/ Frame DDA7 6 KB
2 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171911
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1606
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:05 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame DDA7 120 KB
41 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49411
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 02:09:45 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/14117493524039618747/img/ Frame DDA7 95 B
122 B 7ms
6ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/14117493524039618747/img/ Frame DDA7 5 KB
2 KB 6ms
6ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2339
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame DDA7 60 KB
24 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
DATA 200
OK truncated
/ Frame 1F0A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d54e2431496ce2ed854c20c9b9cea457f18a519bbfe1e3fe35edc1b2779a9c24

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3A17 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D1B8 0
16 B 345ms
344ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2662790276&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796398&bpp=2&bdt=235&idt=284&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&nras=1&correlator=4936208904555&frm=8&ife=1&pv=2&ga_vid=425751634.1688658797&ga_sid=1688658797&ga_hid=1949911629&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759876%2C44759927%2C31075812%2C44788441%2C44796477&oid=2&pvsid=3255360019821991&tmod=455624242&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.frhsdltklgd0&fsb=1&dtd=297

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/4323423352959208367/ Frame E672 9 KB
2 KB 9ms
9ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac546194565bbef33495adfd3072005ecb03e2563f484d0228435a8c4ac42f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 21:31:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 152505
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2321
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 21:31:31 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame E672 118 KB
40 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:36:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19016
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 10:36:20 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/4323423352959208367/ Frame E672 20 KB
5 KB 11ms
10ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:38:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 418480
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 30 Jun 2024 19:38:36 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A534 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 117763
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:10:33 GMT
expires: Thu, 04 Jul 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BC25 22 KB
8 KB 8ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 117763
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:10:33 GMT
expires: Thu, 04 Jul 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/4323423352959208367/ Frame F9B6 9 KB
2 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac546194565bbef33495adfd3072005ecb03e2563f484d0228435a8c4ac42f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 21:31:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 152505
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2321
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 21:31:31 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame F9B6 118 KB
40 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:36:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19016
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 10:36:20 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/4323423352959208367/ Frame F9B6 20 KB
5 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:38:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 418480
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 30 Jun 2024 19:38:36 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 70CD 436 B
233 B 546ms
545ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3171325989&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796400&bpp=1&bdt=237&idt=331&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4936208904555&frm=8&ife=1&pv=1&ga_vid=425751634.1688658797&ga_sid=1688658797&ga_hid=1949911629&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759876%2C44759927%2C31075812%2C44788441%2C44796477&oid=2&pvsid=3255360019821991&tmod=455624242&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.po2q7pahivpw&fsb=1&dtd=335

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

567509cf13c76168173a53ed6821184df5fec61ec21aaed69f5f4aab89f0821a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:17 GMT
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2C4D 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 117763
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:10:33 GMT
expires: Thu, 04 Jul 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F8E 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame FB96 3 KB
4 KB 58ms
22ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1507
x-guploader-uploadid: ADPycdu_bETbAO3L7E3ZwmLe8QxiVBASGCjfRAxwlm_tkXJYko3jNEaJxZb3LISJ1TPqVw-ds5Su5eyQQRqdQCYhbG3a5A
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 3262
last-modified: Tue, 21 Jun 2022 12:31:17 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1655814677405990
content-type: image/png
content-language: en
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D1%2F6EWhfgqNKCgGEJjgVwDlzAWhNIqj7zFQrEk4TzkZFJvVpZxlC2ANmzRlaNOtsn%2Bsek4pZpu%2B5i0Zt0XfAbMStDmq%2Fme6Uipv96j5QA%2Fv2qBEKlu3NZw52DbLw6CbvK%2B5%2Fhgmr68txUMSA2bZKa17F"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7e290507ee553665-FRA
expires: Thu, 06 Jul 2023 16:26:36 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D71 37 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/14117493524039618747/fonts/ Frame C549 13 KB
13 KB 9ms
9ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/14117493524039618747/fonts/ Frame C549 12 KB
12 KB 9ms
9ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/14117493524039618747/fonts/ Frame C549 14 KB
14 KB 10ms
10ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 042C 2 KB
1 KB 20ms
19ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1703395
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7e290507fe16373c-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Thu, 06 Jul 2023 15:53:16 GMT
expires: Thu, 08 Jun 2023 00:41:56 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5DeBRvF7NOIFpuw7xeHtcq%2ByhzDAOfDL48s%2B5%2Fz1Ox1Ep5yDsal4%2BIl7E%2FkjSDgLx0xFeYent6SFGIyoobhPeIREa%2BqBa0U8WQWHVthgCeDO4M0yy3hTjJSWbYUN8R%2FMfLv5TZI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/14117493524039618747/fonts/ Frame DDA7 13 KB
13 KB 6ms
6ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/14117493524039618747/fonts/ Frame DDA7 12 KB
12 KB 7ms
7ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/14117493524039618747/fonts/ Frame DDA7 14 KB
14 KB 7ms
7ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 16:08:06 GMT
x-content-type-options: nosniff
age: 171910
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jul 2024 16:08:06 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame C33A
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1534583/72389219/skeleton.js?adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_ur...
https://static.adsafeprotected.com/skeleton.js

17 B
464 B

21ms
21ms

Script
application/javascript

2600:9000:2450:a800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:2450:a800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 03:50:24 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 18c175f0712f202f852e6fa991d829d0.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 25012974
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: GXUHCw0AoVLYoZe4fChOE6myM1QaopRqniYfAuboTMxJhWNQrCDlfw==

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
server: nginx
x-server-name: app15.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame F02E 91 KB
23 KB 21ms
21ms Script
application/javascript 2600:9000:2450:a800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:a800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 18c175f0712f202f852e6fa991d829d0.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 24884220
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 3PJr2_cBOSjVP6B-hlRVFYIX82gAQxQn9HhpwDzqfD5XSojM9872Yg==

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4180 0
0 44ms
44ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstZW4m9pRHglbja2rS7KqZ3XEgQxp1UH9p7e6ShuG6b8xhQyqtoJeFVnE0f-Tu_BnyZjAaAmLv9tsodpKTWv8_Yvh4Q-OeEL3c_wR-7-6I9Om_RPIWW1kMBKieamxbGqKZEVXIC5yUcAhYBGPgDNMUVjjdQvY6OmVdPOhXiFYQtzAX8VUYjdJrA7Ag5f-LZJ9x_c-lPXASveQvtU15sYuxjEla-2o0xRsnxPd77CNzLwHEyaKaFQRsM1WQAYvJi6hvzPQA5_t2-mBJHY36Juf3tQOsaWLSyVJOE5zfkOB1RZt2d8RJKQ6uDvYBS4W93OOZCwS4JyvT7pALZMD7u26QHan8-zSk0mtpmxxMP6kp_NtH9DI-CuF7ik8YMXrL1ilMekOcVg6ahTrGLpj1oR35wkR6VywdytYQKJFQ7yxh6QFUCMgZ5R8l0zRsYnF5NB3oXT7TtewTH7C4djdFN_13X3SQR-ncXcxpS7KtZrKEbYvSJtTj50UzfkJp2d7QiVHVmWs4HV5Dhaoh5zDD-p7qG8FRYemaaalyM4UzQtiweY3-YdUkahzys3HNR7bvU38f8DETx5XU19U4H2SRbkVKsYIM-dHfq9v842Rm4JZpDn6OL2jSUqVu3JEsBgcHXAv_8yBL5n-a6TLq_tnT3eMrzjnN_CIGuXYAqCDEp3BnsvEYxxO0xI16YYU0-uHjW3WPMcl08P3NzQno9jSjKqIn4DMD86zumX_MGyUXWGq4iSRW1VIY0yM62vbV16XthM_eZBY2TRLfN9K2MMZIxd2PZO8E7Zewh2g0NhE_EoSUt6bkQPOIdD1HAVUi1Y2FkEJPrPN6efnUHeM1pRhxa4SKNrtM0C43w_lvVVqvk6hu3KPkgbfs7N-fK9l-suDGzMwElaZRX1Nioxrx9nLcfOXdRmb1WUtqQZF2y9hFABsewLkD_Gq1-B_fAKxdv1mkdtqwiSArYi-WyeedAcFfxEwZ4DzB_l3lUyEPCN0ScqEoMl3mfPdHdaph7zGcpsyuwEv_4RftgnibEBNbpRT8T9AHoOyhgGlNIfTcsne10ZptSgOzFCXGGtr4TewYyCWuKcU2OUEgK5BjB_4TPh7FSjSNVy_O5Kj3Oge1qe0JEHz7UI68yvjSqlHsOc8KtTzj-qbG-hT0wLK8SwDw4kZ9p7kLN6C770ilk_oHZes4A8QPMvKifwx1LJqQ3ngCqwEt48yVThpQHNLXouJ8H7z4JyTcmKLXr4gYiPRol_JXBnUmSVxZ9ZLus_Ewzpb4BbP9Pe9esisKn-Cy4P3J5zA&sai=AMfl-YT_BefJrwm3sN6zcSWS8Vnjb0LE14XG2w8DFIGzNaJT2VBJ6aQosXu1vSUlsZN9mAy4X_Dq35Dt2KWWyMXdVB9fAi-7UFX1oTKG3LWdzowmQSaOrD52FfXMF01S_6wHpF0avEz-Jl_pFfyNYLXrjFrfAE-P8y23fVyKX7ujVE0Rj5DmtcPkniN3GoTPIvyZuWBX7EEQ3edRhaWvUE9h9zkuWrw8Mkk87eVfQTTE98sEWAByK7Tb__hkLlkRghBSOe1Xe-8YIDBlT9QwWbQ2uo_E6KS77lzD4cuNkba28mk3j3-S9A3FEXU3w4ndPLQ6ruZmRf3_EQnq6rToENNOo6GBcZrWuFk2F_JYvudanl9bCL-4FuBRnpR7YvhuVw&sig=Cg0ArKJSzLi8sbFy-V5EEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=629&vt=11&dtpt=361&dett=3&cstd=259&cisv=r20230628.20265&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame D553 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3171367898&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796230&bpp=1&bdt=255&idt=373&shv=r20230628&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5009419851692&frm=8&ife=1&pv=1&ga_vid=1109457596.1688658797&ga_sid=1688658797&ga_hid=373157153&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075758%2C31075780%2C44788441%2C44796477&oid=2&pvsid=3572277614357598&tmod=41027345&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.jqvbfcw68pku&fsb=1&dtd=378

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 13:24:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8917
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 13:24:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/ Frame D553 20 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:14:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 23:14:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D553 0
0 15ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT3QOS62vvrsNdcrAbHj644qcexLUZQCJN53ud0eK0x-Ee1VRX_oSX5m9S29YvjxWQBfo_8lGqMm2Ydn5Eg6dYgBtauBA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3171367898&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796230&bpp=1&bdt=255&idt=373&shv=r20230628&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5009419851692&frm=8&ife=1&pv=1&ga_vid=1109457596.1688658797&ga_sid=1688658797&ga_hid=373157153&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075758%2C31075780%2C44788441%2C44796477&oid=2&pvsid=3572277614357598&tmod=41027345&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.jqvbfcw68pku&fsb=1&dtd=378
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D553 0
0

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/4323423352959208367/ Frame E672 3 KB
1 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 14:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93194
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 Jul 2024 14:00:02 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame A534 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame BC25 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C33A 43 B
216 B 709ms
340ms Image
image/gif 2600:1f13:800:7782:8fed:9484:95d0:6996

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=4bb07627-7473-b080-43dd-fcbc3405c939&tv=%7Bc:hBrKH2,pingTime:-3,time:331,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:258%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:332,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:258,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B111~0%5D,as:%5B111~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJfidB7+111%7C112%7C113%7C114%7C115%7C1161%7C1162111%7C116212%7C117%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a1%7C11a2%7C11b1%7C11b2%7C11c*.1534583-72389219%7C11c1%7C11c2%7C11c3%7C11d1%7C11d2%7C11d3%7C11e1%7C11e2,idMap:11c*,rmeas:1,rend:0,renddet:na,siq:260%7D&br=c
Requested by: Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:8fed:9484:95d0:6996 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: nginx
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C33A 43 B
217 B 538ms
172ms Image
image/gif 2600:1f13:800:7782:8fed:9484:95d0:6996

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=4bb07627-7473-b080-43dd-fcbc3405c939&tv=%7Bc:hBrKH4,pingTime:-6,time:333,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:333,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:258,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B112~0%5D,as:%5B112~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJfidB7+111%7C112%7C113%7C114%7C115%7C1161%7C1162111%7C116212%7C117%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a1%7C11a2%7C11b1%7C11b2%7C11c*.1534583-72389219%7C11c1%7C11c2%7C11c3%7C11d1%7C11d2%7C11d3%7C11e1%7C11e2,idMap:11c*,rmeas:1,rend:0,renddet:na,siq:260%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:8fed:9484:95d0:6996 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C549 7 KB
6 KB 48ms
48ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

929ff9efd41a389cfb2f77e66500bfd62950e3bbaad165c651830fe28ade814b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5805
x-xss-protection: 0

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/4323423352959208367/ Frame F9B6 3 KB
1 KB 6ms
6ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 14:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93194
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 Jul 2024 14:00:02 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C33A 0
0 44ms
44ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstILjbijOIN-KrEYzf5XVleSVrremiaOapp9lRd4VkPt1hZWS1S7errHJ40amb3C91V-8lwz0LaOMTJN9_-3uVLlAzToHHoJjVWxuXEJCJnenZBlPBRKOcUoZrLayuxEoRCx1Ia_Fv1zrNtq43bEZx7wthc9Mltqr5kDO_oMz1RfMaD9pEyC8vWKH5cDpry8v-VPfOEGoyqhXPEq1FHUrSqeerHmB5IUhOaUaGdTZecReWkI3quv2joY7fLGz32MlJwHST2he1vKe9PaTnkVtSQZGk6TBOU_r0SlQI2zqJ67CSA5ww443CtsGCDwBJk1Hi5k-MP77fYeuNDQhN6avJJxmqixUrQJhcNCSNVPJzG1Ji6KXJWwi26QGk7uG8V6SPiyBw9qylFaMif_HLNqoKAjsPTcu2ElYyVu5Q6SuwoCiHQzlLByDQXzlFoxM65erefxYgnlOZK04r5KvVtTucgsan__5ESMxKE2ceZTjoojkHmf57PaFOt81NPDaIUhP_TRElxXQ9oVnoQuDW5kf4ZWfNb2ld3s1si1BAD5dL1WwSiL2TL4XmZIUq39PU6si6G5vV0W-Ejk87Mfy7ZzkQw9UBTFpV1YNTjFlwhTvInSQqNwrWrRkyVKEgjfVYOxlNGCMUMf5zdnp66gI_bT4N86vc7PIFig0BpIS0XOsEJSUzTH2IB21LQnxCCJik6kHB_QMOXjPoglQOh-G1pBsBP7uf9rUeu8FLC8PG9wK3z1Wa2TbjqdbL0061R3dCjhXhsuc2aeFiZiGwe7oAXcHqEDkOT1hnjVYyo8TwGbZ8vHDcvlnKSBg0Qfg1jeaxnmI6ZI-EkU1MMK3ZCpBFYTmFUOUgXSaogwF08dimg5LHp4A_ztvWvn9cOB6tffrURocaxlCHWqfD0AydKLuavOKQHA5ubk4aYObB6AT2Hcd3s8Dd3Lqn6XiB8cq-nbxkA2RRFuGDzkTS4lJvOOPceeQE8Gayk3LaD4slTQwk7U9O2UqjNXImqDxv-s-xn-V7upBtYS25E4-9nOy-TueIBCLHXB_HmWhORMoDZo3j0LpJrZlpbb0mNvWc405N7MSfKlSHsf8tOZJrNoP219NsYLwCxGZGPUIIzPIdS09f0p1DhNWV3NCzcp-JbCVQOrU-c1VRCrrMKA3TGtSWANcDe6F0N8cE3u5wtc7ffFM2ML_lgzer-6ja5gNhXjiKPx__2aUryyEGTfLW56XuQERsyt2gy4lhtiuXi0i6hMk3ZhHGPzDGN5Zjh1fekiDo-KH7EKd1AVJ61_56joMVJdl0&sai=AMfl-YRD3xl8sK_CeMjqwC2DYjUOofULPi8z9lo7WA3lfm96PFY_2M9A2iDALz3XGo7w6XgloB3X73N5rii9leOQet7e8axy6j-AdPWS3XBq9xRRSi9TduLGUxEIHXlxttHkbkslenILwT52512F1LWyyf0vXSDTq0SrS-1VK6JAusQeJKRxANvPOwwREaYROnOlHdDHA7RpSi1vL85vh_mWKtsV3LlvAQj0HWFljB3VN4EwzHW7fDlzme_ez-cTPhP9WVG_yPVGyhxO30jB-oOqmN6v61VWdmBmbevAaW9gIhRKQ7vRjVCUJKysTZtHFrLXBrI3P_zaMQZnhk3GO7GKHfoou0bU9pNNp8mxlZ8Y-r7KZYHeBd9kVS3g9hFqSg&sig=Cg0ArKJSzGORPCzhVGANEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=672&vt=11&dtpt=362&dett=3&cstd=303&cisv=r20230628.76897&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 06 Jul 2023 15:53:16 GMT

