pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Submission: On June 30 via api (June 30th 2023, 12:17:42 pm UTC) from TR — Scanned from DE

Summary HTTP 318 Redirects Behaviour Indicators

Summary

This website contacted 45 IPs in 9 countries across 44 domains to perform 318 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
2	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	23.206.208.114 23.206.208.114	16625 (AKAMAI-AS) (AKAMAI-AS)
19	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
13	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
52	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	18.66.23.147 18.66.23.147	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.173.191.32 18.173.191.32	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
2	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
39	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
11 35	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
4 10	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
4 7	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
10	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
2 3	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	16509 (AMAZON-02) (AMAZON-02)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
5 5	3.73.11.83 3.73.11.83	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.130 193.0.160.130	54312 (ROCKETFUEL) (ROCKETFUEL)
1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
3 4	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
31	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
6	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 4	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	216.52.2.39 216.52.2.39	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1	185.86.139.103 185.86.139.103	201081 (SMARTADSE...) (SMARTADSERVER)
1	213.202.235.8 213.202.235.8	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 1	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	37.157.6.237 37.157.6.237	198622 (ADFORM) (ADFORM)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
2	141.101.90.98 141.101.90.98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
318	45

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.208.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-114.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.23.147 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-23-147.vie50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.191.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-191-32.muc50.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 172.217.16.194 (United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.89.210.122 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:c5a4:625:6563:a5bb (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.73.11.83 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-11-83.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.130 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.89.9.254 (London, United Kingdom) 3 redirects

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:12::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:19ad (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.39 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.103 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.8 (Grenzach-Wyhlen, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.237 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.101.90.98 (United States)

ASN13335 (CLOUDFLARENET, US)

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
97	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	742 KB
62	doubleclick.net 11 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 346	412 KB
42	ye-mek.net ye-mek.net cdn.ye-mek.net	606 KB
31	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 325	1 MB
19	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com — Cisco Umbrella Rank: 74231	232 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 391	218 KB
10	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	7 KB
9	google.com adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	1 KB
7	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 257	7 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	126 KB
5	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	3 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	280 KB
5	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com — Cisco Umbrella Rank: 88	215 KB
4	tribalfusion.com 2 redirects a.tribalfusion.com — Cisco Umbrella Rank: 893 s.tribalfusion.com — Cisco Umbrella Rank: 1946	2 KB
4	onetag-sys.com 3 redirects onetag-sys.com — Cisco Umbrella Rank: 857	1 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 862	1 KB
2	o2online.de portal.o2online.de — Cisco Umbrella Rank: 61931	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 633	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 812	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 1067 r.turn.com — Cisco Umbrella Rank: 3947	869 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 782	1 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 374	964 B
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3235	207 B
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 422	1013 B
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	cloakan.co www.cloakan.co	1 KB
1	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 338	125 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44074	645 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 796	578 B
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 982	245 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1777	583 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 981	710 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 11731	1 KB
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 922	45 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 608	363 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 977	761 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 8041	589 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	362 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	82 KB
318	44

	Domain	Requested by
52	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com securepubads.g.doubleclick.net pcloak.blob.core.windows.net 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
39	tpc.googlesyndication.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com securepubads.g.doubleclick.net ye-mek.net tpc.googlesyndication.com pcloak.blob.core.windows.net cdn.ampproject.org s0.2mdn.net
35	cm.g.doubleclick.net	11 redirects googleads.g.doubleclick.net 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
31	s0.2mdn.net	pcloak.blob.core.windows.net s0.2mdn.net
13	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net pcloak.blob.core.windows.net ye-mek.net
10	cdn.ampproject.org	securepubads.g.doubleclick.net
10	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
8	ng.virgul.com	static.virgul.com ye-mek.net
7	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
7	www.google.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com ye-mek.net tpc.googlesyndication.com
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
6	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	x.bidswitch.net	5 redirects
5	www.googletagservices.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
4	onetag-sys.com	3 redirects
4	fonts.gstatic.com	fonts.googleapis.com
4	ng2.virgul.com	ye-mek.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	cms.quantserve.com	2 redirects 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
3	fonts.googleapis.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
2	portal.o2online.de
2	c1.adform.net	2 redirects
2	image6.pubmatic.com	2 redirects
2	ap.lijit.com	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	s.tribalfusion.com
2	a.tribalfusion.com	2 redirects
2	dclk-match.dotomi.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
2	eb2.3lift.com	2 redirects
2	www.gstatic.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	ye-mek.net	www.cloakan.co ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	ups.analytics.yahoo.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
1	gcm.ctnsnet.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	rtb.openx.net	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
1	dsp.adfarm1.adition.com	1 redirects
1	um.simpli.fi	1 redirects
1	r.turn.com
1	ad.turn.com	1 redirects
1	m.exactag.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
1	ssbsync.smartadserver.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
1	dis.criteo.com	8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
1	p.rfihub.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	imasdk.googleapis.com	c1.imgiz.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
318	60

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-08` - `2023-07-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
portal.o2online.de E1	`2023-05-25` - `2023-08-23`	3 months	crt.sh

This page contains 34 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Frame ID: C3AD585A3A68DA526113DFB05BE8D25A
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 7722BDD2022307D3761A855A36C9EE90
Requests: 91 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: EE267A36E84B7CA7B40E1AAE861737D4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html
Frame ID: ED6E37352B7138B926B1D8818F7B3EC2
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 0FE78371730BF4AFF3541FA912135592
Requests: 1 HTTP requests in this frame

Frame: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 0FE56F8E2AF6115B021768107B601B18
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127458451&bpp=4&bdt=694&idt=224&shv=r20230627&mjsv=m202306210101&ptt=9&saldr=aa&nras=1&correlator=3964987613545&frm=24&ife=1&pv=2&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C44788441&oid=2&pvsid=50675476267560&tmod=1666243786&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.2ohk4hm8ne5n&fsb=1&dtd=238
Frame ID: 9213FD0A9A692C3559BAB06B44ACB195
Requests: 1 HTTP requests in this frame

Frame: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 4D7597C0EDA5F4401BBD51ECD5840A3B
Requests: 13 HTTP requests in this frame

Frame: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 0006BB5BE08584A72BE4F76F042AA211
Requests: 13 HTTP requests in this frame

Frame: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: F5A7DD246D4FE5459FF60D141933AB8B
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js
Frame ID: 2F3A6892F3971B2FB72B1E5BEF99D643
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 39897363AE588EEFB16735FE0EF100FC
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjfobXcATAB&v=APEucNW8eq-eVIvglC6eZXq6Rv4Lj1V2PslZXNnZkAFN3bRuJYm32LpYKHU8ZqKPccjbXQmiL5am8PnmncihfyjGO8ZqJKu9mU6XfDWsqqRF_Z-3qIp1VKFXDpwYF4m0YS47q2hk1gdrYKMkQF1sdMd4iPugHa6DpYs8yHZWl85hNuFrfd96CSQ
Frame ID: C87B338221CB2D72430904A4BFB933C0
Requests: 5 HTTP requests in this frame

Frame: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 4B8A1AAEDE2A23B66587C30159B05093
Requests: 20 HTTP requests in this frame

Frame: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5DCFD273546F2FDD8BCC65C2F742AD58
Requests: 21 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/032306202201000/amp4ads-v0.mjs
Frame ID: 4AE3414954854E2AD82B9282FA915099
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNW5hvRFjqU1Qc5TV2XnVOyLPHbLLa-yxvDWQz9g1dg0gWLoSSWyLkUh0sLPUE4K_ITNyTUGP9smEUjJZa79QsPmWwzoQzC2PjkCfvQVyHqtOgvp0tJNmJKpQSkwyabiLggPiq6Q44RgLZpCGY7ipvlOXG0z968PFsdvZyperb4ghrGQbtw
Frame ID: 51A1ABD5BCB820C11D11AC9AA30CBBCC
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYqYLo4gEwAQ&v=APEucNWw9ojrMJBAIyWBvYW80WHsiDWc32veOTllXB6bJ2WLjraTDVMAYk-a7fV2BpUWA45q4TDeisaersfzyiWVCx-eIUjfOPz6NO1HItB9is2SWDYKYfQMBEdO7_IKY5cQXPREZgaJqz1WrtNod9EwgZOZoD2KCZOvMNU6gy4S1iRLWLSbEA4
Frame ID: 1EBCC4A72105E3C7FB455ED43C56BC84
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 946DB149111967F85EDEFE6EDB0F32D6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3C5C23A7117C0EE37B90E9D0139226D2
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js
Frame ID: 3EAAC7EB22523B9B76FDA1A30914FC65
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs
Frame ID: 3BB8FB24E445936E52B919C4A2492886
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 659A78EA4AF93AC56B1BFB3687B794F1
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 69092C964A0314841D02D7DAE1F2DA3D
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9917C1DAA53B3183A7DA925AB8A8F331
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
Frame ID: 7DBA90475670F1FBFFA3DB3ADDBEDBCE
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4848942016CEF8D98563EEE1D4795592
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250
Frame ID: 982180654F919572DA91E73C780B3ED8
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
Frame ID: 3D259A7E08A38C9946150018B6827BE1
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FD7258F0397999B017C351314EB24F18
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C8EFFF563B3EF15FC6CCB30A3B896A39
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js
Frame ID: 8F5A4C85C85BC70290E329D2A8079E5C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js
Frame ID: B876FDF7823020A049F72F50C6D54FA6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js
Frame ID: 4174910ED8DC9BB3489356A0609C14C2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

318
Requests

90 %
HTTPS

39 %
IPv6

44
Domains

60
Subdomains

45
IPs

9
Countries

4304 kB
Transfer

9721 kB
Size

32
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 130

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECQr8kzy_pqkV7PBt_uLllE&google_cver=1

Request Chain 131

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7H4xSCMbGfoMyiTJ6XdgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

Request Chain 132

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDamK05diQWJr6R0UFhPr50&google_cver=1