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/14117493524039618747/img/ Frame C549 37 KB
37 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/img/visual.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4551d9c02b370243ea5e05230e649be8b92676e74298ebe48a2f6ac5463727f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=ehPEsEAymS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 07:00:47 GMT
x-content-type-options: nosniff
age: 31949
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37458
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 05 Jul 2024 07:00:47 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D553 0
0 51ms
51ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CFljpbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSvAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFA1LykgZ-U-1MOQ2kMzHsIiIr3gLwLaTnUqLPpOpLI2rjE-HFjjiABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNjU5MzUyMzIxMDAxMDE1NBgA&sigh=KHl8Ps8WF9o&uach_m=[UACH]&cid=CAQSKQBygQiD7MWZkpT1PkyQg694c0nmnE0QPYgZ9EFm5h-vy18JDXcROUFHGAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3171367898&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796230&bpp=1&bdt=255&idt=373&shv=r20230628&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5009419851692&frm=8&ife=1&pv=1&ga_vid=1109457596.1688658797&ga_sid=1688658797&ga_hid=373157153&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075758%2C31075780%2C44788441%2C44796477&oid=2&pvsid=3572277614357598&tmod=41027345&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.jqvbfcw68pku&fsb=1&dtd=378
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Jul 2023 15:53:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame D553 0
0 18ms
17ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1gpjnvda3t27ak5dvjbtt7fmkf24ebctzfe3htjw22943btaq29enepwcfte7q2v5hctp2jp6yy8rnt90xs5dbvgqqxq846mjb9kferhcwg38xhg3rx72btghpnmsqgqyntbqffm8wnnqx0hy8d5ab6zreajwtky6bxnv99wrz2as3wsw5yz2rth9gycg7rrenzt6rktbmsm2pv4rzxj1trx8pffykj30qzgy0bbwrc0vp9yfbt1jq2hft0qwwjp23wd0e4qv4gxxc2vq9891wk1gdb08zmm7k094bgt3rw80db83yhdb1xbtnz4cg7tnqy2j5rtrprcjqjvratx3ss76ajnbnt8t9hmg4cfqxf8ttdey8pz1ay720hzfd8wbaqkp08zcr&b=ZKbjbAAJ1GYKwkO0AAtXEYv-PsYKTKuAUADv0w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3171367898&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796230&bpp=1&bdt=255&idt=373&shv=r20230628&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5009419851692&frm=8&ife=1&pv=1&ga_vid=1109457596.1688658797&ga_sid=1688658797&ga_hid=373157153&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075758%2C31075780%2C44788441%2C44796477&oid=2&pvsid=3572277614357598&tmod=41027345&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.jqvbfcw68pku&fsb=1&dtd=378
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 06 Jul 2023 15:53:16 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 dr Show response
as.ad4m.at/ad/ Frame A090 2 KB
2 KB 31ms
30ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1j3tz8nvawghrrjrmqa5m5m7q88h7fhn7y86tszcd3cgbb2fzrdmh33sv23w38dtcf86k59wyj8a7m469a5pnb6yqz9zrzdk5z2s93w719gqx5h8jem1w2vf1qzrnch7fntckx1etn36qcfdncfxje9b5wn7z586f1728x71wxxyck3yqtp5dsky0d3p4zwcf766r2v07g9bqqqdaq4wjev8byq59mqqwdevaevn8fgf9nb31azdzssv93sgjrpngyvwrpthfyy14rt83h4np0f99a4agpb4xfdkdpt9dngheskamdhnqp786ky00k4g4jp7nr02fh5x3fvmg1rww2na3490tx2mzshz1fppxyyz9c96dj0231ybjeanhkq66fjyghhkww2gpkr0vnk4ehb9tnkgkecyzec5x2bp5ksxbbsr28&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be0ae62f32a3fe0133e8e49216d3bbe15fea5b10d567164a45d3a138bcae8dcd

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e290508ff59373c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:16 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4123 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 82840
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Thu, 06 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 2C4D 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 4180
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1534583/72389219/skeleton.js?adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_ur...
https://static.adsafeprotected.com/skeleton.js

17 B
463 B

20ms
20ms

Script
application/javascript

2600:9000:2450:a800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Server: 2600:9000:2450:a800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 03:50:24 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 18c175f0712f202f852e6fa991d829d0.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 25012974
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: eePCFNe8sTsSekKWtdA1jcIFAHKPmhnz7fQbAsQ7uRnZLp9Fjz819g==

Redirect headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: nginx
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 4526 91 KB
23 KB 21ms
20ms Script
application/javascript 2600:9000:2450:a800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:a800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 18c175f0712f202f852e6fa991d829d0.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 24884221
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: QJogVVaiThj4R85_R70e1Kveeuzw6PRzyYbfGLS07aTWs8fnfreszw==

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1019 0
0 46ms
46ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuXHghkGdQIZawt0J0WUmTxNOCEsjaOaa6l42BoYHK6GegCvCzPUiaRguaZVHRFogtaEMPRE7RR1MMF67C9jwG3xxMsO_8IfCLwY-49GKAGFKBtDKJJHIbCAGuqTb1e4oyu7nZ0iUr3H7p0uaD44kalKqfOR44IFxENxUdZfRNuzhnkoFxj6ZUVqdOTZuADp8d1BhhWN8xl7nViRwyohtUpR1rtlckwNcxE5YqSLbUEBJyfFpgwNrgk9RrD0Mu8rSAOZKwVzCgAMJPWPP3iqwwd-0yxu6i1qRWof1LKgKZoBHF0A8m0XpzNTtjLr5X8IfAMEqXmgrj7GSKqEDwYePCDIhqBCLvuKhnLglj1dScKLSnisw3arUiTV8XOYVdtf64m3-TQ60vDvFxOznYxuQR8MZP-_FitgAuU0u8giLEPkFo2kKoXtFP-lmLh1jsaky3kKCEChnpBOPDq5WwRTcOP3PLY962eAxtKmMzs4PMXngNd_BJ3cIWo_FeTzk745lEEp5Dmza4_xdiVEbeCfkYzEs2E7-Io8dnqwe5tvszhrrwuvuHl1tDMif8Yh5c4zR3erF7DjR46yXAfn4DFG2zc4T0CyNm8s9zNKYmaxj8d28fDvya79od7sKfv5Rud1NKgXJJBZUYM8Cz-fHlmmhkq73NiRtt9r3J5LckQKmFlD_kl-E1WwoYkJRGY9qokD3qJ-468aeueBe5Ix6blZzaZPDDG3IF-s2Pgui4i4kDcuULH7eNxLCgWoDdZss7bG9HSmOMrtfm-AQna7_XDtF1meKX6VPTmrxXeHpFmf3cXph22QJthmMIGaSVmmvqgt6fzyYF3OgK56dnGu1r5hvv9rDSlD1oWkIu8oMNVuxP-EVr55L31IrgVa_YWoLqiP3zn5XlAeZcG3_h7pEnOK_GaoDISt8imLTK0f-1E-dn79giFHkqwj28wJvQIEgeMvWs_6ZbjefQZPa-1MvzKgzGJRtbtFq36X-xglsnQRI0KJkyarfMffRWe77kzwnvAJvBxPnW4MrX3X12H9IJs-YlT7Y7FXdbQyaZWEldtaKaF9nDonhfQ52oHmTmuF818EvZmzwu-yfTOjzuSM8nZtVBB04L4uE-kC0bBjMcMz-KKChQMREUrS77kTJPCRzgvh50JN-a6Myn8as6oJ3vjrYgYgi2Mc1ECX-MKLY4Sp0IMl66Tb8WB-8HDh9RdeW6BYsaiEFiK65Hdyw-HmeW-L0-qZ5jjybTEfVAI44s_KhXuWNMcfxqyHxbEfl_fU_9RxTkkAwvjUGgrLg5xz2hUCPESwdJ4m2OWkh4ZKA&sai=AMfl-YTNBaI18sAh1aPeRMhGuPCcOEpgQj8jzz7P0CbC69Atjfe2ti99R2MKDzJ7-4NLYm6qjvGTgZbOroVtOelUjNEmp2ps7t5DcgC1TtJavFny8YFcDbx4Acz-QGF5XimrAOZ332Rwt8SxVCEqhX7Ig5wv3QDK7ifjpW1botu7TzV_dNeexk7yc3_AON4YIZnqOwErUJHIZV4h1_5jRtDMojHgquwkxafcUSiLJCPG7dSUOUBp549mR0pOHEHpRjyv6vDyH4Gc0gn9R6WN9QA5pBwp2YxV84TnZYSGwGdD8WV-qx5QhOuPK2ccbp7pCE0Vb7mzd3j52ZncuGQU3SGNta8wZGdXoYtfuXc&sig=Cg0ArKJSzD2kultIjsxOEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=660&vt=11&dtpt=413&dett=3&cstd=240&cisv=r20230628.35923&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame DDA7 7 KB
6 KB 48ms
48ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4663cfbe3aba38767c856864d0f5f018abd5505c553944f41d478ff4d63bc5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5764
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C33A 43 B
216 B 425ms
173ms Image
image/gif 2600:1f13:800:7782:8fed:9484:95d0:6996

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=4bb07627-7473-b080-43dd-fcbc3405c939&tv=%7Bc:hBrKIW,pingTime:-2,time:449,type:a,im:%7Bsf:0,pci:%7Btdr:90%7D,pom:1,prf:%7BbdA:334,bdZ:462,beA:669,beZ:670,mfA:886,cmA:887,inA:888,inZ:891,prA:891,prZ:922,si:928,poA:929,poZ:947,cmZ:947,mfZ:947,loA:1001,loZ:1003,ltA:1117,ltZ:1117,mdA:670,mdZ:788%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:258%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:449,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:258,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B228~0%5D,as:%5B228~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJfidB7+111%7C112%7C113%7C114%7C115%7C1161%7C1162111%7C116212%7C117%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a1%7C11a2%7C11b1%7C11b2%7C11c*.1534583-72389219%7C11c1%7C11c2%7C11c3%7C11d1%7C11d2%7C11d3%7C11e1%7C11e2,idMap:11c*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:260,sinceFw:188,readyFired:true%7D&br=c
Requested by: Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:8fed:9484:95d0:6996 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1C11 0
0 45ms
44ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstLas2XB2unIvKPHCwIZsulxvwJn7iignDVVNmcGPQVpxwXYfEPjaLAujHQltooNh96ztHS7_2lHb5cao_KZPVnK2e3-CVuiagmegtUeIkTdeFvgfEv0SkJXKB0mBdcyRlVO5M6hq6inVFQcRCdU_qnnGI5Eqk3EEjtjPYqKlF4HJl7bF-kuf1wcX-Vyy7y0qTy9GxazjLecQhC-Q3OkVVALjGdy3zUELnh4VUnOj0VVIigSzM_Noo_6-rpEkkuyeXpp-6OMcBaSQBuQ4sN7JrJ0P4IUXLyQbUDLt1DFz41fJVHAF5jTx1oQo1PydhDsywqMR3jJoCUW-0hmRsYW2bFDJe5YQUu0ZvN2vixoMUyUU0QSV7QRKfK-G1VKHX5bjZ4PXTTuRhqitEWRDZUSdu10NgeLgzCeM7EsG6p5IwJjuvQsh0DOSWewcytrQgmoR5_p7PluQTfHxWnnIH9kcFbz_wBhpYHiUgZkpgbsTTqiK0JanW17r-Y7c65t_0uhw8Ra82m12IGSn63sgOe3SgXxEry4lPwWuFYMlDBcTOkulqt1UlesOPF8yMhW2ELOvECAYoXXJWsgCS3vOXBCQ4tvclwtYNlXuMIPabNFoThiGtfoAXvASbpPc2N4vUXbM0DraVp1e0IpOb7-PFJTOPEmxtEoy9Zq7pzU4CnaTjIKlSut1AJIRfAuhpblypfFok1Jm_R-hvlPPiH5cuai_lyqmhp0ZiafquuWpA61EdtC1TCiENNAqEZ0FBsvdA6V2_Nt9rQ60RMFwEIVSRdxmU1n9QE6aLkXiaQ_C1FJpYzTiXyW8WajaNZJLyGKfJGYEi3eJ6WFy7Ecfab2JXUe2QprU8RNb8K4O_xyN_S3kdlo7sylV1y2cv8CnNPcqvxwzR4B36akuoE-a9gf4lIDuJB7nd57L5mGHvHDcutAkifBfcotT75bwlZ81QbgvBn_oiTuMMfX_PsVnq5LO23Is1ipixHC3hmvSW2zefkJwRtQErCaHDTuUjVd6RrFbmtGPPz6r2vCDW_zc2SHlvPT3MrVmKi8g5RMSq4-oJyNZWyD74esMP27V4kKmV5HpfkH7KHZhSp92A2KBYEJhQQX7VXOaZMJvAxqx_4PDcsfsy1MuarEtU0ftBq80tYAHVRccAGNTVoeuvtSkxoXtOZIMsrg33n1wcIAYoVB3dkg8WG9j0FQiBeNHJBxwRLWjYIwFbW2l7Mhc86hcDb3xxsGp6Xmkgig7FLD83_06OP6L_tvYOx3g9bYa1AFQj8qfZaGhuiIf-OiEHSabIMhWgtdqHMIyKCCzNynCqFfQiroWB2-zzy&sai=AMfl-YRgnBb6HuY6Bs9ltilRZqThSpEqPs-youQxi071RWMeIdVoFAU_texFvAcIa3xXiLPlOo7PJLvdQDOtn1Ou4qMZsNPBUP1sZHObMOwez7iSkh7MiaYvPFvdQUR123_W2CEvxK91gyODKdRmHfBQUJi1kmuYNRJZYIB4HN05e4kW6TKHcp2z-_Y3pxlsy5gSo2z7GVNI7ktKL6v1KwLIs7zjp0nfiWelcBZY6z4OgBmrSk0ROM22iWQltfNbuCDfqrQVp1tEbp4_EbSe8p474vXICbB0ruyycUsxHJQc2ifUZnnNBziUfYcheLgYBOI3yRSXLCfXIY2dnhLBxiz-x5VxRA_JiE4uCIg&sig=Cg0ArKJSzNW_7-y8M2XaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=631&vt=11&dtpt=403&dett=3&cstd=222&cisv=r20230628.87947&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C549 17 KB
6 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame A090 114 KB
14 KB 19ms
19ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1j3tz8nvawghrrjrmqa5m5m7q88h7fhn7y86tszcd3cgbb2fzrdmh33sv23w38dtcf86k59wyj8a7m469a5pnb6yqz9zrzdk5z2s93w719gqx5h8jem1w2vf1qzrnch7fntckx1etn36qcfdncfxje9b5wn7z586f1728x71wxxyck3yqtp5dsky0d3p4zwcf766r2v07g9bqqqdaq4wjev8byq59mqqwdevaevn8fgf9nb31azdzssv93sgjrpngyvwrpthfyy14rt83h4np0f99a4agpb4xfdkdpt9dngheskamdhnqp786ky00k4g4jp7nr02fh5x3fvmg1rww2na3490tx2mzshz1fppxyyz9c96dj0231ybjeanhkq66fjyghhkww2gpkr0vnk4ehb9tnkgkecyzec5x2bp5ksxbbsr28&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1j3tz8nvawghrrjrmqa5m5m7q88h7fhn7y86tszcd3cgbb2fzrdmh33sv23w38dtcf86k59wyj8a7m469a5pnb6yqz9zrzdk5z2s93w719gqx5h8jem1w2vf1qzrnch7fntckx1etn36qcfdncfxje9b5wn7z586f1728x71wxxyck3yqtp5dsky0d3p4zwcf766r2v07g9bqqqdaq4wjev8byq59mqqwdevaevn8fgf9nb31azdzssv93sgjrpngyvwrpthfyy14rt83h4np0f99a4agpb4xfdkdpt9dngheskamdhnqp786ky00k4g4jp7nr02fh5x3fvmg1rww2na3490tx2mzshz1fppxyyz9c96dj0231ybjeanhkq66fjyghhkww2gpkr0vnk4ehb9tnkgkecyzec5x2bp5ksxbbsr28&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 708011
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GSSeL6LYiKiisEIvO6%2Bqj5EoIol6LNXUXm%2BppMQTVgRbTe6esa4ZyhyulG4FIAdLVb%2F7mDJtzSG%2BLE%2FwB2%2Fv7o289P9X8nfOka9%2Bn9u%2BADr8ATvGw1YX%2F4XIUW9%2B7%2Fy8%2BvABV4qqRMU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e290509c87b373c-FRA
expires: Thu, 06 Jul 2023 16:53:17 GMT