Request Chain 133

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D

Request Chain 166

https://ads.travelaudience.com/google_pixel?google_gid=CAESEOLrlyiTbHmO-dmw57N3BS4&google_cver=1&google_push=AaAOQGFEPWbuSKPy7xMKQP8jY4rVHl641yk7yhKuUwjrDMp8cmJKYLClKOQFwf1zKIdIqajxEqNMR76kR4ROr2_WONa3TgRER3lPpIuzsoWSzbYqm8IK23Ny9t2gHhQT-TUvvNqpL026L14 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=jx3VLdXNQ8eu8a3r9939oQ2&google_push=AaAOQGFEPWbuSKPy7xMKQP8jY4rVHl641yk7yhKuUwjrDMp8cmJKYLClKOQFwf1zKIdIqajxEqNMR76kR4ROr2_WONa3TgRER3lPpIuzsoWSzbYqm8IK23Ny9t2gHhQT-TUvvNqpL026L14

Request Chain 167

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEA-V3gq7bAp9O74UGCdVdyQ&google_cver=1&google_push=AaAOQGEBhvri9tn5mItLlgbHGbWu6yTRpEmo83XtazAxEC2XkEdENbJnbiRkeRtnAAuSYA-EuINftJwc_XeB3OpD_-f2tcxeHwbPl489LFJeLIwJbAub84guectXA0ZvWdgvUWhc9jZJ1xw HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEA-V3gq7bAp9O74UGCdVdyQ&google_cver=1&google_push=AaAOQGEBhvri9tn5mItLlgbHGbWu6yTRpEmo83XtazAxEC2XkEdENbJnbiRkeRtnAAuSYA-EuINftJwc_XeB3OpD_-f2tcxeHwbPl489LFJeLIwJbAub84guectXA0ZvWdgvUWhc9jZJ1xw HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=5140084925901389052&expires=30&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEBhvri9tn5mItLlgbHGbWu6yTRpEmo83XtazAxEC2XkEdENbJnbiRkeRtnAAuSYA-EuINftJwc_XeB3OpD_-f2tcxeHwbPl489LFJeLIwJbAub84guectXA0ZvWdgvUWhc9jZJ1xw&google_hm=5YfdcoMiR_es79GZASgK0w==

Request Chain 169

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESECd6saKIxW2pD67CigYnwgw&google_cver=1&google_push=AaAOQGHvJBjZYB5bgfgfqWmr1Axs7bs_XbyicPc7XNfRi8Gs1X9SfV2Pns9FgvsouSs8yAkMwAkG1hHs0fzVj8_YrYQJEmD8M6CpvbiGEoHJTAnzpD37-2fTSafjwhlqOV2uxLD70j7oAQ HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGHvJBjZYB5bgfgfqWmr1Axs7bs_XbyicPc7XNfRi8Gs1X9SfV2Pns9FgvsouSs8yAkMwAkG1hHs0fzVj8_YrYQJEmD8M6CpvbiGEoHJTAnzpD37-2fTSafjwhlqOV2uxLD70j7oAQ&google_gid=CAESECd6saKIxW2pD67CigYnwgw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY2NTQ2NDg2NTkxNjUzNDkxMjQw&google_push=AaAOQGHvJBjZYB5bgfgfqWmr1Axs7bs_XbyicPc7XNfRi8Gs1X9SfV2Pns9FgvsouSs8yAkMwAkG1hHs0fzVj8_YrYQJEmD8M6CpvbiGEoHJTAnzpD37-2fTSafjwhlqOV2uxLD70j7oAQ

Request Chain 170

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEBGW4ivfJ3LGvb8QdoQb0ik&google_cver=1&google_push=AaAOQGEW71GH0AmaVX2i4_4NDpgEniqdZGx_9zATAFLDqUXUi1mzz1h-z6fz48M6XUW4UfqZzGSRptG3ttK9mC-j2bsL2aKr8Bkv3sxZNkvlzQNWnyep3EJMOBhyu2veC3JngNrUL2fjTBJP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEW71GH0AmaVX2i4_4NDpgEniqdZGx_9zATAFLDqUXUi1mzz1h-z6fz48M6XUW4UfqZzGSRptG3ttK9mC-j2bsL2aKr8Bkv3sxZNkvlzQNWnyep3EJMOBhyu2veC3JngNrUL2fjTBJP HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 171

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESECWEMR2BLYvjQdZmsGyUtgc&google_cver=1&google_push=AaAOQGGxai9Jb5JZkSvNfiAUp4MnPNEs4HIwPJhRu-w4ZZgAN2lK3l6gthqv-uF8JPTI0NIXR7rTvY3Tb3rs-j7l2BWITuGWkiFDCrfxjsdOroox-f2EXLB39IbnX1v9kMuYqHfKk_hY02ic HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESECWEMR2BLYvjQdZmsGyUtgc&google_cver=1&google_push=AaAOQGGxai9Jb5JZkSvNfiAUp4MnPNEs4HIwPJhRu-w4ZZgAN2lK3l6gthqv-uF8JPTI0NIXR7rTvY3Tb3rs-j7l2BWITuGWkiFDCrfxjsdOroox-f2EXLB39IbnX1v9kMuYqHfKk_hY02ic HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e587dd72-8322-47f7-acef-d19901280ad3&%%GOOGLE_PUSH_PAIR%%

Request Chain 180

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

Request Chain 181

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7H4xSCMbGfoMyiTJ6XdgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

Request Chain 182

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMT0waHzibZ2Ia42qUr39Ss&google_cver=1

Request Chain 183

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D

Request Chain 184

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

Request Chain 185

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7H4xSCMbGfoMyiTJ6XdgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

Request Chain 186

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMT0waHzibZ2Ia42qUr39Ss&google_cver=1

Request Chain 187

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D

Request Chain 234

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBYis11Vqv4_nj3hyoDuouk&google_cver=1&google_push=AaAOQGEAB9SWgjSRXsvoDDBG1pVDBibvDZncR5sX3DDU5ouI5rVEjOhb3T9VcTtKZNreJ981hVwAPaVBjicGjcR_fTSYYOiJg4iU HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGEAB9SWgjSRXsvoDDBG1pVDBibvDZncR5sX3DDU5ouI5rVEjOhb3T9VcTtKZNreJ981hVwAPaVBjicGjcR_fTSYYOiJg4iU&google_hm=WlpNCCBW-vXcyn--epFUHw

Request Chain 236

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHxxNm40B05RAo-TPuCKRVk&google_cver=1&google_push=AaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3ib&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3ib%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHxxNm40B05RAo-TPuCKRVk&google_cver=1&google_push=AaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3ib&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3ib%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 237

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGdZZM-OnRtEdvI4LlhI1hU&google_cver=1&google_push=AaAOQGHFTLzT5X6iF6ntuEJ1plBrpRVImE7vH2d4FXAqdquSG41JI8Sibuo__k9gpostj_KvjlKzY15K6haBVCv7g-80www31YM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpJSkk0U1ctMUstNjBRSA==&google_push=AaAOQGHFTLzT5X6iF6ntuEJ1plBrpRVImE7vH2d4FXAqdquSG41JI8Sibuo__k9gpostj_KvjlKzY15K6haBVCv7g-80www31YM

Request Chain 238

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOhutd-K4D_tNl1XTc13bZs&google_cver=1&google_push=AaAOQGE2KWm5lZbmwUE9YRMgHUsSwjfJpi3SF5OweEqgv9p6MKEnTVb6Dl1amldbrOY7AYmnIYmvHEr2OAmhBmHJxqdCrnSpXWw HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOhutd-K4D_tNl1XTc13bZs&google_cver=1&google_push=AaAOQGE2KWm5lZbmwUE9YRMgHUsSwjfJpi3SF5OweEqgv9p6MKEnTVb6Dl1amldbrOY7AYmnIYmvHEr2OAmhBmHJxqdCrnSpXWw&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGE2KWm5lZbmwUE9YRMgHUsSwjfJpi3SF5OweEqgv9p6MKEnTVb6Dl1amldbrOY7AYmnIYmvHEr2OAmhBmHJxqdCrnSpXWw&google_hm=G5vhvGZHmse5RpfQR42eiKbw

Request Chain 239

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMIATPErFKnFmOVEzUq98qo&google_cver=1&google_push=AaAOQGGvCBeJg8vhCVxb5C_wKbjQ_DUUMtNXItZ1Aac98Y1EteHAXYTLysmCypYmFSyUvZhncvsiPPPEix5T8jCGOGctolNfMMY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGvCBeJg8vhCVxb5C_wKbjQ_DUUMtNXItZ1Aac98Y1EteHAXYTLysmCypYmFSyUvZhncvsiPPPEix5T8jCGOGctolNfMMY

Request Chain 249

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEEsQ_orFYe-RiV4MtyrTCZI&google_cver=1&google_push=AaAOQGGbTrrgOqjVFM8XY9qpmCd94orcEb8Q3qgPDz_ynJH9K48Iv6U9AJSDj1PZ-MQ-kUq1vC6bdyWCIaa_BydeIKRqjvs-9-Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzkxMTEzMzc4MDE2NTAwNDA0OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKBOs3V2hnb_GhRZTxVNV20&google_cver=1

Request Chain 250

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGx_J1jdWIUdwzuA_IgwikY&google_cver=1&google_push=AaAOQGFzwBSPWpdVmhMb21sP0sqcqeKX72BI_7i3GWao6ihNo3wvGD7pnl6L3jriLkfTpk2-VN9TzbiCXiEGdBrRxAXr600FV52h HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGFzwBSPWpdVmhMb21sP0sqcqeKX72BI_7i3GWao6ihNo3wvGD7pnl6L3jriLkfTpk2-VN9TzbiCXiEGdBrRxAXr600FV52h&google_hm=WlpNCCBW-vXcyn--epFUHw

Request Chain 251

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJIIhqJLlCOeQRvwwpu3c0k&google_cver=1&google_push=AaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vdy&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vdy%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJIIhqJLlCOeQRvwwpu3c0k&google_cver=1&google_push=AaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vdy&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vdy%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 252

https://um.simpli.fi/gp_match?google_gid=CAESEHQvoZ4sO2-d2Y0wH83O9ZQ&google_cver=1&google_push=AaAOQGEm-BPw2X2BlS0ONvtyFj3kWpPMfePU8eeRvOQJ42fyCMwipOTJ3IzhJte5AvFG39cMp3drvBDmqA9Th3w19QPfo2tOFs0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0497EC7F591340419E30080902E48845&google_push=AaAOQGEm-BPw2X2BlS0ONvtyFj3kWpPMfePU8eeRvOQJ42fyCMwipOTJ3IzhJte5AvFG39cMp3drvBDmqA9Th3w19QPfo2tOFs0

Request Chain 253

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESECyV7o-qP8jNjCoy4x_nbv8&google_cver=1&google_push=AaAOQGEVmj6sMkevV1j4DhXLT_r6suZxKWaPRqTeRqacMVVfDOBmvBy63ZpvinAFbhRm0zzYuMYxkwEmw08dLl_MxDlmZc3l-1s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDQ1MjIzMjE5NDY4NTA3Ng%3D%3D&google_push=AaAOQGEVmj6sMkevV1j4DhXLT_r6suZxKWaPRqTeRqacMVVfDOBmvBy63ZpvinAFbhRm0zzYuMYxkwEmw08dLl_MxDlmZc3l-1s

Request Chain 255

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENiSZG540WH-XVOO9ziD8Bw&google_cver=1&google_push=AaAOQGFHYVsja2PMoSzdsXQpmJnl2R1sEJGYJChRpIR40rS-WeVY_020iePEWHMn00XNF0NUoAP_3IXD_vUr7AqXG-PSdRWQ1tIl HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENiSZG540WH-XVOO9ziD8Bw&google_cver=1&google_push=AaAOQGFHYVsja2PMoSzdsXQpmJnl2R1sEJGYJChRpIR40rS-WeVY_020iePEWHMn00XNF0NUoAP_3IXD_vUr7AqXG-PSdRWQ1tIl&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wbvuY92-TayX2hlwA7VLqQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGFHYVsja2PMoSzdsXQpmJnl2R1sEJGYJChRpIR40rS-WeVY_020iePEWHMn00XNF0NUoAP_3IXD_vUr7AqXG-PSdRWQ1tIl

Request Chain 260

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESENkh8s4czCe5RhlTTxdrCHA&google_cver=1&google_push=AaAOQGGpBNWOrjRw4De8Yd90Y0yiHlfE3FdtTGNVgCA4EIqioPmZ7JoTrYLs_uUmHDajhWOG9XUVv9Hqzw4IbLKe0u1POBxMmWZDvZSjJqlRY5EXYMYp8zfEl1z-m5x8GwF94tPgoyquXO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESENkh8s4czCe5RhlTTxdrCHA&google_push=AaAOQGGpBNWOrjRw4De8Yd90Y0yiHlfE3FdtTGNVgCA4EIqioPmZ7JoTrYLs_uUmHDajhWOG9XUVv9Hqzw4IbLKe0u1POBxMmWZDvZSjJqlRY5EXYMYp8zfEl1z-m5x8GwF94tPgoyquXO4

Request Chain 261

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEEGxCaYYSXjzXFk5jVPlEK0&google_cver=1&google_push=AaAOQGEJqTWVQ818JToPJsIwxhlL0xJGvPswuLVMynmsS1o8MDFIi7XlH08SW5CdbynEFjBAsVPsYYrzaZEFSwWTP5F2Yd-MIA1TYsmvqM65JfqFzhRzgVJ351GaHQ20VvEF7bphOPtz0lT0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEJqTWVQ818JToPJsIwxhlL0xJGvPswuLVMynmsS1o8MDFIi7XlH08SW5CdbynEFjBAsVPsYYrzaZEFSwWTP5F2Yd-MIA1TYsmvqM65JfqFzhRzgVJ351GaHQ20VvEF7bphOPtz0lT0&google_hm=sFkCXbUFQRa7KZY_lJgh4bc

Request Chain 262

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFlYjk0WjR4GdvEIS-cTkhs&google_cver=1&google_push=AaAOQGEa0e5SsJrvRRuWhhj8Mn5Uu7woqO2XbUUQBWy0xYxlUkdE6fV89xo93JaSSa7giBjO14BoZf470Rmli_ZrpXQ-be-5uETwqJdIT2Lu9LZU8JWzKWMZFr0IIBv11P2K9CFq9U6BFto HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFlYjk0WjR4GdvEIS-cTkhs&google_cver=1&google_push=AaAOQGEa0e5SsJrvRRuWhhj8Mn5Uu7woqO2XbUUQBWy0xYxlUkdE6fV89xo93JaSSa7giBjO14BoZf470Rmli_ZrpXQ-be-5uETwqJdIT2Lu9LZU8JWzKWMZFr0IIBv11P2K9CFq9U6BFto HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjQ3MDk5NTU4NTAzMjIwNTg1Mw&google_push=AaAOQGEa0e5SsJrvRRuWhhj8Mn5Uu7woqO2XbUUQBWy0xYxlUkdE6fV89xo93JaSSa7giBjO14BoZf470Rmli_ZrpXQ-be-5uETwqJdIT2Lu9LZU8JWzKWMZFr0IIBv11P2K9CFq9U6BFto

Request Chain 263

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMIshDCJetYdUaQPDnYizPw&google_cver=1&google_push=AaAOQGGO-R375D7Ksyamb1WIFzVWr9113ciH5osTycZQ2BjRG6kuiSApSCcIjYaoDqyl_iBEytYnBuSvEC3_DF4x-COVZ3msoh3aW9YqFbs8taMRBeE1LAW1uGItC41JcUKSmo5yfUGA4cw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpJSkk0VUctMTAtSUM2VQ==&google_push=AaAOQGGO-R375D7Ksyamb1WIFzVWr9113ciH5osTycZQ2BjRG6kuiSApSCcIjYaoDqyl_iBEytYnBuSvEC3_DF4x-COVZ3msoh3aW9YqFbs8taMRBeE1LAW1uGItC41JcUKSmo5yfUGA4cw

Request Chain 264

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEP7EwT_Bzg_VoSkshZeUg8&google_cver=1&google_push=AaAOQGGaE_-dBkdAB35MSNgSzmpYEcEEsLrHOlJEvanAQx3r3YW88m2UA1yNwSFkEN01O6DKUGQvj5ALDNEK3blr8AFsv8a4h-8pFiumkKXs06hwu272WxO1f2Diai3nkWfm-i4YZ9HGoMIk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGaE_-dBkdAB35MSNgSzmpYEcEEsLrHOlJEvanAQx3r3YW88m2UA1yNwSFkEN01O6DKUGQvj5ALDNEK3blr8AFsv8a4h-8pFiumkKXs06hwu272WxO1f2Diai3nkWfm-i4YZ9HGoMIk

318 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x6uf5z9e3262.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 453ms
112ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1324
Content-MD5: XPHdOVCmWyxrVVstkB9xGw==
Content-Type: text/html
Date: Fri, 30 Jun 2023 12:17:36 GMT
ETag: 0x8DB5ED08476F0C5
Last-Modified: Sat, 27 May 2023 16:36:27 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e0b45544-901e-005e-114c-aba9ed000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 108ms
108ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: e0b455d0-901e-005e-124c-aba9ed000000
Date: Fri, 30 Jun 2023 12:17:36 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 338ms
108ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 30 Jun 2023 12:17:36 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: e0b456b3-901e-005e-554c-aba9ed000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 228ms
119ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 30 Jun 2023 12:17:36 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: e0b45630-901e-005e-684c-aba9ed000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 402ms
147ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x6uf5z9e3262
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:35 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 300ms
152ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:36 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 7722 76 KB
76 KB 184ms
65ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f708629593939b0ad37b651e8eab6bd370300201838c33d0129ac447b29398ab

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 77807
content-type: text/html; charset=utf-8
date: Fri, 30 Jun 2023 12:17:37 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 7722 90 KB
91 KB 79ms
20ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 18:18:28 GMT
x-content-type-options: nosniff
age: 583149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92629
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Jun 2024 18:18:28 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 7722 10 KB
2 KB 104ms
104ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 30 Jun 2023 12:17:37 GMT
content-encoding: gzip
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2352

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 7722 40 KB
12 KB 129ms
40ms Stylesheet
text/css 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 6318004
x-accel-date: 1681809453
x-77-nzt: AcO1qhGc53r/tGdgAA
x-accel-expires: @1713345453
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64e6a4be32
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 7722 233 KB
82 KB 155ms
35ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6B70JBQEWN