GET
H3 200 r62eglto.js Show response
ad4m.at/ Frame A090 25 KB
10 KB 26ms
25ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1j3tz8nvawghrrjrmqa5m5m7q88h7fhn7y86tszcd3cgbb2fzrdmh33sv23w38dtcf86k59wyj8a7m469a5pnb6yqz9zrzdk5z2s93w719gqx5h8jem1w2vf1qzrnch7fntckx1etn36qcfdncfxje9b5wn7z586f1728x71wxxyck3yqtp5dsky0d3p4zwcf766r2v07g9bqqqdaq4wjev8byq59mqqwdevaevn8fgf9nb31azdzssv93sgjrpngyvwrpthfyy14rt83h4np0f99a4agpb4xfdkdpt9dngheskamdhnqp786ky00k4g4jp7nr02fh5x3fvmg1rww2na3490tx2mzshz1fppxyyz9c96dj0231ybjeanhkq66fjyghhkww2gpkr0vnk4ehb9tnkgkecyzec5x2bp5ksxbbsr28&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 180438
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Q8lhl6gL69ZUNzAikigL3oOGzgbAU8vSWMApa2FBT6UesviOqzXKGUZU4rCIPV34ScCcdeRLOEl2qC99D90GvaZkVE5D1S44Yiu4%2Bn4n7DBOzvJBT8xSC8oT2ltRcTDeEle0NU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7e290509c87e373c-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 27 Jun 2023 13:46:21 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4180 43 B
216 B 373ms
173ms Image
image/gif 2600:1f13:800:7782:8fed:9484:95d0:6996

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=921c1f00-4a3b-efa8-f11e-02ea53925ab1&tv=%7Bc:hBrKJL,pingTime:-3,time:498,type:v,im:%7BpBlk:429%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:387%7D,%7Bpiv:0,vs:o,r:l,t:498%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:498,n:498,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:387,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B128~1,0~0%5D,as:%5B128~728.90%5D%7D%7D,%7Bsl:o,t:498,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJfidB9+111%7C112%7C113%7C114%7C115%7C1161%7C1162111%7C116212%7C117%7C118*.1534583-72389219%7C1181%7C11821%7C1183%7C1191%7C1192%7C1193%7C11a1%7C11a2%7C11b1%7C11b21%7C11b22%7C11c1%7C11c21%7C11c3%7C11c4%7C11d1%7C11d2%7C11d3%7C11e1%7C11e2,idMap:118*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:388%7D&br=c
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:8fed:9484:95d0:6996 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4180 43 B
216 B 370ms
172ms Image
image/gif 2600:1f13:800:7782:8fed:9484:95d0:6996

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=921c1f00-4a3b-efa8-f11e-02ea53925ab1&tv=%7Bc:hBrKJM,pingTime:-6,time:499,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:499,n:498,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:387,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B128~1,0~0%5D,as:%5B128~728.90%5D%7D%7D,%7Bsl:o,t:498,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJfidB9+111%7C112%7C113%7C114%7C115%7C1161%7C1162111%7C116212%7C117%7C118*.1534583-72389219%7C1181%7C11821%7C1183%7C1191%7C1192%7C1193%7C11a1%7C11a2%7C11b1%7C11b21%7C11b22%7C11c1%7C11c21%7C11c3%7C11c4%7C11d1%7C11d2%7C11d3%7C11e1%7C11e2,idMap:118*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:388%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:8fed:9484:95d0:6996 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: nginx
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame E672 13 KB
5 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 15:14:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 434310
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Jun 2024 15:14:47 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E672 7 KB
6 KB 48ms
48ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3b7a86849ab0b7543e6070630f3a4b2b34b82ce17ca59230c99afb559a33980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5741
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 204C 0
0 58ms
44ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuDE61M0Z8cR_lNn6cCrS9Kk5miVxP8agkTMsMeAPrMtnXB7bELkdqUYD5ASe05F-btvybiHsFPwoYX8RhrNnujnededMJ2_ax0FUHupLHHobw7rGU644Ru63QGYfestcsb3vZl-Mtu33CrtfZHKtAhwtSyRuaqOM1JfoxRXrvsiSshJKm_OFzD_y_KSIU_cYALpXTeMGkVaD7rkHk8fJ2plcvygfyc5A-DQ6S3ZVOFN1CmqX4CG8c18JQv8jjRZb3hbthbGhZ8CI0SDRERNXfrV4Y_WolV5EAx7gO4dttyUm_yjZ7DehzejEwdw06HzOnu2oTT8gxpcHg_TeEp9NsnJE_e5bkxx7WB6kEzZKI&sai=AMfl-YSuoX5A8ax0k9ey3xSB29QoBurfBs-GT7FXhpzY7L9Ro8dk7cufPi2ciiSY-JAqWijSr-oIIC3IEJ_e43QurTtarsL86_tl0cxBPz15ODQ&sig=Cg0ArKJSzFzzgzHUOneTEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 204C 15 KB
12 KB 60ms
59ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230628&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9624f1a9d6270645ab432aded66d533d9ada601d31560d8329fe3c4d9fad9f36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11836
x-xss-protection: 0

GET
H3 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame F9B6 13 KB
5 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 15:14:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 434310
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Jun 2024 15:14:47 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F9B6 7 KB
6 KB 48ms
48ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

482607542195df4a5a734af958d31a33f3f5b8f8eca403ac870acd1a6dd90994

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5744
x-xss-protection: 0

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 2CFF 0
210 B 62ms
46ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688658794973&userId=vnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 06 Jul 2023 15:53:17 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame DDA7 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4180 43 B
216 B 337ms
172ms Image
image/gif 2600:1f13:800:7782:8fed:9484:95d0:6996

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=921c1f00-4a3b-efa8-f11e-02ea53925ab1&tv=%7Bc:hBrKKm,pingTime:-2,time:535,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:435,bdZ:576,beA:782,beZ:783,mfA:1151,cmA:1151,inA:1151,inZ:1152,prA:1152,prZ:1168,si:1170,poA:1170,bl:1211,poZ:1211,cmZ:1211,mfZ:1211,loA:1281,loZ:1283,ltA:1316,ltZ:1316,mdA:783,mdZ:917%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:387%7D,%7Bpiv:0,vs:o,r:l,t:498%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:535,n:498,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:387,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B128~1,0~0%5D,as:%5B128~728.90%5D%7D%7D,%7Bsl:o,t:498,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B37~0%5D,as:%5B37~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJfidB7+111%7C112%7C113%7C114%7C115%7C1161%7C1162111%7C116212%7C117%7C118*.1534583-72389219%7C1181%7C11821%7C1183%7C1191%7C1192%7C1193%7C11a1%7C11a2%7C11b1%7C11b21%7C11b22%7C11c.1534583-72389219%7C11c1%7C11c21%7C11c3%7C11c4%7C11d1%7C11d2%7C11d3%7C11e1%7C11e2,idMap:118*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:388,sinceFw:147,readyFired:true%7D&br=c
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:8fed:9484:95d0:6996 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dpixel
cms.quantserve.com/ Frame 4123 35 B
466 B 39ms
8ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKlP6BEJFrF_-lQ_DJou4JQ&google_cver=1&google_push=AaAOQGGtCXBjWnkZ37EA8ZyYliVY6MDoZwB2_XB5g_c4SQzg7bOP1Vnmff0iQLPtoIimGdsY-wr7xWWziAaYUHu3vfK7bu5yPxqwniTB

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4123
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM6vBoyaMbEPG7aXhytJZ9E&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM6vBoyaMbEPG7aXhytJZ9E&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UWh1aEVGRTUxUWhyaWQ1&google_gid=CAESEM6vBoyaMbEPG7aXhytJZ9E&google_cver=1&google_push=AaAOQGETr8gRnsnBsteSzq9l36-vVqYdh3An2KmMP8lOHff...

170 B
188 B

19ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UWh1aEVGRTUxUWhyaWQ1&google_gid=CAESEM6vBoyaMbEPG7aXhytJZ9E&google_cver=1&google_push=AaAOQGETr8gRnsnBsteSzq9l36-vVqYdh3An2KmMP8lOHffZEX3k4pjva8Zn4u_p79fsT-FzEF6VO3sYv32SB9PdQDaKMLofb91A0md2

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 06 Jul 2023 15:53:16 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-008a7b4f528d14c6d@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UWh1aEVGRTUxUWhyaWQ1&google_gid=CAESEM6vBoyaMbEPG7aXhytJZ9E&google_cver=1&google_push=AaAOQGETr8gRnsnBsteSzq9l36-vVqYdh3An2KmMP8lOHffZEX3k4pjva8Zn4u_p79fsT-FzEF6VO3sYv32SB9PdQDaKMLofb91A0md2
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4123
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEP-JfLJ2asJd4ylrQSlA5YU&google_cver=1&google_push=AaAOQGGdN7oQ9t5Lo_NGGs6gicZushV1YroEzYjnypfVibg_oOBxE_9OjsJKe8_2C5nhoAnJ5rF6CQiXqgSiDhqx...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=AkqdFVJ8RKq9NaTmO6K6Dg2&google_push=AaAOQGGdN7oQ9t5Lo_NGGs6gicZushV1YroEzYjnypfVibg_oOBxE_9OjsJKe8_2C5nhoAnJ5rF6CQiXqgSiDhqx1jliMR2ZgqTOly2j

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=AkqdFVJ8RKq9NaTmO6K6Dg2&google_push=AaAOQGGdN7oQ9t5Lo_NGGs6gicZushV1YroEzYjnypfVibg_oOBxE_9OjsJKe8_2C5nhoAnJ5rF6CQiXqgSiDhqx1jliMR2ZgqTOly2j

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 06 Jul 2023 15:53:17 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=AkqdFVJ8RKq9NaTmO6K6Dg2&google_push=AaAOQGGdN7oQ9t5Lo_NGGs6gicZushV1YroEzYjnypfVibg_oOBxE_9OjsJKe8_2C5nhoAnJ5rF6CQiXqgSiDhqx1jliMR2ZgqTOly2j
x-host: tde-deliveryengine-production-84d9bf65c-8tww4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4123
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEIbTpo_iLz41OGfNOU5x8fg&google_cver=1&google_push=AaAOQGHtkGS1cwVLnIC4_Srvf-JbqfoW7f1Vul1Zb2QuScJ7rUm_zmZe6k85h9R2jEp0h4ChhK6P8HmlWHeD7ipef8XdqEp...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIbTpo_iLz41OGfNOU5x8fg&google_cver=1&google_push=AaAOQGHtkGS1cwVLnIC4_Srvf-JbqfoW7f1Vul1Zb2QuScJ7rUm_zmZe6k85h9R2jEp0h4ChhK6P8HmlWHeD7ipef8Xdq...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGHtkGS1cwVLnIC4_Srvf-JbqfoW7f1Vul1Zb2QuScJ7rUm_zmZe6k85h9R2jEp0h4ChhK6P8HmlWHeD7ipef8XdqEpQX4QZ6Cc

170 B
188 B

16ms
16ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGHtkGS1cwVLnIC4_Srvf-JbqfoW7f1Vul1Zb2QuScJ7rUm_zmZe6k85h9R2jEp0h4ChhK6P8HmlWHeD7ipef8XdqEpQX4QZ6Cc

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGHtkGS1cwVLnIC4_Srvf-JbqfoW7f1Vul1Zb2QuScJ7rUm_zmZe6k85h9R2jEp0h4ChhK6P8HmlWHeD7ipef8XdqEpQX4QZ6Cc
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 4123 43 B
363 B 89ms
16ms Image
image/gif 178.250.7.11

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKnW7T9qWKPI5lIbc7E19-8&google_cver=1&google_push=AaAOQGGUB5faGc9B4nRj_FpIJH3I52JuGF4OlscRzZDmX31OI-umPKF6YJRmppRluHOFLL4VROYNfCebgC2dq2okIi4T0O-j9O8mKWE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:16 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 146224
expires: Thu, 06 Jul 2023 00:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 4123 42 B
214 B 45ms
16ms Image
image/gif 34.160.236.64

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEMMS1TN3vwaZeer5MTxudvg&google_push=AaAOQGEau2KsI3Qi3AK9oYYtvwyzdsjfrfbEiIC0W_FQ_0RGJQY8m3v1RUuJTADSojxKLbQ_nnPdR56hSMGNWcMsG7WCcHocElQiGZKr&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3171367898&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658796230&bpp=1&bdt=255&idt=373&shv=r20230628&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5009419851692&frm=8&ife=1&pv=1&ga_vid=1109457596.1688658797&ga_sid=1688658797&ga_hid=373157153&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=3633153556&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075758%2C31075780%2C44788441%2C44796477&oid=2&pvsid=3572277614357598&tmod=41027345&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.jqvbfcw68pku&fsb=1&dtd=378
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.236.64 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
via: 1.1 google
last-modified: Tue, 28 Jun 2022 14:08:50 GMT
server: nginx
etag: "62bb0b72-2a"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4123
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDLGIV-P-92DobCCOzybWYY&google_cver=1&google_push=AaAOQGG0IJlCsG56-No4N_0h0cXZvmMIPmQ4mYSv_UpzvHz6cEUElAcLlfB76c-fNjbVevtHr6CtcCar6I-0...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGG0IJlCsG56-No4N_0h0cXZvmMIPmQ4mYSv_UpzvHz6cEUElAcLlfB76c-fNjbVevtHr6CtcCar6I-0srkDaX6UFCfx1vqbpL4

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGG0IJlCsG56-No4N_0h0cXZvmMIPmQ4mYSv_UpzvHz6cEUElAcLlfB76c-fNjbVevtHr6CtcCar6I-0srkDaX6UFCfx1vqbpL4

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGG0IJlCsG56-No4N_0h0cXZvmMIPmQ4mYSv_UpzvHz6cEUElAcLlfB76c-fNjbVevtHr6CtcCar6I-0srkDaX6UFCfx1vqbpL4
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 4123 0
12 B 16ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JVYV5JCQPpLjupnfi0ZctWSjrqFhHSnCzm-qzqOqnN2q3kx_Mv6kKgAF7agwSj25Wp2X59

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E672 17 KB
6 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 204C 17 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
DATA 200
OK truncated
/ Frame D553 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd2f61ad4797bf312822bb55a9ab7d3167ecf3f07dd77fb51cc2e2c9e9a16ff7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F9B6 17 KB
6 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame E672 98 KB
98 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:47:20 GMT
x-content-type-options: nosniff
age: 357
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Jul 2023 16:02:20 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame E672 57 KB
57 KB 9ms
8ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:41:50 GMT
x-content-type-options: nosniff
age: 687
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Jul 2023 15:56:50 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 4F9A 37 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame C187 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame A090 3 KB
4 KB 24ms
22ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1508
x-guploader-uploadid: ADPycdu_bETbAO3L7E3ZwmLe8QxiVBASGCjfRAxwlm_tkXJYko3jNEaJxZb3LISJ1TPqVw-ds5Su5eyQQRqdQCYhbG3a5A
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 3262
last-modified: Tue, 21 Jun 2022 12:31:17 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1655814677405990
content-type: image/png
content-language: en
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1mbymULEqfRfKLAyYnESDxqxUAZUKy%2BMO7NI7I%2Bb6WByloqpk%2FcmMaFbTkzdtUbYg6n%2BFUOJOMLmhtJrd5jkneyA%2FUdUDJkPi%2BU%2F65JhFn3%2BetHyz8PZivUTs0GhRKTvgCblXAH6cAC9viB4VgopgJW"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7e29050b19fb3665-FRA
expires: Thu, 06 Jul 2023 16:26:36 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame F9B6 98 KB
98 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:47:20 GMT
x-content-type-options: nosniff
age: 357
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Jul 2023 16:02:20 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame F9B6 57 KB
57 KB 9ms
7ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:41:50 GMT
x-content-type-options: nosniff
age: 687
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Jul 2023 15:56:50 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 975D 2 KB
1 KB 21ms
21ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1703396
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7e29050b6b1a373c-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Thu, 06 Jul 2023 15:53:17 GMT
expires: Thu, 08 Jun 2023 00:41:56 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5DpubIamjUzK%2BhTUok41UNaifmY1n4P8iOe68zbVg4C%2BbeLZAvJtgf9fb4HbJUZsy737fzRslexFJJRO1WdXjhMmxU4q9LaFBIFYQ8G3wmlV2Td2fXj1p6JRscLjlA%2B2DQgW0Gg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame AA66 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FE00 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3682
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 14:51:55 GMT
expires: Fri, 05 Jul 2024 14:51:55 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C01D 783 B
535 B 16ms
16ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