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7c6b019131e06a004b9e446fb887e97e5f14815e3cd3beed8a9261a2fdfd46e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83405
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 30 Jun 2023 12:17:38 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 7722 542 B
895 B 31ms
31ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6318069
x-accel-date: 1681809388
content-length: 542
x-77-nzt: AcO1qhERbCv/9WdgAA
x-accel-expires: @1713345388
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64712bae35
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 7722 2 KB
2 KB 36ms
30ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6318004
x-accel-date: 1681809453
content-length: 1651
x-77-nzt: AcO1qhHcQRH/tGdgAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64ca021236
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soguk-kahve-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 7722 10 KB
10 KB 43ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/soguk-kahve-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 66f57830eba3793b6d407a90dc0636b5e5e028f466bec6045ebc0813acaf7afa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 52958
x-accel-date: 1688074499
content-length: 9818
x-77-nzt: AcO1qhH6zWj/3s4AAA
x-accel-expires: @1719610499
last-modified: Thu, 29 Jun 2023 21:14:19 GMT
server: CDN77-Turbo
etag: "649df42b-265a"
x-77-nzt-ray: 4c1562249ee27c5be1c79e6452561736
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mangal-icin-et-marinesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 7722 14 KB
15 KB 55ms
49ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/mangal-icin-et-marinesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6501e50ffffdc89ec56c93111f32c70f697610d4af971fb38ae964b5824c7eb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 136503
x-accel-date: 1687990954
content-length: 14815
x-77-nzt: AcO1qhEYmdz/NxUCAA
x-accel-expires: @1719526954
last-modified: Wed, 28 Jun 2023 22:12:14 GMT
server: CDN77-Turbo
etag: "649cb03e-39df"
x-77-nzt-ray: 4c1562249ee27c5be1c79e648f162536
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 7722 15 KB
16 KB 70ms
64ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 224985
x-accel-date: 1687902472
content-length: 15738
x-77-nzt: AcO1qhFFBID/2W4DAA
x-accel-expires: @1719438472
last-modified: Tue, 27 Jun 2023 21:35:10 GMT
server: CDN77-Turbo
etag: "649b560e-3d7a"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64e22e2936
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 7722 13 KB
14 KB 80ms
74ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 312774
x-accel-date: 1687814683
content-length: 13665
x-77-nzt: AcO1qhFhZYz/xsUEAA
x-accel-expires: @1719350683
last-modified: Mon, 26 Jun 2023 15:19:38 GMT
server: CDN77-Turbo
etag: "6499ac8a-3561"
x-77-nzt-ray: 4c1562249ee27c5be1c79e642b4e2d36
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 7722 15 KB
16 KB 81ms
76ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 2471579
x-accel-date: 1685655878
content-length: 15552
x-77-nzt: AcO1qhFJY27/m7YlAA
x-accel-expires: @1717191878
last-modified: Thu, 01 Jun 2023 21:24:53 GMT
server: CDN77-Turbo
etag: "64790ca5-3cc0"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64fb2d3236
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hunkar-begendi-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/03/ Frame 7722 12 KB
13 KB 82ms
76ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/03/hunkar-begendi-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ca52a0eec13c48696bf05cbe5e76a0b67c73967c1f8825cfe4b733e24a775580

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6315616
x-accel-date: 1681811841
content-length: 12532
x-77-nzt: AcO1qhFSt/3/YF5gAA
x-accel-expires: @1713347841
last-modified: Wed, 01 May 2019 23:32:05 GMT
server: CDN77-Turbo
etag: "5cca2c75-30f4"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64eb0d3536
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 macar-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame 7722 14 KB
15 KB 82ms
76ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/macar-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 68bbcab002cfe978fe70454b240f442046de6170bdef247b98f4819f1e7f2417

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6318016
x-accel-date: 1681809441
content-length: 14810
x-77-nzt: AcO1qhFS0sj/wGdgAA
x-accel-expires: @1713345441
last-modified: Fri, 24 Apr 2020 23:44:43 GMT
server: CDN77-Turbo
etag: "5ea379eb-39da"
x-77-nzt-ray: 4c1562249ee27c5be1c79e648f3f3736
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame 7722 16 KB
16 KB 102ms
97ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317145
x-accel-date: 1681810312
content-length: 16490
x-77-nzt: AcO1qhG4baz/WWRgAA
x-accel-expires: @1713346312
last-modified: Thu, 29 Apr 2021 23:52:25 GMT
server: CDN77-Turbo
etag: "608b46b9-406a"
x-77-nzt-ray: 4c1562249ee27c5be1c79e6412eb8337
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 toyga-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/03/ Frame 7722 13 KB
13 KB 103ms
97ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/03/toyga-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 147c0a445950fa29f9fc3784910f112bdc6dc232412915e1162da9e7ea36ad51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317968
x-accel-date: 1681809489
content-length: 13360
x-77-nzt: AcO1qhHw7iD/kGdgAA
x-accel-expires: @1713345489
last-modified: Wed, 01 May 2019 23:45:46 GMT
server: CDN77-Turbo
etag: "5cca2faa-3430"
x-77-nzt-ray: 4c1562249ee27c5be1c79e640ac08737
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 samsira-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/10/ Frame 7722 13 KB
13 KB 103ms
98ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/10/samsira-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8206b7cb4977df1646b35835886cc5ad752365263197f15f0581d41c3751aa0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6314053
x-accel-date: 1681813404
content-length: 13330
x-77-nzt: AcO1qhHa+bv/RVhgAA
x-accel-expires: @1713349404
last-modified: Mon, 28 Oct 2019 22:24:00 GMT
server: CDN77-Turbo
etag: "5db76a80-3412"
x-77-nzt-ray: 4c1562249ee27c5be1c79e6490178a37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karmaca-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame 7722 15 KB
16 KB 103ms
98ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/karmaca-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317909
x-accel-date: 1681809548
content-length: 15740
x-77-nzt: AcO1qhEmNuT/VWdgAA
x-accel-expires: @1713345548
last-modified: Mon, 15 Nov 2021 22:38:31 GMT
server: CDN77-Turbo
etag: "6192e167-3d7c"
x-77-nzt-ray: 4c1562249ee27c5be1c79e645dac8c37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cerkez-pilavi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame 7722 16 KB
16 KB 103ms
98ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/cerkez-pilavi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317988
x-accel-date: 1681809469
content-length: 16373
x-77-nzt: AcO1qhHZ+Gn/pGdgAA
x-accel-expires: @1713345469
last-modified: Tue, 11 Apr 2023 16:32:39 GMT
server: CDN77-Turbo
etag: "64358ba7-3ff5"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64ca238f37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-orman-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/05/ Frame 7722 12 KB
12 KB 103ms
98ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/05/firinda-orman-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5544013c9c882cd032a4ed06f6f8338f6fce934e82311a1267f59b5e717c4c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6314365
x-accel-date: 1681813092
content-length: 12058
x-77-nzt: AcO1qhEHHzr/fVlgAA
x-accel-expires: @1713349092
last-modified: Wed, 01 May 2019 23:34:49 GMT
server: CDN77-Turbo
etag: "5cca2d19-2f1a"
x-77-nzt-ray: 4c1562249ee27c5be1c79e6452389437
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 isvec-koftesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame 7722 12 KB
12 KB 103ms
98ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/isvec-koftesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 64af7a328ead4e6e3e77587ae81c88a4156eea6f476df565496f8f46d89d255f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317464
x-accel-date: 1681809993
content-length: 12325
x-77-nzt: AcO1qhHb+hD/mGVgAA
x-accel-expires: @1713345993
last-modified: Fri, 09 Oct 2020 23:18:38 GMT
server: CDN77-Turbo
etag: "5f80efce-3025"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64f2c49637
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sultan-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/08/ Frame 7722 13 KB
14 KB 103ms
98ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/08/sultan-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317130
x-accel-date: 1681810327
content-length: 13608
x-77-nzt: AcO1qhGHuBn/SmRgAA
x-accel-expires: @1713346327
last-modified: Wed, 01 May 2019 22:27:29 GMT
server: CDN77-Turbo
etag: "5cca1d51-3528"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64db199937
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kofteli-sehzade-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/05/ Frame 7722 15 KB
15 KB 103ms
99ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/05/kofteli-sehzade-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 93877a4648f07d0a209913c6a05dcdc1810fe91fb41c96320aea06de80b708c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317144
x-accel-date: 1681810313
content-length: 15437
x-77-nzt: AcO1qhECPez/WGRgAA
x-accel-expires: @1713346313
last-modified: Fri, 30 Apr 2021 23:49:24 GMT
server: CDN77-Turbo
etag: "608c9784-3c4d"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64055c9b37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantar-soslu-tavuk-bonfile-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame 7722 12 KB
13 KB 103ms
99ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/mantar-soslu-tavuk-bonfile-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e47fe684eeb5978f6c7437edacdbe8f33a60d89a68403c3e58c0128bfe36a52d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 261142
x-accel-date: 1687866315
content-length: 12780
x-77-nzt: AcO1qhFjjkz/FvwDAA
x-accel-expires: @1719402315
last-modified: Mon, 27 Dec 2021 23:35:26 GMT
server: CDN77-Turbo
etag: "61ca4dbe-31ec"
x-77-nzt-ray: 4c1562249ee27c5be1c79e6450729e37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-but-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame 7722 17 KB
17 KB 103ms
99ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/firinda-tavuk-but-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 96aa3667db041dd0f9351d85ca19b7485bf1dad1832ae2099c65cd5a11841275

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317691
x-accel-date: 1681809766
content-length: 17402
x-77-nzt: AcO1qhEfUMb/e2ZgAA
x-accel-expires: @1713345766
last-modified: Tue, 09 Nov 2021 21:00:38 GMT
server: CDN77-Turbo
etag: "618ae176-43fa"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64bceca037
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-fajita-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/04/ Frame 7722 12 KB
12 KB 103ms
99ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/04/tavuk-fajita-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d966ecd46380ed5fdc36aadcd4b5a4bbd65ba852833ce5e834a4e37380ac9535

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6313312
x-accel-date: 1681814145
content-length: 12005
x-77-nzt: AcO1qhGLRCf/YFVgAA
x-accel-expires: @1713350145
last-modified: Wed, 01 May 2019 23:32:42 GMT
server: CDN77-Turbo
etag: "5cca2c9a-2ee5"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64e8eca237
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soya-soslu-tavuk-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame 7722 14 KB
15 KB 103ms
99ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/soya-soslu-tavuk-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5061ede8e14dd075136fdcf6a3879f4b42a692eeaa605e2c5aa5f354e753fa61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6316830
x-accel-date: 1681810627
content-length: 14545
x-77-nzt: AcO1qhHwBBz/HmNgAA
x-accel-expires: @1713346627
last-modified: Wed, 16 Feb 2022 22:31:56 GMT
server: CDN77-Turbo
etag: "620d7b5c-38d1"
x-77-nzt-ray: 4c1562249ee27c5be1c79e6429f3a437
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 zeytinyagli-havuclu-taze-fasulye-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/09/ Frame 7722 14 KB
14 KB 104ms
100ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/09/zeytinyagli-havuclu-taze-fasulye-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 372e646203759b4bf2ddab1f01469d03dd8bc920f187a3a09bb316f4edf6d604