21d3e81e023d4e774a01b3d0a191729cbedf317e27475e3d5555c6384ba6a76d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-_jF0PIJ3HmaCgTzMFWleJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-_jF0PIJ3HmaCgTzMFWleJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:17 GMT
expires: Thu, 06 Jul 2023 15:53:17 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 43ms
32ms Preflight
text/plain 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7e29050bbb4e692e-FRA
content-length: 24
content-type: text/plain
date: Thu, 06 Jul 2023 15:53:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tu96AgqrQ0fFUIdK7E0zAD1MEFvBggrmKHGTs%2FiPPVmqd55DrPdLwLRp6v3kvsnkn9umX%2B0LIaqY8A413%2BMGgSH1mMxPy4Uq2f2mWoIRODyYgcCHcu%2B42OjMatZi%2B490X5MvowM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-tp53

POST
H3 200 rs Show response
ad4m.at/ Frame FB96 1 KB
1 KB 29ms
29ms XHR
text/plain 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 60254d515ff1afbaa471e1e67a8af33cec45b8b4c21b11a2e3b682684d1edef1

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UV5od4W2XGDFqP%2BWWIkQzTa8ltLdZwD%2BDmV1tMjmzBtgee8Dw57uu3Xqnwn3zpREe5i%2FouxrLla1vmcb%2BS4797V47aHLnYf2IHhtgB2EJsWy9D71geipQnZ4LxnaIYGj%2B081mlQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7e29050beb88692e-FRA
x-backend-server: aa-reachservice-group-europe-west1-tp53
alt-svc: h3=":443"; ma=86400

GET
H3 200 03032023-031528919-320_1200_vertikal-1800px_congstar-xe5f6717b-d289-43b7-9f11-4220895e9c44.png
s0.2mdn.net/4528404/ Frame E672 314 KB
314 KB 8ms
8ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031528919-320_1200_vertikal-1800px_congstar-xe5f6717b-d289-43b7-9f11-4220895e9c44.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

072f9ada3dbd90a670f75e51092ab23ba99fde1322fc2800b3ffc5de91712964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 19:10:15 GMT
x-content-type-options: nosniff
age: 74582
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 321786
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:15:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Jul 2023 19:10:15 GMT

GET
H3 200 03032023-031531561-320_1200_vertikal-1055px_congstar-x_ohnex86c22c50-44dc-4f6d-8fc0-b5efb8174ea7.png
s0.2mdn.net/4528404/ Frame E672 220 KB
220 KB 9ms
9ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031531561-320_1200_vertikal-1055px_congstar-x_ohnex86c22c50-44dc-4f6d-8fc0-b5efb8174ea7.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbe69d85fee1f6c4a0ae57e830ade12777ace8b9cd366946e17626b9a1af3bc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 17:19:01 GMT
x-content-type-options: nosniff
age: 81256
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 225173
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:15:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Jul 2023 17:19:01 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame A428 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3A17 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv2ZJdJEDwiY7ANpY_PKY-A_fAvAXLvQzsxZYSgtQqmEsUaV459Mn6N5KERR6mijIjxybfNUbxY1mpqmt3zZer7_muves67y6uBmemfhcCx3sdjjF29gqH5A-WWFcoNr-Wr7EyItmgWTUCVhCbd3dIFQikcK46pePCLymDad4wxksnrrGmrbkggHytDjaj9Dfxq5uxAmKU8trIk-qzh89c92Vdj4TZbdZutys3NofaRqsGZ72gY24qgUUW9XJP4sUHiJYfKgCY9M4Ll_SR3exQdw7X5F6nYDKsI9o2qOwNFsHNNb8Z-b4ETyBFFNrKZpPXgLAH7Fax_fuK_SGkf7KMk44dj_zHvmS3t9oHHhDg&sai=AMfl-YQ9DZACWEqSxCLZJPZ1RDEuwzBSSU5CvKtkL8CnJa62UTiMnPp9egZVUrssQDEnc11NW3H_TE4dK0si8oXOr2u6y_YfdCySh85s8rXbOzc&sig=Cg0ArKJSzGfv3CAtvpuEEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3A17 15 KB
11 KB 58ms
58ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230628&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4be5929a878e52bec4bc4e34197c6f2cbd2e25263c2232969ca326872c20078b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11618
x-xss-protection: 0

GET
H3 200 06262023-150343317-320_1200_v_1400x2591_2306-anf-m.png
s0.2mdn.net/4528404/ Frame F9B6 153 KB
153 KB 10ms
10ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/06262023-150343317-320_1200_v_1400x2591_2306-anf-m.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d670f544d0cdf84cbd8e8e304d17f02d7067575f4e2c6ce74624047cc6cc56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 08:00:05 GMT
x-content-type-options: nosniff
age: 28392
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 156321
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 22:03:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 08:00:05 GMT

GET
H3 200 03032023-031531172-320_1200_stoerer-gbplus2722f639-478f-4d75-bfc4-f30d15c3fc22.png
s0.2mdn.net/4528404/ Frame F9B6 38 KB
38 KB 11ms
11ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031531172-320_1200_stoerer-gbplus2722f639-478f-4d75-bfc4-f30d15c3fc22.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b68f2a73f028f29ced279b76feca752a786e33c017cefe59ff86c14441643021

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 11:55:23 GMT
x-content-type-options: nosniff
age: 14274
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38813
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:15:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 11:55:23 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C33A 43 B
216 B 171ms
171ms Image
image/gif 2600:1f13:800:7782:8fed:9484:95d0:6996

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=4bb07627-7473-b080-43dd-fcbc3405c939&tv=%7Bc:hBrKQk,pingTime:-10,time:907,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xOTggU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1688658797500%7C%7C21ff1787571bf6dbb17735700f86b457%7C%7Cdc0a08e416cd7f8471c71ad711523ca3%7C%7C90c978c078199768478f43f79de7d1cf%7C%7C179bf02d624a22cf8104a308b4a3bc11%7C%7Ce93b93a1f470f1e1923fea7c7dc547c2%7C%7Cc88d2a7ba0c38e8258c93aee29cb10c1%7C%7C3f83f88d20331cc0077bfb06fb9c551b%7C%7C1663701684,im:%7Bimprf:%7Bttecl:965,ecd:194,tsecr:177%7D%7D%7D
Requested by: Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:8fed:9484:95d0:6996 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 1B54 3 KB
3 KB 34ms
33ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=3e77392f383aed809b6b2caba5d05ef3%2F16291801696100112602&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797420&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krkhdwxfs8jneybn7hhbm7p13mtsbaadvsdstxtsen7k8rx3hegnfq0sa1bjstktak5v4py534r16yzsne8cwxcr8mbebfnjn3mma19y7n3zm5288cs9pn6042j6kpnadqrg38dtc48jpv9vm2t2rg496dkx8877x55tbjvcrg2t2nzpxw4vt13bppm1p7e3gz81fvffabxapxh3ysepymdwdbz7vpqq76md3etefj6ss5r6k4ysshh8q8ast833535gmvsga7a7act3g60%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17db0bea1f221d6ac0a069a2f2634ad0eccb523eeedc853f16a007370135700b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1grzkdwnbc4qnbr44mbea6jq8kvxv146qet84v69bnt8xvysw224176bzx9b17m9zjb2vd0ep5t2h8h4cvt5akg426r98zydhv6nkd1mzgw9jzxfnkbyya36p1cjjm7q748ypwq5x0qzzrc25vx5ds1z34hx93csac9qbp1nttrk81ezdr55jr7ymh0wg0zsktn3dx3bwzbr3p1g5znpceghvvqbp23966298pvy16fxww3sa6jr5ngcr7yp29ns507209gd9hnjzyx0wzwz13x69xnbzn0n22ac3sfcyxe6aagen8wngzvhfr888t4cpxmwft5nmpa26j76symnyvndca5qhmxaq1nvv4ja08ydh010bks48hvvbcj7h1rcq1pj2mp85s79r56rcbtgzysxcqzsajpp6t8h40f8xgkdvnrp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e29050dfe7f373c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:17 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F8E 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BoSUubOOmZJSACpGXjuwP8vGpmA8AAAAAOAHgBAI&bg=!qKulq__NAAb90kgr3dI7ADkAdvg8WmHwEvkSuUcvBosNEZ4zW5m0TSl-Q3PidrGIQSTu-HtFFAPWYkHywIFJQGay7clSnQeBGKUCAAAB21IAAAAHaAEHmQMNgcjAJdOpm5Ti6I4BeWoJEpqqCdokDcTu3LhrccRlWTLSRqp3VtZuR_ZGI-pbtXRHx-18xEhySZtVWaXn43Jbl3qaVRdubcequE3isTP45w45kAQejRpzUdjCSbOLwUEhwbPtNEHnbWbhBa4mDD5GM1o7NBJXNN-9u0Ib1nccmeW0wPs8684y2Y19f1Xx3Gm-5_N0o6em4qvWMzcfb6tSvKdBB2v5_jn0RqWR8ISfWUpaStxIztTwAMQI3H1HIH8wdFVhCo5V67ag2rg0yp54mO5ITCZYk7gOiZzcPGGcjkPEpcmp42VRtIt3fi7Tzwvr3yompDK7OB1Rb37GoPa2CxRm4wWa3Z_zlksJDT_E7xdif87SP2xNUUwGuyU9cuIo2l_Wv14tBqz6cWJEcatge-g1z0qqZWL_y7wBxuPHHO8qQ45OmqDLHoPLXZPU5kjEzT7b-syqRHdfjcKT8fBL1UEWzvEvvs9AAbPaYRZPfomRiJzMX9u0RO_BReoaBGZ-NjxlYDYxuh4y0JculaSyM1l5t_8LSGB74lBr9rULyO7tzBf-IBmWCdj_Zq39-H49TQCD8j7bafPZ3vA4ZbGW0j4pQlaxMyzWgjOyXQfGViYx-UFaOY5UgAPWN5Z86nsR4-Li4RAc9IeKLdcZQ5ULKTIPa7rL4CjkX6u8IjlYh2CisKu7xMFw94T0-9pAO59cU-3QU1koLxKvPyEZp24uHRxm8-TnJh1wlj6_0lyNvcgA3pXDGIum9wdnmH8Y8rwTgGwbjVODipGqk3MrNIfSoayO8zc0foyRv8tJ8CeQbpiT9qRH4LZTNZSN6OEKXFybNZnm7GJ3CD_cJpaRfSubyJWw0Zdf2gx14lkLT4D2YZxck4vjcrmCSU4HjQBhxLABvlzDt_fTyqXODNMPuXNkKxNA2YCVyjBvzX-CChE2tGUqAz_i7s03eBb8mJ83M_uB2jDFFp-OVw11dyuc2EkWQo08KsmhTXar4jP5TN-k3vMd0diboXL8pGYJrmrs-cOOvD6SmM08YkrxJLfgDw

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 03032023-031528919-320_1200_vertikal-1800px_congstar-xe5f6717b-d289-43b7-9f11-4220895e9c44.png
s0.2mdn.net/4528404/ Frame E672 314 KB
314 KB 7ms
7ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031528919-320_1200_vertikal-1800px_congstar-xe5f6717b-d289-43b7-9f11-4220895e9c44.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

072f9ada3dbd90a670f75e51092ab23ba99fde1322fc2800b3ffc5de91712964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=ugOlbunStG&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 19:10:15 GMT
x-content-type-options: nosniff
age: 74582
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 321786
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:15:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 06 Jul 2023 19:10:15 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3A17 17 KB
6 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Jul 2023 15:53:17 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4180 43 B
216 B 173ms
172ms Image
image/gif 2600:1f13:800:7782:8fed:9484:95d0:6996

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=921c1f00-4a3b-efa8-f11e-02ea53925ab1&tv=%7Bc:hBrKSt,pingTime:-10,time:1038,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xOTggU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1688658797633%7C%7Cf2318349f3c7ba9173cfc6bddbada54a%7C%7Cdc0a08e416cd7f8471c71ad711523ca3%7C%7Ca57d7d4bb0e6a7862b128a66e1495ed5%7C%7C998b7878139a5deb920ab9833c1a8cd3%7C%7Ca384f03eac22fd0513df51e35414358d%7C%7C2e472a908ae0a5d0c4ffd5b2ef4e970a%7C%7C27cb5250d8ab26f9cbade0ad66b6bc60%7C%7C1663701684,im:%7Bimprf:%7Bttecl:1014,ecd:137,tsecr:143%7D,pWait:39%7D%7D
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:8fed:9484:95d0:6996 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F4E7 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuVvdYXP9L4wKRG-wlExM3idhjmjG29x2C3YxIYbatGBgIAnLGAS1V7fDTfMOqa0b5Wrk9RcGfnYZh-eel2FPDGROn1bw1pvN_DHNgQf57Fm8uKG7UjxQT885ap2cPB2pwQKhNOF6Jhai_p&sai=AMfl-YQyRlWJrgeIFRodDfCOY4eNm_3NCOKZSSmiLqEhzDg4PezdyMlYLFHz-C8R4cYrzbXqqTxOL27gDO9txZWqY0H6eRyaDmpLRPFu6I3JxPHTSgknVNVi9LGVhGwXW8RzTBEPNPNU1Fz9LVpqKGDbkmL5EufpabuDVI9GJ_NYqXY15TFALiWk3v40W-claw&sig=Cg0ArKJSzGqDWpK2HmffEAE&cid=CAQSbQBygQiDqTAJZeB_Wzg7ZXl9fxh27GPhGSS1rd7HpAwYl6x_dDGo-acb137lfq_RMasUhj7Nv-r8ruu7RskwfduYYqi_5HEDQcgV1y0Ao0dgA8R1jhlSZMJC8OUvygt5eIQhKdX9i0LhNCpNrS0YAQ&id=lidar2&mcvt=1062&p=0,0,90,970&mtos=1062,1062,1062,1062,1062&tos=1062,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688658795906&rpt=633&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 06262023-150343317-320_1200_v_1400x2591_2306-anf-m.png
s0.2mdn.net/4528404/ Frame F9B6 153 KB
153 KB 7ms
6ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/06262023-150343317-320_1200_v_1400x2591_2306-anf-m.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d670f544d0cdf84cbd8e8e304d17f02d7067575f4e2c6ce74624047cc6cc56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=QyFyQKYNpK&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 08:00:05 GMT
x-content-type-options: nosniff
age: 28392
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 156321
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 22:03:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 07 Jul 2023 08:00:05 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1D71 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bnk9WbOOmZPrnDOCOjuwPwM6N4A0AAAAAOAHgBAI&bg=!7u2l7bnNAAb90kgr3dI7ADkAdvg8WvhSWsNWckZQ6_XVDBGeKGc_JZ3ACJ6sA4LJAUAhE-SMmJe3d_oioHp4b1IftPIvIjQcurMCAAACOlIAAAAFaAEHmQMg3SbAp4x_B2exjpmdeBTdjN_cO-kf0kx-JhmqC-zCe5-BqNWPKfXD0AaKN0pcUOMAIgELXxdibxXoDzhVbvXPB3EE1Pvbx6E95sYSETJsvUDibtP6dCZ3V0t9fZXqVzLlMvQHNOeHhVXi0sU3i8rx_YTzjYRthoSPhBqHoYTSr4j7NiRuley-JlrG_sIxnZDuWwSfqKhEPHJJeyNspO3t0jN53607jceZPytN6BWyUEFgPCB0BFVy1xaQmIrhgqldoWFKd-X2nszBFFngMv9IzFesjLhQxWI21Ijf0GYpS3PJhnaHlwaiF8vW5gw3yK2DzfY6tOOnxGUM765FSlPVCr4l5WKdg8UZzCHYHvL1_EqcCKQjQo0s1Q4JXFqOSZf3Rd7gqk_ZQrnADcGtpB4_laBXW6mwW_0EsqCKgH8waWETtjP3fyeop4JPlgYw4wVRngyJ0ezjRGnW2OduITlUN_3I4-n0COkRgBlb6yfgETltqssRJEe6zPoGvsig0V_omotsvSgYcPNRaQHrIAcEcR8iH9cQRaG-11AUB6fdsCNx-axFHbH_xNQ1s47gOyia4u15yVPPga5WMv1FgUCwlyJ57h3hPwvesuw-c1pIssxDLFCw5udCUUWCsQDDZa66pfYTTWx1CanDijAYLWRjllnZYPv6AFZoDn6jcNmZ99b0YMDGtgSihWMg6ka9BWmZLqK85ecbQA0gP4WNBjFJ7c5Si_Y_gaoqdFtsK5l_E3gMMC43nviUMynwfD1IJBoVA-9RS4AOniB-76pM7UzyHsDzafHKlpB0cO4a2BKVUP3wtcZj27b0LUdO3DIfKcrHh8T2jIktsfUKl7w2QYNtw0mAzfGFIXbCWmpRpRpM2hzcqiBeRyqjBnkTOnTnqxGeCxmbzANHTwGRbjMKUBznHz0ZETMiqjAPf2pVy-Hfh0DXI32y33Te6mv3xGeTfdIiXHHtirplcE1vqZnG9kYDs-tbO2SYO6Kl_PYR5dODfwHyKJ64I0UR8EO5QtNj240HBM3k3WF7amFGwrPxdL2FHurSGgI3GCb9Euinugipm1o