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6314943
x-accel-date: 1681812514
content-length: 14135
x-77-nzt: AcO1qhFiP4H/v1tgAA
x-accel-expires: @1713348514
last-modified: Sat, 11 Sep 2021 20:22:26 GMT
server: CDN77-Turbo
etag: "613d1002-3737"
x-77-nzt-ray: 4c1562249ee27c5be1c79e649521a737
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-misir-unlu-patates-kizartmasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/12/ Frame 7722 13 KB
13 KB 104ms
100ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/12/firinda-misir-unlu-patates-kizartmasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3be63679d6ca5fd205bdbc6dc4e6caf8d376a09decaea16226da1bae6d24fad6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317487
x-accel-date: 1681809970
content-length: 12804
x-77-nzt: AcO1qhEoz5v/r2VgAA
x-accel-expires: @1713345970
last-modified: Wed, 01 May 2019 23:43:18 GMT
server: CDN77-Turbo
etag: "5cca2f16-3204"
x-77-nzt-ray: 4c1562249ee27c5be1c79e646d79a937
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kasarli-karnabahar-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame 7722 15 KB
15 KB 104ms
100ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/kasarli-karnabahar-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a9e0c3f2f8aa72179351f0b5edcde6cfcf708285785c4a358331e05da8bff5a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317500
x-accel-date: 1681809957
content-length: 14949
x-77-nzt: AcO1qhFuJ9z/vGVgAA
x-accel-expires: @1713345957
last-modified: Wed, 09 Dec 2020 00:07:17 GMT
server: CDN77-Turbo
etag: "5fd01535-3a65"
x-77-nzt-ray: 4c1562249ee27c5be1c79e642c70ab37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-besamel-soslu-kiymali-karnabahar-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/01/ Frame 7722 13 KB
13 KB 104ms
100ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/01/firinda-besamel-soslu-kiymali-karnabahar-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 385b19d8c7f7bedac5169d996fa57206b3a35b608518dfd0aa4669f7d3a7b7de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317500
x-accel-date: 1681809957
content-length: 12867
x-77-nzt: AcO1qhF4Fw7/vGVgAA
x-accel-expires: @1713345957
last-modified: Wed, 01 May 2019 22:53:33 GMT
server: CDN77-Turbo
etag: "5cca236d-3243"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64fa9aad37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-ezogelin-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/05/ Frame 7722 12 KB
12 KB 104ms
100ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/05/lokanta-usulu-ezogelin-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1a6d6ecc5afe8b370681181e0077b6c838310f74f8473a1f36527577d5a1fab7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317691
x-accel-date: 1681809766
content-length: 11911
x-77-nzt: AcO1qhHf/7L/e2ZgAA
x-accel-expires: @1713345766
last-modified: Wed, 01 May 2019 22:58:45 GMT
server: CDN77-Turbo
etag: "5cca24a5-2e87"
x-77-nzt-ray: 4c1562249ee27c5be1c79e6443aeaf37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 muradiye-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/04/ Frame 7722 11 KB
11 KB 104ms
100ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/04/muradiye-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 43204d58f6a24cdd36d594f28e4dc0f9ab0f5ad29b4a166bb6d5f3c16756636f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317907
x-accel-date: 1681809550
content-length: 11241
x-77-nzt: AcO1qhGKlLr/U2dgAA
x-accel-expires: @1713345550
last-modified: Wed, 01 May 2019 23:47:00 GMT
server: CDN77-Turbo
etag: "5cca2ff4-2be9"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64b06ab137
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 korili-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame 7722 11 KB
11 KB 104ms
101ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/korili-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 51571e6e49d9d1243db244dd3bb1790047c7b566dabc9400564dd7f74432ffc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317222
x-accel-date: 1681810235
content-length: 11094
x-77-nzt: AcO1qhHzBcj/pmRgAA
x-accel-expires: @1713346235
last-modified: Sun, 19 Dec 2021 23:06:47 GMT
server: CDN77-Turbo
etag: "61bfbb07-2b56"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64bc26b337
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hidiv-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame 7722 11 KB
12 KB 104ms
101ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/hidiv-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 842c88bbde71118e56fc313dbe3ad3d9e5dd9b3b9913960838734a29e5982b7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317041
x-accel-date: 1681810416
content-length: 11592
x-77-nzt: AcO1qhG2err/8WNgAA
x-accel-expires: @1713346416
last-modified: Wed, 22 Feb 2023 19:26:52 GMT
server: CDN77-Turbo
etag: "63f66c7c-2d48"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64102ab537
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sade-un-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame 7722 9 KB
10 KB 104ms
101ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/sade-un-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cb70a0b5ac2b1a8d8e5f0e0b91b99d95723392847800eb91f42673794ce38e5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 254162
x-accel-date: 1687873295
content-length: 9502
x-77-nzt: AcO1qhFWHrb/0uADAA
x-accel-expires: @1719409295
last-modified: Wed, 12 Feb 2020 21:37:39 GMT
server: CDN77-Turbo
etag: "5e447023-251e"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64b8fcb637
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanakli-kek-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ Frame 7722 14 KB
15 KB 104ms
101ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ispanakli-kek-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c25e33aaf9d908bb036672ed26b9af74032d7cb464d5e3f3b9b67e868798290a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6316532
x-accel-date: 1681810925
content-length: 14836
x-77-nzt: AcO1qhEL+U3/9GFgAA
x-accel-expires: @1713346925
last-modified: Wed, 01 May 2019 22:56:15 GMT
server: CDN77-Turbo
etag: "5cca240f-39f4"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64fdccb837
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soguk-serbetli-irmik-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/01/ Frame 7722 12 KB
12 KB 105ms
101ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/01/soguk-serbetli-irmik-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ec88c9de3a44165db5e410d072fee68874d371d17eeac4ea36c5325d485b3f7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 147366
x-accel-date: 1687980091
content-length: 12086
x-77-nzt: AcO1qhH71X7/pj8CAA
x-accel-expires: @1719516091
last-modified: Thu, 02 Jan 2020 19:20:42 GMT
server: CDN77-Turbo
etag: "5e0e428a-2f36"
x-77-nzt-ray: 4c1562249ee27c5be1c79e640b19bb37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 keskul-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame 7722 14 KB
14 KB 105ms
102ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/keskul-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5907d04f8aa7cc029868fb441fd2a02dce10b72e3a68d6294aa7a2debf90440

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317624
x-accel-date: 1681809833
content-length: 14166
x-77-nzt: AcO1qhFUQmP/OGZgAA
x-accel-expires: @1713345833
last-modified: Sat, 03 Oct 2020 18:58:33 GMT
server: CDN77-Turbo
etag: "5f78c9d9-3756"
x-77-nzt-ray: 4c1562249ee27c5be1c79e6494f4bc37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-somun-ekmek-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/03/ Frame 7722 11 KB
11 KB 105ms
102ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/03/firinda-somun-ekmek-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 58fa8288d109b6525ab6ced54d659e79cc4e2a925f61d6c76da140f0a689ef59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 145916
x-accel-date: 1687981541
content-length: 11344
x-77-nzt: AcO1qhHdqNH//DkCAA
x-accel-expires: @1719517541
last-modified: Mon, 23 Mar 2020 22:17:36 GMT
server: CDN77-Turbo
etag: "5e793580-2c50"
x-77-nzt-ray: 4c1562249ee27c5be1c79e6457c0be37
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ev-yapimi-seftali-receli-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/06/ Frame 7722 14 KB
14 KB 105ms
102ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/06/ev-yapimi-seftali-receli-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5af02ce6b5997fabe156a5cf9e0dfdf4901a0552a78732b587d1ca38ffc2e4f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6307113
x-accel-date: 1681820344
content-length: 14292
x-77-nzt: AcO1qhFjIBD/KT1gAA
x-accel-expires: @1713356344
last-modified: Wed, 01 May 2019 22:44:02 GMT
server: CDN77-Turbo
etag: "5cca2132-37d4"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64e98bc037
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cokelek-salatasi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame 7722 14 KB
15 KB 105ms
102ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/cokelek-salatasi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1bd2603da78c0513ae07dff23bf8925d95683b782d9eaabc18e003d3167b8dc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317691
x-accel-date: 1681809766
content-length: 14757
x-77-nzt: AcO1qhFz1uj/e2ZgAA
x-accel-expires: @1713345766
last-modified: Fri, 14 Feb 2020 22:35:21 GMT
server: CDN77-Turbo
etag: "5e4720a9-39a5"
x-77-nzt-ray: 4c1562249ee27c5be1c79e646dbfc237
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pizza-pogaca-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/08/ Frame 7722 15 KB
15 KB 105ms
102ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/08/pizza-pogaca-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d41d07189295595e39267e87a880138ce04d72fe0ba272a91c07c735db7d2092

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6308843
x-accel-date: 1681818614
content-length: 15270
x-77-nzt: AcO1qhGyeNX/60NgAA
x-accel-expires: @1713354614
last-modified: Wed, 01 May 2019 23:21:59 GMT
server: CDN77-Turbo
etag: "5cca2a17-3ba6"
x-77-nzt-ray: 4c1562249ee27c5be1c79e64d10cc537
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 7722 5 KB
6 KB 127ms
21ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1688127458.cds320.fr8.hn,1688127458.cds153.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 7722 56 B
362 B 147ms
40ms Script
text/javascript 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-114.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 12:17:38 GMT
server: Oracle API Gateway
opc-request-id: /CD9FC3B404AAAEB0BFB378B4D1F1A552/9CEA7D822F8838F0CE3F43FE3D4EE9AC
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 7722 465 B
585 B 129ms
23ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1688127458.cds320.fr8.hn,1688127458.cds057.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 7722 75 KB
26 KB 275ms
73ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 7722 3 KB
2 KB 125ms
19ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9a430e38ea12b4f7b299602fd6e15650e8b052891af22138323504df0f4bc6b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 12:17:38 GMT
content-md5: IccKqqedZXpt4h+cOUhP0Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
x-fb-debug: K5UepoOOO+r/6FxaGknzCrxB5FB9DOO493OxFUwmaUPhoLBanlXhocqe4+UuiXauhsHpQvl2hbw3iSjNFWmK8g==
x-fb-content-md5: 642bb47a5ad6c159f5decec3435af608
cross-origin-opener-policy: same-origin-allow-popups
etag: "e200b2270bf1b3b882c431d4067eb9c1"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:33:14 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 7722 21 KB
21 KB 104ms
102ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:17:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6318004
x-accel-date: 1681809453
content-length: 21525
x-77-nzt: AcO1qhGU9oP/tGdgAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 4c1562249ee27c5be1c79e648e6bc737
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 7722 307 KB
87 KB 39ms
19ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=f43a6a83c21a2c58958c7b3e8d23b948