Requested by

Host: e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
URL: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C01D 0
0 40ms
40ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230628&jk=2092179117275694&rc=
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1C11 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssqn778lyHw-m0-O49xNbtzg1eYI-Q5HwNIlZfcBWQFFLQLZFw7jlwS8zR8sjeFn2bNWlEd2chYdwytqXxfkGAUYb9qQsLKlXuNei-19Q5eOSURP85iOeENktUrHg6TBwJyIv-h0WkCfpWX&sai=AMfl-YTgD1oOii4nlUIfbtO5afX3NDDJMhGiSpCDE7IST4OTA9kSylFb_MQUDzXbD79_iS6cvyWafhXZsnd5ffSadzRwdzw_UQBvmQpXuLA3VLVXcUXxTi1Wq0FxlbiJe-SwRcty1KHXFPyJLvRsQCHKQ_Gr1rppVw8wUSaIb1cvW-y1VPgt3fojcZytF8Sr_g&sig=Cg0ArKJSzJu8-rVPCYq-EAE&cid=CAQSbQBygQiD02WQ24zOMxuhNpLg2RA8PQ9n80NxKEFXxp2K_64jAloRzVM37FVbtr9ZjQ4hoWwEMZiaG-4ptU3ncDnTWNSlqkHOmMXP9_ZPiS8J647IXa3V-Rh1qZyrDv4TqkEgGd8Db3fQHWjDwfoYAQ&id=lidar2&mcvt=1056&p=0,119,40,160&mtos=1056,1056,1056,1056,1056&tos=1056,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688658795997&rpt=497&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1019 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu0YU_mRsKyjHAuNlqVa83Fq0qt_oyiRF-6MiAHMPjnKDQdPjb_YrhyOatSxzlZiVePOlZwP8-q-taCfrH3_Q1UF0jxscT0HCez18r-AadypbQLdOXSHF-0PRjSaxDdJspkTBbZXomX9GRM&sai=AMfl-YT9TsVQ49kcs4s6_jtMfLboXCgqT6MzWv5pNYesN8drpkW0W2IaqP6KWsWqWQBdut8xqavsETjOrEcRTdWG7zMeNY5Vx7lgPZO3JIgXAKLo-mtH_lMg-qpiuiZBpLl9ETUWpXD06jgG7QZ5Iqo0GFYRGwhzd1YjVoXMeTV8psapXiP59tUZMpQerBkPeA&sig=Cg0ArKJSzGnjKRU5pb4rEAE&cid=CAQSbQBygQiDkdBE-Cltud8vTmlnYEy2cEFgM7x1QtwdZTBAo88vyF9Se-QwEULYoXPkInkJYS6Flum1H1SzPTm_PlGVavcxdtXk9v_JtLniRdqSxq9Q0LeUGvMXr-U0utBKWvErzpk3hunKKvVBA6oYAQ&id=lidar2&mcvt=1058&p=0,119,40,160&mtos=1058,1058,1058,1058,1058&tos=1058,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3299242717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688658795893&rpt=577&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A534 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3DNobOOmZP3sDaq69u8P96ybiAoAAAAAOAHgBAI&bg=!fn2lfSnNAAb90kgr3dI7ADkAdvg8Wqc8IPeWL58MHO7Or6ll1mzxxmOi6SCxxR0xYn704Zfd91HLXfNIGbnHR1-_95kbylCqsPICAAAB51IAAAAFaAEHmQMW0mFa4XXydRgXZN8u7kSjuTJ-U1tw4FsbW5ZwnoM1dJlm-hIdtKKDyoyqpg9i7FMa9-0qI6Y2cJZgl_GqMdPbs4IVdlAf6znhzQcDLLtwClbsr7YNDPGgf3CE65kG0AoMYKNqslakUYEO23s4tTFCW1d6tneq2df2pi1ae7_NER0EKn3T94oZAnTwXw6XXy77TcB1BxxZrvOZtDaqrtCIMAkkJ0hm5Cb8uqILVmhOvwPHRkUOoik9hinnE11p-5gDlMRbYDJrfD-joLm05wuQwwe-S96lKV9Mcoy7GNPbyYGs0zZfPJmIb6KdB2fWbizpmntmnF_eMhp4LLtucSgjxkXrxYjVJ77eLTvHdjDB-CvXihyzfD_o7vDvWP7uHNEmCQqFc86aVx6X-e_-QHokNzKjRIisptkVDmvbZcEg5JEkq7sp__JYO_wKZ_t8IzpmJQp1_s5-vFAIvOQEuT9xcn4zafOux1i4cBe4ab-WnAPuR22lZ-Txks4KTY_NdjR1IvBRIZBAVctNN_VrsRC4JqnKspFsc9pAv6BGzrfJG73iotPYi_nBublWWZeymgxOC6pEucqGcPkRYM5LVzJXFibEVxSVKEnGyvzssMdzJUmLpRf76SJB1exO5yfb6jWHiQYUiLHBhM_vEYdlWAMLbba6ooFyPMfs6w9EWy8zthzw4BTIyqd7DXSEu682uMr1qgP9l8kxHocNBI7Z57nYG4vdvcoaEl_Tvwqt6eMI3Qrwq0quWdVKJMW6ZNK6R6FxEFpHPjkaUkRkQdF-xEz2o5ZBKjc7cEtDt17DCoiAlWWSyxN4F-nTpp3M-3m-C3eJygpIcEjKskSHnoP6FVbhK7ODJMdZX31UCCo9ssaGl7sAKeB8nZwJnnK3KInZGmbaQEEn3EJ1azHio7vqzWvcmxKprqUGudqR3irLvySBH2mDyFhL3tt1D4kNYsnFPkswBU6-r-CrW10bUxbJqRjUyfe3VWeiFQQgz3lpGRcvYjyrJipGF25_f2SEAuDe8enfWZv7Yk2EKW7yjBr-AK7EGNVgscV5ag

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC25 0
20 B 79ms
79ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZ_RvbOOmZMbNDa289u8P-52D8AIAAAAAOAHgBAI&bg=!oaKlovbNAAb90kgr3dI7ADkAdvg8Who7NGu3-lwnprKWSRtzp0gzte6uwBbgnwBuFVcfB7-vyGqyoduoUSmjdCIkaJC7qfRod1oCAAAB21IAAAAGaAEHmQMdaPHmtLE1pt6tTdJVYwKdjHdOjfbpQi7jfeLkL42jEwNgmrzeLhQWbSzcEMrf9YGyceoF4lOAdZCQKglLV3Q3gat3KdKuHhb-T7BRuGZ8CLWxQA-XQbjQ5dXi5y2KcFB4K0OKi-ohJBqlTwbuibZvhqdUw8_yRzVOsUvXXLErK85BH4NPJignPzVM482Ia21AQTUhL8wCp6tMzYULUaA21zxQVtzXNVrrP4_UpafAAlJ9ygMCjhozP4nwtv22VsMlIReUPiJvfmShOwyVLchZyz3_J4SUZ5htQoAq24L3IFLQGw0IoL01pg5_JW1szpTTnQ4FhSm8XcaAAmS3mQG9lbcJEwJUOPOTHodAcrNZIz0kMRM38-06fDYDeQNAzj1wh_gRccl5YeeamrvyDsI3rOoYTXgz9oF5Hlx_qgmorruYUmOfg9NoJWaPzfPe4RjDx0yDa7Puwx1nurEdUMM4iEMjOJMqZzUQAw41eW4KgyUU4c-Qtp-kD7uUiLQ0WWOFKuMZxLmYL12ur6PHwzcUh12yZg8FkIbV7PyQGBvhGG_8SJplLFjtuotckMOAf84RIaF1bJekYMYHKURdbtLCYk3GQiL_clS2OE3qkZQ_SiSEzt0sgGe-40suRQiAdI19Ag3J-iBnHkTqaJboFhA6uEJZM_PR3ASpnmUi_OPygVbx7IfbajH1VZsJqUBjRJ-r7YfLBLujwbpbTS_ANKhFiCQORb-DyPpSeuC_100BxfSUS4r-r_EmHHNJokufVAp_c0ykn8DMpzgFlQSh4zNv34e1jdF_0sruYwPrFADpW1-qmRF0VxPeHbmGLmj2jBbsbYZxEQeamUbSGetL4k-JeASrQdNusDjeDZpbCNNG87AL0TuvqtrwqaQKHCdGGpkWnEWEmPhToXOw13-cxvCdN6VGxI_TOHHQJDBcGC_DePJU-tmsJpMtGHO4hvSftbzzX5V6pawaCzE_uiJG1gPvtwHqlVg5UC5t2qyPi4CsKF5-EKIEFb76-v9igB5Na3crz9BXcCVGUI_GIKKSKINwxf8E59wfgFpRL4Iajis

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1F0A 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu8qTizSCWGa9N0IS7wkdJFDppb-iCY76ySvi2ePSDurs8w3WxPtBLChv2auitAwA2gh2i_r5Mr7E_cboefe6cQ1dbj&sig=Cg0ArKJSzIf6HdOMYXMwEAE&id=lidar2&mcvt=1033&p=0,0,50,320&mtos=0,1033,1033,1033,1033&tos=0,1033,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=0.94&if=1&vu=1&app=0&itpl=20&adk=2061921259&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688658796359&rpt=311&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame FE00 37 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C4D 0
20 B 60ms
60ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0QQ8bOOmZNi6D7eejuwP__Oa0AsAAAAAOAHgBAI&bg=!k5ClkMTNAAb90kgr3dI7ADkAdvg8Wo74U3P2CVEG3MLNKK5X9REMiJ-TmfbKshPe5j59wW_TqW9tXwU0Rw66DhQ0z-WUKwnV3fgCAAAB3FIAAAAFaAEHmQMdpNZT5N4hUyPijPAG-ot-il2hByK4NRwf3YTtvLsBglCDKP9lF6t-ubphEpPsrYv95OR8Pnh21H7QYn3IOQhDrKM5zfJw0anXrXsFHTQHJACL-CTGdExPb-az8DKpZRmao4nMoSOkwwW7mVvZ-3izz2QuQplVqpRcD0CA2Ln8TxpB1FfJODDT8NUu19qxsGe7Q6_4QPp1AiyK1yjShCm6-0pqLuk0JrOcbA9YoPm8hEtMua9TZAcFL506Mw-_aRrxtF4Gqp8XyXsBKbgsOfSuc6DuwXtxmukW-qjNHf8K1Yy6MiKaj5ofOty3goMFdEW91dXKn2MKmAYuwBbC7iBfvTdbIyts8V4CLqvA52pIbWatTDVEOeVHskARyoguxLURQBg_IiIyKgB2hxQDdq4De5R19Be1tlDhBtQmVh88bN-vGbnGZL4AAiUAatILb4gXzcnRkhWP_qEiu2qi5ps75HwOtZDoZEc_bA77xujgRmReFlWcjDh3luq5i386vSNjJGRi0ZHNs4mGtdFaz1kY6xDHTDHoONFjIaaaFhBf3Cy-igkcDFEaG7BPIxMqAA1WUmtpcjGBXqSxSOXluFvhxiD9bXbIRPoOUasfSBkd7ECuyEdBFgGyKy5hBjm-0ZmN1CfNJqFG74Qz0DPdi1feyJRgCjX_Q_ZrHULHnSZJmFAAjXAiBnTVvLqH9dNdbFo1pVSPwvpH5Y-nnj-HZEy_gGZuZzO3igjdNXv73rIb5L5txaRNFA1YeJfZkXsBzZF6-PfMwQtLtbKNAjHkkHNnbpxT_uW2VwySIyDoM7yiyChPd9SB6g6z1veqdgZV5ltZM0LK11jIbaGuPiLsA_y02NBZmRP9RyNsx6okLMGq7LuqZmRDDaSrpQA7fjtgHinSyHGLyUVeiRox2y9_Xs00Z3BTltpfpl1GBZKydc3l35plc_qsBOI7RQs0nJtTaXzODfIkCJoFmlPKn9tDZrZagMue1FVtm83kiC4ObM19g9KtlA8LIYTEnN0JI8Gzp3E6n85-_RmhG6OiuCyS9C9OISVHiGQPN-7bDBrxZsg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/14117493524039618747/img/ Frame DDA7 37 KB
37 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14117493524039618747/img/visual.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4551d9c02b370243ea5e05230e649be8b92676e74298ebe48a2f6ac5463727f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14117493524039618747/index.html?e=69&leftOffset=0&topOffset=0&c=JXOstSt4cA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 07:00:47 GMT
x-content-type-options: nosniff
age: 31950
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37458
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 05 Jul 2024 07:00:47 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame 1B54 114 KB
14 KB 23ms
23ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=3e77392f383aed809b6b2caba5d05ef3%2F16291801696100112602&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797420&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krkhdwxfs8jneybn7hhbm7p13mtsbaadvsdstxtsen7k8rx3hegnfq0sa1bjstktak5v4py534r16yzsne8cwxcr8mbebfnjn3mma19y7n3zm5288cs9pn6042j6kpnadqrg38dtc48jpv9vm2t2rg496dkx8877x55tbjvcrg2t2nzpxw4vt13bppm1p7e3gz81fvffabxapxh3ysepymdwdbz7vpqq76md3etefj6ss5r6k4ysshh8q8ast833535gmvsga7a7act3g60%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=3e77392f383aed809b6b2caba5d05ef3%2F16291801696100112602&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797420&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krkhdwxfs8jneybn7hhbm7p13mtsbaadvsdstxtsen7k8rx3hegnfq0sa1bjstktak5v4py534r16yzsne8cwxcr8mbebfnjn3mma19y7n3zm5288cs9pn6042j6kpnadqrg38dtc48jpv9vm2t2rg496dkx8877x55tbjvcrg2t2nzpxw4vt13bppm1p7e3gz81fvffabxapxh3ysepymdwdbz7vpqq76md3etefj6ss5r6k4ysshh8q8ast833535gmvsga7a7act3g60%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 708011
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2BlMsTxUf%2FSUzIFIbwHna%2FPfN633KyFFwr11h%2Fa891rJxgIeoc3y%2BuQT2%2B2954gyT11d%2BOfA5dWIlFCa9oydUiTYR1G%2FZdv6hoXrGW3SW91oEFHHSR6nBNVmr6av%2FVFq6T05fgtmpQs%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e29050e3eda373c-FRA
expires: Thu, 06 Jul 2023 16:53:17 GMT

GET
H2 200 762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
assets.ad4m.at/logo/ Frame 1B54 44 KB
44 KB 46ms
27ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=3e77392f383aed809b6b2caba5d05ef3%2F16291801696100112602&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797420&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krkhdwxfs8jneybn7hhbm7p13mtsbaadvsdstxtsen7k8rx3hegnfq0sa1bjstktak5v4py534r16yzsne8cwxcr8mbebfnjn3mma19y7n3zm5288cs9pn6042j6kpnadqrg38dtc48jpv9vm2t2rg496dkx8877x55tbjvcrg2t2nzpxw4vt13bppm1p7e3gz81fvffabxapxh3ysepymdwdbz7vpqq76md3etefj6ss5r6k4ysshh8q8ast833535gmvsga7a7act3g60%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffae8fb9199235cf70171d14a964159b4eda2da695a258c2586de98e3cb27bb2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1701892
cf-polished: origFmt=png, origSize=65187
alt-svc: h3=":443"; ma=86400
content-length: 44710
cf-bgj: imgq:85,h2pri
last-modified: Tue, 17 Jan 2023 14:45:52 GMT
server: cloudflare
etag: "99941d3864a6d6ef01023c96e0475815"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cq2uhpgZ%2FZpue8Dy3dteFR4UcCezXgR8jt0jf9Ed2xdfHkGFO%2FbCUDEvxIbY9BsYTUtV0Z4LO3IxlKyDnPOLB4kyXsaIhwRvSaxF1ChuL62%2BZS8XxPx0Avak2KZfvLm8Ik4hOCr1H6PzQCD5"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e29050e5b2a3662-FRA
expires: Fri, 07 Jul 2023 15:53:17 GMT

GET
H2 200 EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
assets.ad4m.at/product_image/ Frame 1B54 222 KB
222 KB 20ms
19ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=3e77392f383aed809b6b2caba5d05ef3%2F16291801696100112602&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797420&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krkhdwxfs8jneybn7hhbm7p13mtsbaadvsdstxtsen7k8rx3hegnfq0sa1bjstktak5v4py534r16yzsne8cwxcr8mbebfnjn3mma19y7n3zm5288cs9pn6042j6kpnadqrg38dtc48jpv9vm2t2rg496dkx8877x55tbjvcrg2t2nzpxw4vt13bppm1p7e3gz81fvffabxapxh3ysepymdwdbz7vpqq76md3etefj6ss5r6k4ysshh8q8ast833535gmvsga7a7act3g60%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41b9b9d488e3a57902a671111dd089363c2f7d3a41ec3177f196abbb7cbac078