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b8c6455e904d995bc877812c22cb70bdba38efcaac331e7c98991d8f673a2a81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 12:17:38 GMT
content-md5: jGVtR636Ot4QC2cXztk8WA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88852
x-fb-debug: /7AXYIxpV4gpEn89FRB/4DDHoPl7xWJkFVjaiscXDsFsCNbca0r4iyxYO+LF2T9I0CRcaD+L7CGKUnSxTqM2Ow==
x-fb-content-md5: bf8f788bf475fe6328184f5ef506d0bd
cross-origin-opener-policy: same-origin-allow-popups
etag: "37fd393b7bb68550362213d7a1c34f16"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 29 Jun 2024 09:03:19 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 7722 75 KB
26 KB 157ms
111ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39c08603c7d4694a38f40e3f1e972d38207a90c77d38ae025f64676f79844bb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26099
x-xss-protection: 0
server: cafe
etag: 286 / 19538 / 31075787 / config-hash: 327100832698525116
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:38 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 7722 120 B
306 B 70ms
70ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame EE26 891 B
1 KB 71ms
70ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Fri, 30 Jun 2023 12:17:38 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7722 140 KB
49 KB 154ms
109ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a4a6644b24f9cb5dbda8f0f4a9e57ea016cbbe12d32366df87cfad198dc5de5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49256
x-xss-protection: 0
server: cafe
etag: 7136731893620902972
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:38 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 7722 489 KB
182 KB 76ms
76ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 7722 236 KB
58 KB 104ms
33ms Script
application/javascript 18.66.23.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.23.147 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-23-147.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 11:35:01 GMT
content-encoding: gzip
via: 1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront), 1.1 9127bf22c332a88edd7d5939b5870d1e.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, VIE50-P1
age: 2558
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: FUNl-Qu1khjOx_4FWUrhjeIYnSxqfJ0Fh0M32ix70aLRNqrqWfFqTw==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 7722 33 KB
5 KB 154ms
142ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1688127458255&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.4996548153214002
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5ceb5b977d49c1c974dd2f68075110e11f8bdcc0a2e94b9f8e772cefbe599bfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 7722 12 KB
2 KB 71ms
70ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19538
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 7722 50 KB
5 KB 150ms
141ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468924
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 219c8316a72342d0f3031d56f54e9bad3670d3c4a083bb2cdc1c7361a53af9a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 7722 0
306 B 39ms
32ms XHR
text/plain 18.66.23.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.23.147 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-23-147.vie50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 10:04:50 GMT
via: 1.1 9127bf22c332a88edd7d5939b5870d1e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: VIE50-P1
age: 7968
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: xC04DLI0l9NEc_2QZBicz8VxrCHpfIVXYsG8z-FCulKf70s_Fg6qtQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 7722 6 KB
3 KB 97ms
36ms XHR
application/javascript 18.66.23.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.23.147 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-23-147.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 9127bf22c332a88edd7d5939b5870d1e.cloudfront.net (CloudFront)
date: Fri, 30 Jun 2023 05:29:43 GMT
x-amz-cf-pop: VIE50-P1
age: 24507
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: 6njFfBhMjV-e11NfBy1sjosBhjWkGTbHeOYGoCrVO1o-J9lhIf9vnw==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 7722 11 KB
5 KB 73ms
72ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468924
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 7722 17 KB
5 KB 71ms
19ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 11:59:26 GMT
content-encoding: gzip
age: 1092
x-guploader-uploadid: ADPycdvqnueFZvCta8A0zJONQU3h6tc-2f6MglifUXNzsH7uJg0aVGE8Tp_YFgo-IU6aLyLP9MGcUpz2B-G1lzvGbUAfMA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 7722 0
209 B 73ms
73ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688127458416&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.8358729887428769
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:38 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 7722 10 KB
3 KB 79ms
79ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/ Frame 7722 392 KB
125 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ab758e32437cf86d59e683d808940365c56bf6893f391a96d19e731b21bf154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 11:36:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2480
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127514
x-xss-protection: 0
server: cafe
etag: 13498126467117012333
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 29 Jun 2024 11:36:18 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306210101/ Frame 7722 346 KB
119 KB 131ms
90ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb896af8e865a3d863e7970665f560571261d7ad91b26b26b77be11e7f77fece

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121621
x-xss-protection: 0
server: cafe
etag: 6904480769156374594
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:38 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/ Frame ED6E 10 KB
5 KB 75ms
18ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:34:18 GMT
etag: 12368291122986407432
expires: Fri, 14 Jul 2023 07:34:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zoneview
ng.virgul.com/ Frame 7722 0
209 B 71ms
71ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688127458538&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.6736066936940914
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:38 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame 0FE7 13 B
257 B 85ms
31ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Fri, 30 Jun 2023 12:17:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 7722 23 B
458 B 550ms
368ms XHR
text/javascript 18.173.191.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=tTOh60qOeT9KG&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15336621728129623web_yemeknet_masthead%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_masthead%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.191.32 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-191-32.muc50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 ed0321bab00e6823808eaacb7b137e08.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P4
x-amz-rid: N71KTJSCKTP39JFYN93F
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: xdoAXjTqmfhNluXajTsrTbNLY7Fp6g5lij7AeMxkMOdIEFffS7yYhg==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7722 107 B
456 B 207ms
30ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7722 122 KB
39 KB 543ms
543ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=50675476267560&correlator=1506052297364654&eid=31072019%2C31075762%2C31075787%2C31075028%2C31075694&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127458255%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet468bed14-c7d2-422e-a498-0fc5b4427201%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet468bed14c7d2422ea4980fc5b4427201&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127458614&lmt=1688127458&dlt=1688127457757&idt=798&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=c64m1db7q1gr&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704ff688af5b808bcea0345abd5eaad9877b0f5072ca994621f946736738531b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39408
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0FE5 6 KB
3 KB 91ms
26ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:38 GMT
expires: Sat, 29 Jun 2024 12:17:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 7722 7 KB
3 KB 325ms
72ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 07 Jul 2023 12:17:38 GMT

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9213 603 B
218 B 182ms
175ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127458451&bpp=4&bdt=694&idt=224&shv=r20230627&mjsv=m202306210101&ptt=9&saldr=aa&nras=1&correlator=3964987613545&frm=24&ife=1&pv=2&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C44788441&oid=2&pvsid=50675476267560&tmod=1666243786&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.2ohk4hm8ne5n&fsb=1&dtd=238

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 7722 361 KB
121 KB 389ms
336ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 7722 398 KB
128 KB 76ms
76ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/30/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:38 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 07 Jul 2023 12:17:38 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7722 107 B
165 B 29ms
27ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7722 24 KB
12 KB 378ms
377ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=50675476267560&correlator=2313730928961338&eid=31072019%2C31075762%2C31075787%2C31075028%2C31075694&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=3&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127458255%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet468bed14-c7d2-422e-a498-0fc5b4427201%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet468bed14c7d2422ea4980fc5b4427201&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127459203&lmt=1688127459&dlt=1688127457757&idt=798&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=qpgcx44k1dz&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96d4fe982b3836a4c78ef5b6f89a58dafee4e7b87465fbfae457b1d5215b3561

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11754
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7722 59 KB
15 KB 598ms
597ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=50675476267560&correlator=1373819607836626&eid=31072019%2C31075762%2C31075787%2C31075028%2C31075694&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=4&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127458255%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet468bed14-c7d2-422e-a498-0fc5b4427201%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet468bed14c7d2422ea4980fc5b4427201&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127459207&lmt=1688127459&dlt=1688127457757&idt=798&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=aycv9qo9kv3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e6682e7866db8b1275fec9ba7e0ea976eff8049bf57a5f635f385e50ac90c32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15064
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7722 24 KB
11 KB 389ms
389ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=50675476267560&correlator=3101086997056851&eid=31072019%2C31075762%2C31075787%2C31075028%2C31075694&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=5&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127458255%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet468bed14-c7d2-422e-a498-0fc5b4427201%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet468bed14c7d2422ea4980fc5b4427201&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127459212&lmt=1688127459&dlt=1688127457757&idt=798&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=b3nuv63yhwas&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