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 811960
cf-polished: origFmt=png, origSize=342797
alt-svc: h3=":443"; ma=86400
content-length: 226916
cf-bgj: imgq:85,h2pri
last-modified: Wed, 15 Jun 2022 14:01:11 GMT
server: cloudflare
etag: "82c7de0f42ff55fdd0acc07731664031"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNAi34laSGnkkeWxpcsR%2Fo105FZ1BhwcA0HgrWsV0Sa9%2BF6wgLgJUjmY%2Fzc1jw8Y0glEMgp%2FSzGzw%2BabUZhx0oPB%2FVDXM3KX51qWIC8uc%2F4NGKVENgEdfva%2FWY1TRlnpwS4gep%2FR58TTJ%2FiU"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e29050e5b283662-FRA
expires: Fri, 07 Jul 2023 15:53:17 GMT

GET
H2

200

ztpv.php
www.conrad.de/ Frame 1B54
Redirect Chain

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidJBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8oneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.conrad.de/ztpv.php?awc=11354_412871_1688658797_397c4340-1c15-11ee-b199-223078f3fa88&insert=AW&&gdpr=0&gdpr_consent=

0
476 B

55ms
24ms

Image
text/plain

2606:4700::6812:7e05

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.conrad.de/ztpv.php?awc=11354_412871_1688658797_397c4340-1c15-11ee-b199-223078f3fa88&insert=AW&&gdpr=0&gdpr_consent=

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=3e77392f383aed809b6b2caba5d05ef3%2F16291801696100112602&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797420&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krkhdwxfs8jneybn7hhbm7p13mtsbaadvsdstxtsen7k8rx3hegnfq0sa1bjstktak5v4py534r16yzsne8cwxcr8mbebfnjn3mma19y7n3zm5288cs9pn6042j6kpnadqrg38dtc48jpv9vm2t2rg496dkx8877x55tbjvcrg2t2nzpxw4vt13bppm1p7e3gz81fvffabxapxh3ysepymdwdbz7vpqq76md3etefj6ss5r6k4ysshh8q8ast833535gmvsga7a7act3g60%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Protocol

Server

2606:4700::6812:7e05 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:18 GMT
strict-transport-security: max-age=15552000
cf-ccp-worker: HTLPHandler-v1
server: cloudflare
vary: Accept-Encoding
cache-control: no-cache
cf-ray: 7e29050f9e0391ea-FRA
content-length: 0
expires: -1

Redirect headers

Date: Thu, 06 Jul 2023 15:53:17 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.conrad.de/ztpv.php?awc=11354_412871_1688658797_397c4340-1c15-11ee-b199-223078f3fa88&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0

POST
H3 200 rs Show response
ad4m.at/ Frame A090 1 KB
2 KB 34ms
33ms XHR
text/plain 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: cc0069f058d2fa9b49d532f665bb400ba56154be047eb48945417409d4a124cf

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2FOPwoCO0DgMBGlOOyjyrGH8n72oMAgQqpsktfwLhhdWRq0QAOBhusGUd%2BppoYFpZq7kv8wIbhAT48%2F3uV2Xo61y2woSU5k84RBT3M2Ko18XPXMwD%2BwBb1rouVsfVguOfOqILNg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7e29050e6ea2692e-FRA
x-backend-server: aa-reachservice-group-europe-west1-mndm
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 31ms
31ms Preflight
text/plain 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7e29050e3e61692e-FRA
content-length: 24
content-type: text/plain
date: Thu, 06 Jul 2023 15:53:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lTQFV6NmzJO8Z1EJ%2FUr9vfh24Ab3Eqwpc7j7dDMBoihuFRZ0IWzPDxBia%2FMuGrffAjWKLFYub6FG7WNRhrQZRl26CzHPAJ61Bd7t3jURsljb1EaKjRofKlEQUeyto5CH1qtF2gc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-mndm

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3898 13 KB
5 KB 8ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3682
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 14:51:55 GMT
expires: Fri, 05 Jul 2024 14:51:55 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 08CF 783 B
534 B 18ms
17ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

51c4d03749ac28d2f3fc7a4e54d3ea8d8bed82d778a84f67313895be2c693865

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FzADfBN6yjZmkgPsEc8Tng' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-FzADfBN6yjZmkgPsEc8Tng' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:17 GMT
expires: Thu, 06 Jul 2023 15:53:17 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F4E7 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8853637618414&version=m202301230201&ct=76&x=1&cor=15721191698472490000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame D4BF 11 KB
5 KB 31ms
30ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91d6a6d66d0212dabef4ccfab7d8a29e38be2c12921790594f3a86d886bbacfb

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1j3tz8nvawghrrjrmqa5m5m7q88h7fhn7y86tszcd3cgbb2fzrdmh33sv23w38dtcf86k59wyj8a7m469a5pnb6yqz9zrzdk5z2s93w719gqx5h8jem1w2vf1qzrnch7fntckx1etn36qcfdncfxje9b5wn7z586f1728x71wxxyck3yqtp5dsky0d3p4zwcf766r2v07g9bqqqdaq4wjev8byq59mqqwdevaevn8fgf9nb31azdzssv93sgjrpngyvwrpthfyy14rt83h4np0f99a4agpb4xfdkdpt9dngheskamdhnqp786ky00k4g4jp7nr02fh5x3fvmg1rww2na3490tx2mzshz1fppxyyz9c96dj0231ybjeanhkq66fjyghhkww2gpkr0vnk4ehb9tnkgkecyzec5x2bp5ksxbbsr28&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e29050eefbc373c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:53:17 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4180 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5957357211219&version=m202301230201&ct=76&x=1&cor=13999638763211373000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame D4BF 114 KB
14 KB 25ms
25ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 708011
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1fcMv%2Fdc4LAHcTT6RJE6kVQlSzjiSJUp%2FCm87v6AOoEmtIQrRwHUQPnwNBq6YYr4nY%2FBhEdXHutY266xZOWsVqfvC8uP54Kyb4b3SgO2tedA%2FTJxJoF84cKoeNAQiQ37oj8K%2BIwMo%2Fc%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e29050f2815373c-FRA
expires: Thu, 06 Jul 2023 16:53:17 GMT

GET
H3 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame D4BF 53 KB
54 KB 38ms
38ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1462632
cf-polished: origFmt=png, origSize=115129
alt-svc: h3=":443"; ma=86400
content-length: 54564
cf-bgj: imgq:85,h2pri
last-modified: Tue, 09 Feb 2021 15:11:24 GMT
server: cloudflare
etag: "0a277d59efca0369a6983645e273659e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ihm2Awp%2Bm7cHCwikDULsP8MOIUq4z47smxdqF3bRMbcnuDwHxwvCet9j7Yebd8gpNhjQOxNeJxr9leP1ibTijkVqxqzKS1k8%2BC%2FeoP3gEIItAA4JjGS2LHMFepMT%2BYh%2Bo08tRaKDRRT4hjfe"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e29050f2820373c-FRA
expires: Fri, 07 Jul 2023 15:53:17 GMT

GET
H3 200 AC141A5CBB54977B2534F8C53AC3663BEDFA436FAE3ACD4988B6899C9BB97ACFAD4B76B4BA1B0B0E1691596C153E31B849811DF48CAC56F53701C63564F90B6A
assets.ad4m.at/product_image/ Frame D4BF 33 KB
34 KB 37ms
36ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/AC141A5CBB54977B2534F8C53AC3663BEDFA436FAE3ACD4988B6899C9BB97ACFAD4B76B4BA1B0B0E1691596C153E31B849811DF48CAC56F53701C63564F90B6A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e71afd53d34b1a32c15ee776f34aa51869e45820afcc130ee01477b7e9e275e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 37466
cf-polished: qual=85, origFmt=jpeg, origSize=156576
alt-svc: h3=":443"; ma=86400
content-length: 34068
cf-bgj: imgq:85,h2pri
last-modified: Tue, 19 Oct 2021 12:48:35 GMT
server: cloudflare
etag: "451fa9b02ae7953b9311aefac697be7e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8vOWfijgMtBPfclfCi5iILxwzBXJ9GaIYSZ6Jp5ACIEFK97MGinAdQ9piVS4qFUWURMHYkcEPabx5rXZPFGswt1Qxg1HScT7FFDdXvhNy5BKDWwDb2kOyPm183pXYZikhEiYYz4bZ5%2FxgaI"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e29050f2822373c-FRA
expires: Fri, 07 Jul 2023 15:53:17 GMT

GET
H/1.1

200
OK

/
partner.o2online.de/a/ Frame D4BF
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_t...
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CL2_tJ64-v8CFabzEQgdduQIWQ;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=...
https://www.telefonica-partner.de/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023070617531886585109777X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_N...

49 B
1 KB

67ms
22ms

Image
image/gif

167.233.13.224

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023070617531886585109777X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&cons=0&spid=2023070617531886585109777X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&partnerid=12218
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 167.233.13.224 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 06 Jul 2023 15:53:18 GMT
X-NODEIP: 88.99.63.132
Server: nginx/1.18.0 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
Content-Type: image/gif
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

location: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023070617531886585109777X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&cons=0&spid=2023070617531886585109777X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&partnerid=12218
date: Thu, 06 Jul 2023 15:53:18 GMT
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H3 200 F9B39585BFA0505D63AEC15D6DB1B02D9089CB0BB1445FD9678DBB04C32C81A56DC3B966E24F60B1752A92F908AA27DE3F0994E5B1621436EB0D2328EC61055B
assets.ad4m.at/logo/ Frame D4BF 219 KB
220 KB 29ms
28ms Image
image/png 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/F9B39585BFA0505D63AEC15D6DB1B02D9089CB0BB1445FD9678DBB04C32C81A56DC3B966E24F60B1752A92F908AA27DE3F0994E5B1621436EB0D2328EC61055B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ae6a18b973d0fbd53cd575408e3720cec1b94418b180ab6b83a82611eb1906

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 32257
cf-polished: origSize=233620, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 224653
cf-bgj: imgq:85,h2pri
last-modified: Tue, 29 Mar 2022 07:10:51 GMT
server: cloudflare
etag: "d1d171dd651522f41a2fc0dba256a546"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WqX2aU0T4rkct%2FK55I%2BaZ8ZYGMMMj%2BOUIf0FcuDuZ71mlllOBumpC53FMQlQ2UI79KPUWAvCZFTWRo7ZslEOMuQJ%2BOAa5qW5Tj7VYjbLZFwdh1%2FNfFR0xuKHeVEcN2SCbhR6wFLjU%2FMGvGy"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e29050f2826373c-FRA
expires: Fri, 07 Jul 2023 15:53:17 GMT

GET
H3 200 1408E404D125984EC307986C30204BFB93CEF5A079A8B664A2AB24EB8E10E04B06FC2810F2A3432611FA8E4EB56D40C4CE476E3578F76162AC45AD15ADEE2CC0
assets.ad4m.at/product_image/ Frame D4BF 637 KB
637 KB 48ms
47ms Image
image/png 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/1408E404D125984EC307986C30204BFB93CEF5A079A8B664A2AB24EB8E10E04B06FC2810F2A3432611FA8E4EB56D40C4CE476E3578F76162AC45AD15ADEE2CC0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48544d39ceaebb01d8e31886a19c82330f02125740397558bb0baa16b81b8c6f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17521
cf-polished: origSize=731561, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 651990
cf-bgj: imgq:85,h2pri
last-modified: Tue, 29 Mar 2022 07:03:31 GMT
server: cloudflare
etag: "1b69278243c107df5b11186b1f6ca585"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQDmTtW55Oc4rSQLlc7yXE%2FqvtUez6NqxzOYo9whRUAGmGmj17YNUkovGUr7QSLlH2cATjF9XoiYuLzRPbemfUcOeI01C9xKPitZDL%2BB3mioOEYOkzmLfaw65nbcGvjdXgWkXKnfZp1AutjR"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e29050f2827373c-FRA
expires: Fri, 07 Jul 2023 15:53:17 GMT

GET
H3 200 E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
assets.ad4m.at/logo/ Frame D4BF 10 KB
10 KB 24ms
22ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a85b1179ca4ed7dc5ea897d1b565a69ccae8d2aad29dff7bb874da7d94538bff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2319747
cf-polished: qual=85, origFmt=jpeg, origSize=58124
alt-svc: h3=":443"; ma=86400
content-length: 9782
cf-bgj: imgq:85,h2pri
last-modified: Fri, 08 Jul 2022 10:19:52 GMT
server: cloudflare
etag: "b4342e277c43aad9c5020a04564bfd1e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GDW9sJ5ennVtFtmXzdt1701omXAl9u3iNBa0w%2FufIuJYx3k9nxzeg429iH2FxkdQjgUaSBKjlhUskK3c8RdA1yEZVuqMvjbKd5ii3Pnf9lbAbLfCqKgD9DmWi8T422tEkN1YWhBMAg3NJMkm"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e29050f2828373c-FRA
expires: Fri, 07 Jul 2023 15:53:17 GMT

GET
H3 200 7959CC8A5841863E2029D11337BD9743816B11539BB7B5FE82C05DA418BFFEA9B2B39CC1367019AB169ACFDD5A75E84454CFD285683B9548532D984CEBD8DAF8
assets.ad4m.at/product_image/ Frame D4BF 51 KB
51 KB 58ms
57ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/7959CC8A5841863E2029D11337BD9743816B11539BB7B5FE82C05DA418BFFEA9B2B39CC1367019AB169ACFDD5A75E84454CFD285683B9548532D984CEBD8DAF8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a7f4c8a9af17cac4c92d0fad28e07cc781825be9dd19da205c028b2a49e634a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 37619
cf-polished: qual=85, origFmt=jpeg, origSize=128978
alt-svc: h3=":443"; ma=86400
content-length: 52014
cf-bgj: imgq:85,h2pri
last-modified: Tue, 31 May 2022 12:16:42 GMT
server: cloudflare
etag: "aa8c145ca1b6cb2be4e511f8f6f2685d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpdaU8pnCk4sHKuiYcjezA8W0Nk%2BZAmoplPtaKKZ7RpR5nY0DnmtW%2F1cLF8iwFz%2BagpEl7d8AxemQV8C5IOAPwSZMryAFoQNw0jJIMrAKOPclteS%2BFYyBJ1wxJtNr6wAs23kKTbaEkThJTIL"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e29050f2829373c-FRA
expires: Fri, 07 Jul 2023 15:53:17 GMT

GET
H/1.1 200
OK 2aed39855b5f46b72660fe7fe4b2634f
pv.medialead.de/trck/epv/ Frame D4BF 0
366 B 159ms
103ms Image
application/javascript 145.239.193.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/epv/2aed39855b5f46b72660fe7fe4b2634f?t=htlp&subid=oneidEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrmoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 -, , ASN (),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 06 Jul 2023 15:53:18 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 2D8D984C:BDE8_91EFC182:01BB_64A6E36D_888F836:25BD1
X-IPLB-Instance: 40027
Content-Type: application/javascript; charset=utf-8
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 08CF 0
0 42ms
41ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230628&jk=3255360019821991&rc=
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 3898 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:46:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 09:46:38 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame D4BF 1 KB
2 KB 123ms
66ms Script
text/html 13.41.28.186

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2194035&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1hdkbhxe4bpw0bkmzg8f8f4vmhb9gmxk0cjfx2y93d3qr4rv39brczvryzw6d9vk6skgdcbp0b953006707g4s74h6wjzcwcawhcp3r2qhhdphh66rhq70ay9n4acn5r712a5ayvesg7rjwbgjtsfz5bgyz0aq0bvwcep05pfh62zmegwjdxtxxfcgqk6d5gfz876adg8b5pnrhmztvaymg1pv9by8ve31f5wntc7q7raj0f76tx2qv715vrwtryjg10%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2oneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&viewref=oneidgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMPoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.28.186 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: cb2cbf5a9e2651f66cebf2a13f1de8260eb90fd21b5d94880280c374f2b3d4cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:18 GMT
last-modified: Thu, 06 Jul 2023 15:53:18 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 06 Jul 2023 15:54:18 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 2CFF 0
210 B 53ms
53ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688658794973&userId=vnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 06 Jul 2023 15:53:18 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FE00 0
10 B 9ms
7ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ATmdxQ
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:17 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1019 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3944740305196&version=m202301230201&ct=76&x=1&cor=5245267120890927000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1C11 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3250438469845&version=m202301230201&ct=76&x=1&cor=7740164138472844000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3898 0
11 B 6ms
6ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?lTl-mg
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:18 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame D4BF 85 KB
31 KB 106ms
22ms Script
text/javascript 13.32.145.36