664b84071e126b584fa4689c9e088869e82684bbfe67b0ed8d08df2031c3eacb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11601
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7722 60 KB
14 KB 452ms
452ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=50675476267560&correlator=2767050605010186&eid=31072019%2C31075762%2C31075787%2C31075028%2C31075694&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%7C300x250%7C468x60%7C250x250%7C200x200%7C160x160%7C640x205&fluid=height&ifi=6&adks=3050045420&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127458255%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet468bed14-c7d2-422e-a498-0fc5b4427201%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet468bed14c7d2422ea4980fc5b4427201&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127459215&lmt=1688127459&dlt=1688127457757&idt=798&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=yeojosikvnji&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=996x0&msz=996x0&fws=388&ohw=1600&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de5adb774910a7afd4f2224dfd9c21dff806178a06ffcd60d4c86b8d61debde2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13810
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7722 111 KB
39 KB 308ms
308ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=50675476267560&correlator=4178539726331541&eid=31072019%2C31075762%2C31075787%2C31075028%2C31075694&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127458255%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet468bed14-c7d2-422e-a498-0fc5b4427201%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet468bed14c7d2422ea4980fc5b4427201&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127459218&lmt=1688127459&dlt=1688127457757&idt=798&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=a0iur1kncz4a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f78276da5b3c017b06994750541d6f481b8b41a735ae5e15d1f8a16cf97dff04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39533
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7722 24 KB
11 KB 318ms
318ms XHR
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=50675476267560&correlator=3728064167332939&eid=31072019%2C31075762%2C31075787%2C31075028%2C31075694&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=8&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127458255%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet468bed14-c7d2-422e-a498-0fc5b4427201%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet468bed14c7d2422ea4980fc5b4427201&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127459221&lmt=1688127459&dlt=1688127457757&idt=798&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=p6ooz57mh7ya&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b18bed4bbcede9a0955396f6165f86a5823f46a2f86865dc530d80ee8c2f6fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11564
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4D75 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:38 GMT
expires: Sat, 29 Jun 2024 12:17:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 4D75 14 KB
2 KB 72ms
28ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 10:51:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 4D75 2 KB
945 B 70ms
22ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:19 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4D75 0
0 64ms
63ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CjRGN4seeZOPDKY-t1waFjYxQ_dnBkW-nysmuhxFkEAEgwLKCa2CVsviBlAegAcnFnLQoyAEJqQLYWKRVcTyyPuACAKgDAcgDywSqBPEBT9DXfIcRruLonpxy7eno2Y7kI3HOc6OLRb0V9SBZOZGRyWjXLDGkZE7hUHg0L849w3NINin6O2nw5HJO5wZEZRVpaEyAIl0VogNQ4yf9RcQK_JvaQkKEbA7PJLthF2EWE-ye7t26GZjlpuWLbYkRylwQmFz2w2v5o6lweDEMTMP46X0mNTJHkitEv6WcuaQ1eJMXPsXB_oWOD4HB4NJMK0pGpU9YvR71M2FVuC3q1iUtZuGy8L2LqhG3q8yiTJJa-kUhQVhzTkYyOBgsCjCjyodo9tQ6MMm4-pjBf_suZtqdz3b8WUsiNHcksMNIXW9f8sAE2rOh2KIE4AQBkgUECAQYAZIFBAgFGASgBi6AB8n97JMDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQz7sB0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA8gLAZgM5_Khq6oEuBODBNgTDtAVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=n2xTVcY7fuM&uach_m=[UACH]&cid=CAQSLQBygQiD_C7LV12SHOcRHpM5rU2Xg0T-HFHjhfFebVRQseYcQSTza0uvQNUZzxgB&template_id=515
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 4D75 23 KB
9 KB 69ms
23ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:09:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11303
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 09:09:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 4D75 3 KB
1 KB 67ms
21ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:55:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12124
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 08:55:35 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 4D75 20 KB
9 KB 64ms
19ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4D75 179 KB
57 KB 87ms
42ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H2 200 77005c67fa3fd636ca667830ce382e45.js Show response
www.gstatic.com/mysidia/ Frame 4D75 33 KB
14 KB 63ms
18ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/77005c67fa3fd636ca667830ce382e45.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

162c5ebe4d8983b62bbb17bdcbec49361953db02abb8ef83a527c25544b4de9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 23:17:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 306039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14190
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 23:04:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Sep 2023 23:17:00 GMT

GET
H2 200 6221075176733074052
tpc.googlesyndication.com/simgad/ Frame 4D75 2 KB
2 KB 59ms
22ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6221075176733074052?w=100&h=100

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34c4f4260f734b22cfad2e89670f46df34abf62c67524fd9a8e99080c23d6f7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 01:04:23 GMT
x-content-type-options: nosniff
age: 558796
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1872
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 12:50:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 23 Jun 2024 01:04:23 GMT

GET
DATA 200
OK truncated
/ Frame 4D75 336 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 5ed7638be4b07a92411bbffe
ng2.virgul.com/tck/imp/ Frame 7722 0
209 B 130ms
70ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7638be4b07a92411bbffe?g=1&t=gb&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688127458255&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:39 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
DATA 200
OK truncated
/ Frame 4D75 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1e333f39d61f0882b164269d2701b3bbdfb719503dae87e5c40a792fa25673f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 4D75 33 KB
34 KB 66ms
21ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 19:09:17 GMT
x-content-type-options: nosniff
age: 234502
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 19:09:17 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7722 15 KB
11 KB 69ms
68ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c441adb135107cb8f04906896e5d8cf75f262629577bfce6bf99ffd6b61aab02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11340
x-xss-protection: 0

GET
H3 200 container.html Show response
8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0006 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:38 GMT
expires: Sat, 29 Jun 2024 12:17:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F5A7 6 KB
3 KB 18ms
18ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:38 GMT
expires: Sat, 29 Jun 2024 12:17:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 2F3A 37 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238403
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:04:16 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 0006 2 KB
926 B 19ms
18ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:19 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0006 0
0 61ms
61ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_Efg48eeZKy-EYjZmLAPu9W96AOnkM-4b_Cw-7GCEb-v1JO6AhABIMCygmtglbL4gZQHoAHgl6bAA8gBBqkC2FikVXE8sj7gAgCoAwHIA8sEqgTZAU_QtQgL7ljYo8qfcLu7KmLodk8JW2XkeYTU7opYxYc1KooAqnQCCvK42L7XMC-UPmDDGEBUzhTie3mD_N5oe8LngYmNFt0R5AHAkpVHN6GTXi7HdwXG05oORNl4DuMIjdI3ioYLUFZ-5mJYSnXXmfMJOj7XV7GVHUX_ynbnAa5m-rZIeVsV5eIAP-q-u2t-v1DCSlJZLJou4ztzXMhqtVilnVVRJLioKdii6Ca9TQuGyvUrdzDkrkZayR5tdQcwYGsBSN3EXyDK7l0PtkSzUqQuEv7qrIAisTLABJfBnMywBOAEAaAGN4AHiOjZP6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEPemAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwHYEwOIFAHQFQGYFgGAFwGyFx4KHAgAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBjqwW0&sigh=4IF9Yj1ZSso&uach_m=[UACH]&cid=CAQSOwBygQiDwqpV-Rsdc4Yr1scq0njPKI3bZSH3K7wT8kbBPZ4ktuQNzLoHei602ZoSmZTDfAkGLJuBr-PpGAE&template_id=492
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 0006 23 KB
9 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:09:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11303
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 09:09:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 0006 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:55:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12124
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 08:55:35 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3989 1 KB
643 B 21ms
20ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16887
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 0006 20 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0006 0
0 73ms
27ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQJCDMWPfSTwkr-EjoXFCUnhzBMsn7zdXETzwswFZsodJ4mRTZu7PrJiIoW-ZoODE_Ntgt67-6ded9a8r_J7uk426KvyQ
Requested by: Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0006 179 KB
56 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H2 200 5f03bef6f00b7a8cf9d43233a2aa7e67.js Show response
www.gstatic.com/mysidia/ Frame 0006 33 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5f03bef6f00b7a8cf9d43233a2aa7e67.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a5fa3073b94aa8259d04802566504c897fd640610ea9f36654cfacc615f325e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 20:05:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58346
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14183
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 19:09:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 27 Sep 2023 20:05:13 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/17760264913481556032/ Frame 0006 7 KB
7 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17760264913481556032/14763004658117789537?w=195&h=102

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb117e4b7d65389a1bffe3dc164603d660fd132c3b5f589ab9bc4421379df8ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 22:01:30 GMT
x-content-type-options: nosniff
age: 224169
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6902
x-xss-protection: 0
last-modified: Fri, 10 Mar 2023 10:07:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 26 Jun 2024 22:01:30 GMT

GET
DATA 200
OK truncated
/ Frame 0006 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ce5ab0260a7860ea167511114f1b2a1a8c5dff2b1a3885e2c2e70fb54c4e7a9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C87B 624 B
242 B 61ms
59ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjfobXcATAB&v=APEucNW8eq-eVIvglC6eZXq6Rv4Lj1V2PslZXNnZkAFN3bRuJYm32LpYKHU8ZqKPccjbXQmiL5am8PnmncihfyjGO8ZqJKu9mU6XfDWsqqRF_Z-3qIp1VKFXDpwYF4m0YS47q2hk1gdrYKMkQF1sdMd4iPugHa6DpYs8yHZWl85hNuFrfd96CSQ

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F5A7 78 KB
27 KB 125ms
124ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F5A7 42 B
63 B 54ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D4bG0_1d08yad1FHOZWIMX_hS8n7wslY9rcNG5h8TWMsgZ54TiFBWxvzSJbgmBt25FpWSq5iGK8L1HK2lJsRfs5A09lpFHbb-S7zvsNCCLEXIgGR0

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F5A7 0
20 B 55ms
53ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13831153620124796072&x=1&ct=76

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame F5A7 3 KB
1 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:55:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12124
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 08:55:35 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame F5A7 20 KB
8 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F5A7 0
0 66ms
27ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQR-fOabGsYu_UuIWtwuCuo8ZXetGMyxtLLPC5BnLHUOXkRP1U-lCMBwIubMeA0kHe9YI3551kZzKR7r3uq5IA3bacRVw
Requested by: Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F5A7 179 KB
56 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H3 200 container.html Show response
8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4B8A 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:38 GMT
expires: Sat, 29 Jun 2024 12:17:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5DCF 6 KB
3 KB 18ms
18ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:38 GMT
expires: Sat, 29 Jun 2024 12:17:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7722 17 KB
7 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C87B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECQr8kzy_pqkV7PBt_uLllE&google_cver=1

43 B
632 B

42ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECQr8kzy_pqkV7PBt_uLllE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjfobXcATAB&v=APEucNW8eq-eVIvglC6eZXq6Rv4Lj1V2PslZXNnZkAFN3bRuJYm32LpYKHU8ZqKPccjbXQmiL5am8PnmncihfyjGO8ZqJKu9mU6XfDWsqqRF_Z-3qIp1VKFXDpwYF4m0YS47q2hk1gdrYKMkQF1sdMd4iPugHa6DpYs8yHZWl85hNuFrfd96CSQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:17:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECQr8kzy_pqkV7PBt_uLllE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C87B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7H4xSCMbGfoMyiTJ6XdgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