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2194035&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1hdkbhxe4bpw0bkmzg8f8f4vmhb9gmxk0cjfx2y93d3qr4rv39brczvryzw6d9vk6skgdcbp0b953006707g4s74h6wjzcwcawhcp3r2qhhdphh66rhq70ay9n4acn5r712a5ayvesg7rjwbgjtsfz5bgyz0aq0bvwcep05pfh62zmegwjdxtxxfcgqk6d5gfz876adg8b5pnrhmztvaymg1pv9by8ve31f5wntc7q7raj0f76tx2qv715vrwtryjg10%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2oneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&viewref=oneidgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMPoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.145.36 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:04:16 GMT
content-encoding: gzip
via: 1.1 f1c346ef88f452565cb5e3b14fa76bb6.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: CDG50-C2
age: 2943
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: 6IkpJP7jWvEsxKvsBcMDV0um9rqxqIUt5nwBvSGDQiyMqQuDP8xmdQ==

GET
H2 200 link.html
track.webgains.com/ Frame D4BF 48 KB
49 KB 69ms
69ms Image
image/gif 13.41.28.186

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgdedup=1&wgcampaignid=1384975&viewref=oneidgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMPoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wglinkid=2194035
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.28.186 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: e634cdea6fc8a42921753f7da1799c4719b763400d8891a778bdcc519e43c919

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 15:53:18 GMT
last-modified: Thu, 06 Jul 2023 15:53:18 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 06 Jul 2023 15:54:18 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 204C 42 B
64 B 41ms
40ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsugeyvst4O7TfJCR2Ea6Qtpr8UBegLQyKtAxFa0RfRPtqGMw9uN9iJbVWC1xLAjYMprgmGad0h1kMwgDtgSzqHbIrpbMSyhsiGrgAN8DoYe2soNa_BH&sig=Cg0ArKJSzGGNGX8ZQiKUEAE&id=lidar2&mcvt=1011&p=0,0,100,320&mtos=0,1011,1011,1011,1011&tos=0,1011,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=0.94&if=1&vu=1&app=0&itpl=19&adk=1502660170&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688658795649&rpt=1452&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/i_vb2/ Frame 2CFF 0
210 B 47ms
46ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/6363a944e4b0125bde9e6739?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1688658798282&userId=vnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 06 Jul 2023 15:53:18 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 2CFF 0
210 B 50ms
50ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1688658798282&userId=vnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 06 Jul 2023 15:53:18 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 2CFF 0
210 B 46ms
46ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1688658798282&userId=vnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 06 Jul 2023 15:53:18 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 2CFF 0
210 B 50ms
50ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1688658798282&userId=vnet3a9adaba-ee08-4c52-a7f6-a15b71f6df66
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 06 Jul 2023 15:53:18 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3A17 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst2-MulA4s1zTWbE9vXWtDZYRHfk7nDDIUDNyceSQzpojuoxxM5aGQPOfykCM3QcdWgYseQcgno9D0b6Ks98JUH8kvrSxqkyv9yzsmTWhOIVUaq5BGe&sig=Cg0ArKJSzF-cw6idTNUVEAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=2912144807&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688658796085&rpt=1355&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Jul 2023 15:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 204C 0
0 43ms
42ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230628&jk=2092179117275694&bg=!HxylHEjNAAb90kgr3dI7ADkAdvg8WuQG8c-k-3R9TcykT6QCVV2PpFxhXH6EhvCjfc5eoZBoKH7ssuGtuSWh9cJ9Uvg79nMviuECAAABDFIAAAAEaAEHmQMRrqncdHPSaEo9Svrc1mMFegtshDhFYbs1uO8YVGoMhX7FZKMiZFCLod87mwf0hW89FPzmsPB89J5pijnhFCiY0xWo-lgL4ZWaReHqJ8-6xPRQLgC1DjmEDDrGwpSyWZ1ii8gOYS0SaBT2jKvG4j4QbynQK-uUsQqZrF5qf-E0cYIKINJuB1_n1TX1bUv3SD_Rr3iH7vaatLsokC2jnbbP3Jk5nYXeVKvS4IVeE4KektTFWelnlc8Wg9DFND7S7ltOPEngaDEs2KCmei1K8_Cs71-74IHCTNNXV_vKXgGg7lZCr8FxeY9rJv56WMbJy1tSvAjUXkH1ygj3GhDtOHCmGr_fjWx1uAd9bhD4AEGix9Wc4saPX0z0Sdfd7KzzjHTls_cDHv-0j06wCBiRah53989qbY0aH8WtQduWBV96BF8l5gc5aAmgbjwR9epvz13nzErGSvT40G1P0YRX-6-_eBscZyeSk7cF4h5ubtgIR8s29eEkHTVocSU6kXuy8vmaLX1yh795_B_ZyCrLwJGbMTmYMiK2kZ3XK5C1NwN020DJHJL36V1ZluQmXH1-UO4iRdDDo_fL309uQvKvpTaRsIRH86Jr956AvpzCOmwIM2L5l2QYdxny6XR8mXwjj6kUdpKp_A8rTYhcYQQ5jTDlDWL4CFwQlOzIEzChKsYQ0kDHY05QalJK7YwzpV8CxXV3WSArvgvDhkyw1ZlEV1sAXLEnfP4w_P44yOXjhYgxLPXHdqf23jmc954lrj2qVNNTe2U5QD5WPgulbQCEEzKc6Dubm2BORqKCVg2Qg_moOSuMCDua6R5xZh0b5b2CAFRR0CBh-2XBkd6SV4pxwGeTgdyRZ9AVSmjeVtUpqSh0VM2rOyoxw-raMGOrNF_biuAbY1fLJFW6M9DytgIUNBBaPiF7vJZj4EqBxkwlJQwB1qH3KG7KNNESreOEVqNUfzl5LgKxgtY6fdcoeSDy4N2ptkiZQLTRsJp6Glov9z3JebOYaiPakhK46LxEssYnYiBqFWqJ8VrRDCUUWAN8z9AxFnk
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3A17 0
0 43ms
43ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230628&jk=3255360019821991&bg=!0NOl04fNAAb90kgr3dI7ADkAdvg8WuZIli-zIiAJgoI3VRpYYCQ9XYYMQJxV9bLGHRIBGpPkgy8qBPLaqR1Z-aiD0y_MjXWtadMCAAAAi1IAAAAGaAEHmQMMvRoT--05IzoJi1FZExHL4uV2IYxwVyiV_wnAzzwcUnM_cbuL8uPM4_CboXFP-0pyMdD6sc5n2ie5BEYQ_6iA120EDJBMACgtbqloBpySCkUZ26Q3QX19DodqPc4JtT_yGkrHmXwwWf87Zv2hCySAOdQte-nxguCxBkCAlKyoiz0-O_3jC7osSHdpo-Zq-AaHwy7W1dSB0OWcXID6KeprTxoTsUFVn1TuRnwSpJzn8EcXsIagB8Whp1fCA9wPFaISttNyBCJrdJ6Trvcv1S0ETniPQBvcxhuMxpHNbSPUMc9p-uoX5NP4pyz6ThILjnI0AzDZl6E_HjTsKEGke--M4ZHO4AvEhs9D6_b0TuY8dZA9WqBuLVaPf83itay7PedWtubZ3nNpY4C0IhzeVF1ZgkBXLDIftP7KytMW700V1-k0Qzn8Uzk0qH3usPFuCbNVTE50AVMSE0q2GWVljN_Jt_1wFUQlvsEi_joqoJR-8SCgMMz-mSDUbZvZ_TZByBKPl1C3mMMWgfzwK55JnrQaaQNqKO4H3DwYsTnSmJzpf17rPKKpfyUWYf37hLuHiD-rh6GS3_67VRDmtiu-1digHaZ0dke36LkG6EVae1cr5UvMHolytxi8-bX8sl9Y1NcAqAQopeky0ssQTTpxNN0FJhZT4gLbkxZr2gQq9hEej9a9JWz08gysLbxJGzRmsKT8CNes8Tb7AehJ1UuwA6Fu7lNyd1XA2mlcLqsC6VkOXOgubHAS_7WQqYh4CiP7BMQ_H9cYuUvpq1tlNj5lNzdyKYAKKSw7_gHi0VcxfChl-fk487TgwwdfkzucfuGFOw-2qYgULhHRtbmA2Zcg7dJlHIjPkXqz7PZJdcJymLoX3csc-BgrnfHQJjNd_y98Q4xymUpFNbHF8tcZGzNx19YejHT59xY-k1YiwqJqXXVr4542MZhScv89D7u4YSPjlRV2jyCuyvHnFyPGuhzwaBkh71s1dxUiczNqPI0y5M5jqg9J-fFeVk2nYIZURSDKkLDIpZCd2odSEpzSHelg
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

POST gen_204
pagead2.googlesyndication.com/pagead/ Frame C33A 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8533414987491&version=m202301230201&ct=76&x=1&cor=1639417165347488800

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:25:54	Name: IDE Value: AHWqTUlw3qhXtiDJeyPAuQItbrGhOrZSmRYjrBk4hxDBJsNggtJOTHHtH9qjgkYsRJM
.doubleclick.net/	1970-01-20 13:04:22	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 15:13:54	Name: uuid2 Value: 5706899481225556188
.adnxs.com/	1970-01-20 15:13:54	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>uKTel4!@wnfH8K6pQK`!5=E<L5?%K5^in'44g/Va0s+2Rid2=+gYBa'@<h%.km>!HbpRzqF1`b_m7*3PZ?
.casalemedia.com/	1970-01-20 21:49:54	Name: CMID Value: ZKbjbCcURQXzoM5TmRlrZgAA
.casalemedia.com/	1970-01-20 15:13:54	Name: CMPS Value: 1145
.casalemedia.com/	1970-01-20 15:13:54	Name: CMPRO Value: 1145
.spotxchange.com/	1970-01-20 13:44:37	Name: audience Value: 38793f0e-1c15-11ee-8bda-18a305860306
.blismedia.com/	1970-01-20 21:49:58	Name: b Value: 64A6E36CF5000D497EC8E96CBLIS
.travelaudience.com/	1970-01-20 22:35:59	Name: _tracker Value: %7B%22UUID%22%3A%22024A9D15-527C-44AA-BD35-A4E63BA2BA0E%22%7D
.turn.com/	1970-01-20 17:23:30	Name: uid Value: 3503459121333966790
.adform.net/	1970-01-20 13:48:57	Name: C Value: 1
.adform.net/	1970-01-20 14:30:42	Name: uid Value: 3752326860133713792
.bidswitch.net/	1970-01-20 21:49:54	Name: tuuid Value: 42689c5b-8290-40ae-a46b-63f04ae2152c
.bidswitch.net/	1970-01-20 21:49:54	Name: c Value: 1688658797
.bidswitch.net/	1970-01-20 21:49:54	Name: tuuid_lu Value: 1688658797
.bidswitch.net/	1970-01-20 13:04:19	Name: google_push Value: AaAOQGEsUd5pPybDKGW3NbSSL7gw9dgmx78N4ww7LW5rnwQfVJkbObKKwpeg4fKw5clVbpCjhnl2eJkJglo7QAZA0IG_0lNxHDYSZg
ads.travelaudience.com/	1970-01-20 22:35:59	Name: _tracker Value: %7B%22UUID%22%3A%22024A9D15-527C-44AA-BD35-A4E63BA2BA0E%22%7D
.w55c.net/	1970-01-20 22:35:59	Name: wfivefivec Value: QhuhEFE51Qhrid5
.quantserve.com/	1970-01-20 15:13:54	Name: d Value: EAIBCQGzKYEA
.quantserve.com/	1970-01-20 22:34:33	Name: mc Value: 64a6e36d-31e7b-22e39-9d875
.de17a.com/	1970-01-20 21:42:42	Name: guid Value: 1.5129075484558886527
.w55c.net/	1970-01-20 13:47:30	Name: matchgoogle Value: 5

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plaf=1%3A2%2C7%3A2&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688658795102&bpp=3&bdt=852&idt=220&shv=r20230628&mjsv=m202306280101&ptt=9&saldr=aa&nras=1&correlator=8628788198312&frm=24&ife=1&pv=2&ga_vid=1324139947.1688658795&ga_sid=1688658795&ga_hid=1222930158&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759837%2C44759875%2C31075645%2C44788441%2C44789818&oid=2&pvsid=2660720424135804&tmod=420154949&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.kt9gkv668kix&fsb=1&dtd=232 Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://as.ad4m.at/ad/dr?ed=1grzkdwnbc4qnbr44mbea6jq8kvxv146qet84v69bnt8xvysw224176bzx9b17m9zjb2vd0ep5t2h8h4cvt5akg426r98zydhv6nkd1mzgw9jzxfnkbyya36p1cjjm7q748ypwq5x0qzzrc25vx5ds1z34hx93csac9qbp1nttrk81ezdr55jr7ymh0wg0zsktn3dx3bwzbr3p1g5znpceghvvqbp23966298pvy16fxww3sa6jr5ngcr7yp29ns507209gd9hnjzyx0wzwz13x69xnbzn0n22ac3sfcyxe6aagen8wngzvhfr888t4cpxmwft5nmpa26j76symnyvndca5qhmxaq1nvv4ja08ydh010bks48hvvbcj7h1rcq1pj2mp85s79r56rcbtgzysxcqzsajpp6t8h40f8xgkdvnrp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%26client%3Dca-pub-6593523210010154%26adurl%3D Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://as.ad4m.at/ad/dr?ed=1j3tz8nvawghrrjrmqa5m5m7q88h7fhn7y86tszcd3cgbb2fzrdmh33sv23w38dtcf86k59wyj8a7m469a5pnb6yqz9zrzdk5z2s93w719gqx5h8jem1w2vf1qzrnch7fntckx1etn36qcfdncfxje9b5wn7z586f1728x71wxxyck3yqtp5dsky0d3p4zwcf766r2v07g9bqqqdaq4wjev8byq59mqqwdevaevn8fgf9nb31azdzssv93sgjrpngyvwrpthfyy14rt83h4np0f99a4agpb4xfdkdpt9dngheskamdhnqp786ky00k4g4jp7nr02fh5x3fvmg1rww2na3490tx2mzshz1fppxyyz9c96dj0231ybjeanhkq66fjyghhkww2gpkr0vnk4ehb9tnkgkecyzec5x2bp5ksxbbsr28&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%26client%3Dca-pub-6593523210010154%26adurl%3D Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=3e77392f383aed809b6b2caba5d05ef3%2F16291801696100112602&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797420&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krkhdwxfs8jneybn7hhbm7p13mtsbaadvsdstxtsen7k8rx3hegnfq0sa1bjstktak5v4py534r16yzsne8cwxcr8mbebfnjn3mma19y7n3zm5288cs9pn6042j6kpnadqrg38dtc48jpv9vm2t2rg496dkx8877x55tbjvcrg2t2nzpxw4vt13bppm1p7e3gz81fvffabxapxh3ysepymdwdbz7vpqq76md3etefj6ss5r6k4ysshh8q8ast833535gmvsga7a7act3g60%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJ1kwbOOmZM_2BfScxdwP9fCJsAmQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI5ZrAVnUayPqgDAaoEsgFP0A1aubT26-LFByKykAx6BBl88LU3ov8EJdgKnuhnQ4WtVPtr0hfEIrgEIFYIXBqx7gX2XTgfykk5C7QT0D0HrNraBTBcLk64u_VGOVUCmLXi7DHc-LYjEMd8W6vssTreP68KFLNLn6t1ms9HtD9yUULBpaE2a1pHyQfJHQn7paKhWF8oXclneD7ACdBIhrBEZlwBkRhu2uG6bCgUU405oal4viJWboIEqBQgA9X2NS0FgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1Ot-IVByH66VmxcZhxPgYkUepCJw%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0 Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=13957%2C183975%2C15573&b=YxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2CgVXF8frfY8G9CPHbH8t5tr17hmSQTm7VFMP%2CEjeTDfEf7ZwtzHAHjt4t7Q1HKSVTZAGTrm&f=q4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CBjeTgfPfxKAmaxH6H3tgC6wVfjSeTmVpFB2%2CADeFYfqf3W6UAHRH4tMCKdECRS4TDVQTAZ&c=300&d=250&e=&g=93c48a32c41671e3505f368d53414dd8%2F8336733885853182291&i=20774%2C20597%2C26474&j=14%2C21%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688658797837&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j62s2wwccta64wzyw6s901cmfpyj0s7bf82jkxqttgpc0s4sc8n8s3jbcgrjvesawev3bzjegjjqvbjam9spyt4rzr5x74csc4936ctsce52rc7377h88evwj1p82v7ssc38xcmh1scvhwvpqfcz5fstvw2dezmy06q4ybqythv5h09n8za9kjsbctb9hwj2ye3cbzmbz1yfzn5xvth22n22k11ctfx6kf6b1e630dz62k5b073cg7eyt5n9cayfn8j4sk291q34mrtkqk0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCicOdbOOmZOaoJ7SHiQaRrq2QBJDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAnZ8ZUmnObI-qAMBqgSyAU_QI5rjSmqG75Y6t1SmLlXJPfr_MF0ikd74ZVbNCUESUpFHPITbDJ-pXhBVPhMzAH8LirKHZfY4Sn0bCRzktqjcrB5RR8eY7mH5iPCTFYeVGb9JBzQY8KtDeUKr-qvRcjtzpV_9gHfeDLsBFbLs6oPmUX4p53GKsRe2m-5HqDzTfox4YgUs9SIFQVDTANGH1K2EvkUy6Xh-0Bs_1K_6A7w60mCGNhLfPUb7xj1azvAWjayABp6-hfn80dyG3QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_29IJg2Fa8kRC09KYMCAKeu-5mKGA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0 Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax.amazon-adsystem.com
ad.doubleclick.net
ad.turn.com
ad4m.at
ads.travelaudience.com
adservice.google.com
ajax.googleapis.com
analytics.webgains.io
as.ad4m.at
assets.ad4m.at
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.ampproject.org
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d5p.de17a.com
dis.criteo.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e226e1918cabfb328061a19cc21291cf.safeframe.googlesyndication.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
images.dmca.com
imasdk.googleapis.com
match.adsrvr.org
ng.virgul.com
ng2.virgul.com
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
partner.o2online.de
pcloak.blob.core.windows.net
pghub.io
pm.w55c.net
prod-rtb.ad4mat.net
pv.medialead.de
r.turn.com
s0.2mdn.net
s7.addthis.com
securepubads.g.doubleclick.net
static-de.ad4mat.net
static.adsafeprotected.com
static.virgul.com
sync.search.spotxchange.com
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
track.webgains.com
ups.analytics.yahoo.com
us-u.openx.net
www.awin1.com
www.cloakan.co
www.conrad.de
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.lead-alliance.net
www.telefonica-partner.de
x.bidswitch.net
ye-mek.net
pagead2.googlesyndication.com
www.googletagservices.com
104.64.118.247
104.75.88.126
104.75.89.75
108.138.9.235
13.224.89.83
13.32.145.36
13.41.28.186
142.250.181.230
145.239.193.130
151.139.128.10
167.233.13.224
172.217.16.130
172.217.23.98
178.250.7.11
18.193.242.108
185.7.176.222
185.7.176.223
185.80.39.216
185.89.210.212
185.94.180.126
20.60.220.36
2001:678:cb4:bbbb::11
213.155.156.166
2600:1901:0:76b9::
2600:1f13:800:7782:8fed:9484:95d0:6996
2600:9000:2450:a800:8:48e:53c0:93a1
2606:4700:20::681a:71b
2606:4700:20::681a:ad1
2606:4700:20::ac43:4a81
2606:4700::6812:7e05
2620:116:800d:21:b314:a0ef:ab7c:d546
2a00:1450:4001:806::2002
2a00:1450:4001:806::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2006
2a00:1450:4001:811::2001
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::2001
2a00:1450:4001:829::2004
2a00:1450:4001:829::200a
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:831::2001
2a02:6ea0:c700::17
2a03:2880:f084:105:face:b00c:0:3
3.75.62.37
34.102.243.38
34.160.236.64
34.96.105.8
34.98.64.218
35.190.0.66
35.241.45.217
37.157.3.30
51.89.9.252
52.223.40.198
52.29.25.103
52.49.75.151
77.245.159.14
84.200.5.215
94.138.206.83
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
01204747c552676cceff27ecab875807de15fc28860715608db3d368ba736b3e
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
02ce1da9dbab20202616080b3232910e93708f4fe50e287ace868ff87685b0f1
02e7535563110e913669c43b9233db020deb9a4b0eaff84ab9de1b55b8ad21c4
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3
0486d620f8c483ed0fa8b56edfef5799ede455138606b4392604174847199be2
055cdd05e796f4d0f1646fc1d6deb08100e4039b711bf29f440db5f1c0699d34
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
072f9ada3dbd90a670f75e51092ab23ba99fde1322fc2800b3ffc5de91712964
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
09770ff362066a199024fe4720a4c1c85724adb439af8b2ab5254a4155b4d696
09a55a6be3be55d714020d08fe7b34f60619f93649c7dbbdaebf2340eb7505cd
09d46eb1397a55833670832dcac4edf7f7e1d2b170b3eb7c11557cadcfe0a784
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba7815d5a25a8e7ec1e4cf95f9af85dac9e452444723bfd70e254ce11e25b58
0de649ad4e9484db0bad1efa8d7a27492c7e08b2ff530e88e2643828228d411a
0f7226a27d44ba3b13a34640b036b2d2666f057b039861b781576c4bf8308642
10b4a5993395ec976a13b48f92dbd1adcbd98e3cd36f3447a31524c185ebeb50
10befe8e021bea12e098a8dd9398464fdd6bfe403ee282936ee7d7cacd3314c5
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
17161789662498342bcddeec410c1700c09eddcbace6cef97762e1b657553c75
1792ee00a46c1eb10a64eeb031fa16aebbe0ff146875b607c05e20c637d79a0a
17db0bea1f221d6ac0a069a2f2634ad0eccb523eeedc853f16a007370135700b
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1a60f2cf6a7b21dbe8e153be265e9ea10c2d4b5faa4fe3d420d3ce28db6d7da5
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1cf9a10dcce37b965ce09235cc7f8fde8dd285afb1d06ef894966d759e6dbca8
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
2180f29f86c7567e451861d1c1db1df4e665191dbc790c421a2b168138336f3f
21d3e81e023d4e774a01b3d0a191729cbedf317e27475e3d5555c6384ba6a76d
22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437
234ea698174488586fdff48dc31715f87142f5b9ed08e62f632bcac17791c098
274d7c618c1972083333f7020a9768ca0d10519473f54110f184e09d269bdb47
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
29b4da2fde5c9ef1da7a852440ed34e28a6d3f341a3aabf54fe224bd662b3e0d
29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9
2ac4a807a56b44b12aff4d0c1fa110cc6d83394fca1c3a15f8085b6d9c13072f
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2d33980a12f4cf346ee483ef70240784e4a75d535ca9a1ebb122d4f585d84305
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2d5f894c0bc1b6fa916f7051b02f1d7bf524e6849e2864ca87ead888f213c32c
2eac5014c6a4d3caaf4a4ad525637c9033c42a9263bdf85df1649f768f84f0b6
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
31d670f544d0cdf84cbd8e8e304d17f02d7067575f4e2c6ce74624047cc6cc56
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07
3d38824ade153944f94fb1040acaa7fb7e997f765e459dcd86cee55e174f69b5
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
3f0d21ed99dd514e23c62900e74f9178645ff8e7df24471e1780d022fdf88af5
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
4131404c3a3c522fd358bd21a8aa2ff219da76aa6b04c5b315a4921bc7d19d00
41b9b9d488e3a57902a671111dd089363c2f7d3a41ec3177f196abbb7cbac078
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
482607542195df4a5a734af958d31a33f3f5b8f8eca403ac870acd1a6dd90994
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
48544d39ceaebb01d8e31886a19c82330f02125740397558bb0baa16b81b8c6f
48925fca00d6c2b9bbda2d9aafc04057ca8f885d35a6082b59b98b8e54019c99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49780adbf742b87fcbdbcd63f63e781fed3bdae35ccdd991da86bf4ac190e009
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4be5929a878e52bec4bc4e34197c6f2cbd2e25263c2232969ca326872c20078b
4c6847d6c187314e234ace1a963c78c659d2429c0790444c674b5d72180822bb
4d24a3646c524336d1a00d5102a4fab0629caced791ff7f05a89d12253e147d3
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f5215cc619fb40281bfcdb56a9e0209b7b194b1c14382b053c020eff0a6a2b0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
51c4d03749ac28d2f3fc7a4e54d3ea8d8bed82d778a84f67313895be2c693865
52337cf2499996a25da3c2f17c8e0492c2d728c4b22bdd9b4da2089fcedac9ba
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
54d132fb58287602c5cd91cb07939980debaf99f46395ac5bf5992aab2c6b8d7
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
567509cf13c76168173a53ed6821184df5fec61ec21aaed69f5f4aab89f0821a
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
587eb87a9528a3580cb62d9bbae5f70100df0f2843e52d501fe6a4819d64ccd9
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5af185c4ee2f05f5e2f6407594cd75cb32129871c2ec0f0957be6d3129a8cf54
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971
60254d515ff1afbaa471e1e67a8af33cec45b8b4c21b11a2e3b682684d1edef1
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6249b6c5546ab09655fad34f41396d24047307961eed88d41f21144d10658ea3
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6625f8aeecc3112a534b4448a293d91a4d557aa0f0efc1a7efd04ead590778dd
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
6716a69ba6c145efe0304eff8b3043e6fb6c00f3997ba62439bceaa8a3f7a411
6a7f4c8a9af17cac4c92d0fad28e07cc781825be9dd19da205c028b2a49e634a
6ffa99b57a3f1b90eeefcad6b8d5bf8535d948357820c6c1dc41e0b31ab22633
72356b8137f173857b5b6e53aea8bdc4347b5b10d3a1a12298454379bf6e95d7
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
79cc0de9025efbefae5ae3b4c382540ab104ad1521c1ea00bc559942dd0895e4
79df219caad67d0532cafcf090c583e3c7043ca3cf472700f881d68f255d94b1
7b17d2d0a88d045b86c025e6a7978189716ddd6776e975bb9de1ad43be17348f
7bc5190432005d6132efe88fcb9b367ba7becf5fae2b547f6ce18e1be9ffb22a
7c61fa1cf06e1231a6cbcbd22e6fd065c2934749e2e2af038318feaa79f54c93
7e10c75356ec658e2f2fb4a409b04977fca9251f009aa4518d20c96ee4cf3440
7f4601ae25dd1cdd382d2977d98833cf5ca4e395392f97b0b244d3bdc761c486
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
81edaeb1fa8ee92d6ff74b25c17ee3c4281188958a1e5506ccb8fca25469a639
82749778c83a2e4d344b39fb3c5beb12cf7a81d65423b4a8d446b41caa8e9c3c
845eb9ea29b7a5637e5caa0a807e46db1ad49dd0bfd4dd1145a6ea3e6895555f
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
8ab758e32437cf86d59e683d808940365c56bf6893f391a96d19e731b21bf154
8d217a0ba13b4d33c2d1ba046f7be4a494140cf3ffe9ead9d56a6c009d3aca69
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e71afd53d34b1a32c15ee776f34aa51869e45820afcc130ee01477b7e9e275e
91d6a6d66d0212dabef4ccfab7d8a29e38be2c12921790594f3a86d886bbacfb
929ff9efd41a389cfb2f77e66500bfd62950e3bbaad165c651830fe28ade814b
961b64817ba01f674d1a51b15ce211bcaa9232ae3d441ef67f614fc40d411ac4
9624f1a9d6270645ab432aded66d533d9ada601d31560d8329fe3c4d9fad9f36
987661af2505d84576a6058c6afa89ebbfa78c0c6de5ab5a48fe3a8bead6cdf0
992ae0b671f30ba5e941a45c2963bede77df40b511bebb3594991ab412e90373
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b0cb6e6dea44f630d8b2ff60353714c253e2756a4a792d58326ea10df0f9780
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a09a0a0b27c17ceedfae9a0c2db6819018ce22c4630ae3b4f8b0a75bbb0a86ae
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1d150f2c50d5eaf7b24fde4c1e93918f23edda182d31cbe43461635389fccf2
a1e6952582dbccbab77a8f077c2b160bd137db15e10b07f6713bddb98178d6ef
a294a38ea4b9a3ceb77299626c45d911332e5fa71b803e99c9bccce17d632df4
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5b65df4098cbd479526214756b32e7aa9cbfa7f28646710fb7b710f5a729ce2
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a76745c954cf14052dbe9972f67b24f3cc3b994cf6b73e9c2695b8d22682ea90
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a85b1179ca4ed7dc5ea897d1b565a69ccae8d2aad29dff7bb874da7d94538bff
a9a352097bcd435d948bc34267a5f735aea5306ace7753e094ab33de62c66312
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
ac546194565bbef33495adfd3072005ecb03e2563f484d0228435a8c4ac42f51
ac75a37acc4aafd6957a795a25f094543dce2876dbd121ee725a7478b2b4641d
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
afd7c7e6a78cab36a6fc20c9ff4f350e690399ffe2d65bce98e49a346346187c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3d1c33e353963271fe4c7c9a8a777c6f248cb3c098bd566766c5b6de3bfad22
b4663cfbe3aba38767c856864d0f5f018abd5505c553944f41d478ff4d63bc5f
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b68f2a73f028f29ced279b76feca752a786e33c017cefe59ff86c14441643021
b927930fac90644d24523c173be181b6ecf87293484531a003184e2cfa4a38d8
bafb6f1a7966556d8f77b6e8f2015033d8d39883c55b46db687ed299f6d57a80
bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01
bd2f61ad4797bf312822bb55a9ab7d3167ecf3f07dd77fb51cc2e2c9e9a16ff7
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be0ae62f32a3fe0133e8e49216d3bbe15fea5b10d567164a45d3a138bcae8dcd
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c0cf847dfc82a6d56fe265db907b769a15271829d37f96a2e4ddc8ba341e3b17
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c2ae6a18b973d0fbd53cd575408e3720cec1b94418b180ab6b83a82611eb1906
c3b7a86849ab0b7543e6070630f3a4b2b34b82ce17ca59230c99afb559a33980
c4551d9c02b370243ea5e05230e649be8b92676e74298ebe48a2f6ac5463727f
c52e2a15cba5be54e6986bd808f5a6aa6705b0efffd9379feb005dabdb748e32
cb2cbf5a9e2651f66cebf2a13f1de8260eb90fd21b5d94880280c374f2b3d4cb
cc0069f058d2fa9b49d532f665bb400ba56154be047eb48945417409d4a124cf
cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475
ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1ea01c7916bb81513f18a61a66138d20a0ed950361ff98535412e22f62c18a4
d54e2431496ce2ed854c20c9b9cea457f18a519bbfe1e3fe35edc1b2779a9c24
d82c4906e4b728e92a7fcec80c1f8bcb5b16502d30a9de09a361dc503a70145a
d976a6e8b8eb97f60affccad54e6f39a7db1eedfc4e8a3cad2bde80637b94c58
d98024e61787e1bdd709f051b35af56fad581b55527b74b00717435db4489828
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
db080a8c694b59a77fd9f94415e96397ee8ac1a1897095fac871764314d45a2a
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
dbe69d85fee1f6c4a0ae57e830ade12777ace8b9cd366946e17626b9a1af3bc6
dc63503c3f3c59f9996f4ceee5ed9bfeff55f0714094188f7a9174e6a15a2a47
de3e960c740726916d344e9ac9d6bcc354ba3a160c141ecb3de2a5dbe96a5e6a
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e634cdea6fc8a42921753f7da1799c4719b763400d8891a778bdcc519e43c919
e7d8342248029f1df308d3f2cb02a6a7a87714307aca80532eb853c198cc92f3
e7dd5dfe52b7c79ecca9a59cdc14fbbed57e18abbc4cc69a2ed9564e8888ce5d
e7fbf63c63a233c218d1071fbbe249a2205290bd75c8278b68ce2e384c69b5f8
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
eb8e687f8ef4d4838ea77f88aa15f238529f8273aa2d22b7efc8ff18460f7757
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3944ab93f530308ef44bfc07daebe202d21c62e34bfbdf149f55875aa51b927
f3e2ffee073e1eeca325070e1fa175e2a81fa40149b5f5d79fec954ba0a8112e
f440c16c8345f330d5aa6ecf31a9f62e82239f767403a8ec0ed00f444271095a
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399
fb9ac4b913ac47cf0a369f46cbd8c62a93eacaf589a5d9ed521089825007ad11
fba73c5ecc7a5b5e9153aab5f9ff8c2edd7b12176dd446dbc0cd1eb34f76092f
fc7a16817ef85c26945edbf2a928b94cf5ff5795f711b56c7a948145244a887a
fe665a455aceb9598500cae8ccd808cbffe5a3525c32cdc7bcbaa0e83a58ac0c
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884
ffae8fb9199235cf70171d14a964159b4eda2da695a258c2586de98e3cb27bb2

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

421 Requests

93 %HTTPS

39 %IPv6

48 Domains

68 Subdomains

53 IPs

8 Countries

7796 kBTransfer

15808 kBSize

23 Cookies

0 Outgoing links

Redirected requests

421 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

421
Requests

93 %
HTTPS

39 %
IPv6

48
Domains

68
Subdomains

53
IPs

8
Countries

7796 kB
Transfer

15808 kB
Size

23
Cookies

421 HTTP transactions
12 data transactions