43 B
766 B

19ms
19ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjfobXcATAB&v=APEucNW8eq-eVIvglC6eZXq6Rv4Lj1V2PslZXNnZkAFN3bRuJYm32LpYKHU8ZqKPccjbXQmiL5am8PnmncihfyjGO8ZqJKu9mU6XfDWsqqRF_Z-3qIp1VKFXDpwYF4m0YS47q2hk1gdrYKMkQF1sdMd4iPugHa6DpYs8yHZWl85hNuFrfd96CSQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:17:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C87B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDamK05diQWJr6R0UFhPr50&google_cver=1

43 B
1 KB

51ms
32ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDamK05diQWJr6R0UFhPr50&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjfobXcATAB&v=APEucNW8eq-eVIvglC6eZXq6Rv4Lj1V2PslZXNnZkAFN3bRuJYm32LpYKHU8ZqKPccjbXQmiL5am8PnmncihfyjGO8ZqJKu9mU6XfDWsqqRF_Z-3qIp1VKFXDpwYF4m0YS47q2hk1gdrYKMkQF1sdMd4iPugHa6DpYs8yHZWl85hNuFrfd96CSQ

Protocol

HTTP/1.1

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:17:39 GMT
AN-X-Request-Uuid: 6f95ddef-f4de-4bea-ab48-62d6e3d9a8db
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 84.19.175.183; 84.19.175.183; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDamK05diQWJr6R0UFhPr50&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C87B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D

170 B
188 B

29ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 12:17:39 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 84.19.175.183; 84.19.175.183; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 14155f90-0468-4d82-83e7-5d5768cbb2a2
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/032306202201000/ Frame 4AE3 222 KB
61 KB 74ms
24ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032306202201000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94439c92d7b20cef4532243ed9ca2e30577d5ac192a09ea4f09fd94f079f6803

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 224617
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61909
x-xss-protection: 0
server: sffe
etag: "0cf1bc09149df6f0"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/032306202201000/v0/ Frame 4AE3 15 KB
6 KB 69ms
19ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032306202201000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c52e2a15cba5be54e6986bd808f5a6aa6705b0efffd9379feb005dabdb748e32

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 25 Jun 2023 05:27:47 GMT
age: 456592
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5217
x-xss-protection: 0
server: sffe
etag: "9616db2753e55560"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 24 Jun 2024 05:27:47 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/032306202201000/v0/ Frame 4AE3 94 KB
28 KB 109ms
59ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032306202201000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01204747c552676cceff27ecab875807de15fc28860715608db3d368ba736b3e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 29 Jun 2023 15:17:04 GMT
age: 75635
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28896
x-xss-protection: 0
server: sffe
etag: "4dcd9a8c59f0d36a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 28 Jun 2024 15:17:04 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/032306202201000/v0/ Frame 4AE3 5 KB
2 KB 72ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032306202201000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52337cf2499996a25da3c2f17c8e0492c2d728c4b22bdd9b4da2089fcedac9ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 29 Jun 2023 15:19:45 GMT
age: 75474
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1898
x-xss-protection: 0
server: sffe
etag: "d7fe975149c6761d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 28 Jun 2024 15:19:45 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/032306202201000/v0/ Frame 4AE3 40 KB
13 KB 106ms
56ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032306202201000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b17d2d0a88d045b86c025e6a7978189716ddd6776e975bb9de1ad43be17348f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 29 Jun 2023 15:17:05 GMT
age: 75634
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12958
x-xss-protection: 0
server: sffe
etag: "5e14f2792a869535"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 28 Jun 2024 15:17:05 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4AE3 14 KB
1 KB 29ms
28ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 10:51:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4AE3 3 KB
3 KB 19ms
19ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:04:08 GMT
x-content-type-options: nosniff
server: cafe
age: 62011
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Fri, 30 Jun 2023 19:04:08 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4AE3 344 B
368 B 20ms
19ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 81749
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 30 Jun 2023 13:35:10 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4AE3 0
0 27ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTcJE9lO6TqTzaw3iVQuSKemJ8Y7828VtXX29pxMSd53z8X-ClD0sLyn75QBlwv_5TozkLX9QSksXBvLoBGAqdh7R5s4Q
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4AE3 0
0 64ms
64ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBT7248eeZI70EbmMmLAPyMqU0ATV4Iz_afHn667ACs_JmpKeARABIMCygmtglbL4gZQHoAG9r5X9A8gBCakC2FikVXE8sj7gAgCoAwHIAwqqBNsBT9DILOWxVieoGLFK18h6zKHc-1RJYzCU3yeTNBPx7wXi_NMeM0BxXnPdSsodl0jXrcT1JGOAni_geItmOQsL24qGNrNfOcwxRZldycn61VFrYd36mF0A94Uul36i6NowamqcHVd0FIIksNDHk3Cq9A40ATQt2XUmP9aidW7Zu7BPKshi7NRteC8HG9HMa_bGnW4zyGxBq_Sd-pmtuunSbE-7otHPYCYITC1iH2UtVc4LM1HND3JFb0tcaSyKmEsD7Fkc2R9VEOOkOE93n2ocO1PPEfuhzUbWY4PjwATQ3qurowHgBAGSBQQIBBgBkgUECAUYBKAGLoAHq9DqAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEPPVCNIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwHYEw2IFAfQFQGYFgGAFwGyFx4KHAgAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBjqwW0&sigh=vLDz9OmLiY0&uach_m=[UACH]&cid=CAQSOwBygQiDMgyiGssxoAD0Smjtas52_KwQh_gI5vG-s4oV6_-VUx9UTfX_rTNGLnIPd73vY7NTG6LAqplSGAE&template_id=5000
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 51A1 624 B
242 B 61ms
59ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNW5hvRFjqU1Qc5TV2XnVOyLPHbLLa-yxvDWQz9g1dg0gWLoSSWyLkUh0sLPUE4K_ITNyTUGP9smEUjJZa79QsPmWwzoQzC2PjkCfvQVyHqtOgvp0tJNmJKpQSkwyabiLggPiq6Q44RgLZpCGY7ipvlOXG0z968PFsdvZyperb4ghrGQbtw

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4B8A 78 KB
27 KB 97ms
95ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B8A 42 B
63 B 54ms
53ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BoW77gY5CbpSO46RBdVFdHP12Fy7CHjXYg3-fGc3duzoXLAzWb5LS6l8nJbb6qnQtneQ6kAEY4ym2uw8sH3hVPImrbVHKvJVk-z23MLO86PzAHq3U

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B8A 0
20 B 54ms
53ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13623238151096651897&x=1&ct=76

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 4B8A 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:55:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12124
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 08:55:35 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 4B8A 20 KB
8 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4B8A 0
0 27ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRABxYOgIr52Lf04W9QH04M7Mijzt7lZ0J1ZQNVE-ghVRo4Ax4TQnY76Ggkw9ETQ2UhPKDEa-HYpo5U8EXP6B5KSgOKxA
Requested by: Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4B8A 179 KB
56 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1EBC 624 B
242 B 61ms
61ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYqYLo4gEwAQ&v=APEucNWw9ojrMJBAIyWBvYW80WHsiDWc32veOTllXB6bJ2WLjraTDVMAYk-a7fV2BpUWA45q4TDeisaersfzyiWVCx-eIUjfOPz6NO1HItB9is2SWDYKYfQMBEdO7_IKY5cQXPREZgaJqz1WrtNod9EwgZOZoD2KCZOvMNU6gy4S1iRLWLSbEA4

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5DCF 78 KB
27 KB 145ms
145ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DCF 42 B
63 B 53ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BJ4X9rMSusFXeu9zwmwJd2OuRa3IqgQ-HNBDymbaJ_qpmzHDNpA6Ics5WuPvLndtwNXKMMKsZ3wExb91RpK_4VLsNeVF3EJYNxSgcXBnf3r73ykOI

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DCF 0
20 B 53ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13528083759159662373&x=1&ct=76

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 5DCF 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:55:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12124
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 08:55:35 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 5DCF 20 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 5DCF 0
0 28ms
27ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRtLCLdLcotmgkViEAxCocJlZ0ddytNqY6TkQAsEn15Jr49rWOECE4OyK20ly_mJO00lwXJ9eAqJlo3FGkEwLgY88roMA
Requested by: Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5DCF 179 KB
56 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/13640987748422547716/ Frame 4AE3 16 KB
16 KB 21ms
20ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13640987748422547716/14763004658117789537?w=600&h=314

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53d1025f404312f7d29eb76a13c1042d2331f863c5dea11abd5191ac10e9d85d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 02:54:17 GMT
x-content-type-options: nosniff
age: 552202
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15886
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 06:07:06 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 23 Jun 2024 02:54:17 GMT

GET
DATA 200
OK truncated
/ Frame 4AE3 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4AE3 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4AE3 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4266a26017bbabaae6b988d28297ebf3ca75bed3e392e0b69969bc6ec748822c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0006 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 307798b2ebdc1274886ea9263f8ba8c80f18f1e9bb3fc6b3a9200adcc4ed0592

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3989 35 B
465 B 66ms
20ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGp79YbUjWNtVYkVz9rKbi0&google_cver=1&google_push=AaAOQGHAMW2C3o0F9dOdOqlkU93bdvDS4qmDRx_a0y2XSVeEHULOGCc19s1-0-X04L5MZOYKyygHhaewP9CWmHxqLwvMJ4rhHoLrdsBANJBtfkiOqWCCxPuFaXowRFTMqyEa1bk5CVsH0gA

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3989
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEOLrlyiTbHmO-dmw57N3BS4&google_cver=1&google_push=AaAOQGFEPWbuSKPy7xMKQP8jY4rVHl641yk7yhKuUwjrDMp8cmJKYLClKOQFwf1zKIdIqajxEqNMR76kR4ROr2_W...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=jx3VLdXNQ8eu8a3r9939oQ2&google_push=AaAOQGFEPWbuSKPy7xMKQP8jY4rVHl641yk7yhKuUwjrDMp8cmJKYLClKOQFwf1zKIdIqajxEqNMR76kR4ROr2_WONa3TgRER3lPpI...

170 B
188 B

39ms
39ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=jx3VLdXNQ8eu8a3r9939oQ2&google_push=AaAOQGFEPWbuSKPy7xMKQP8jY4rVHl641yk7yhKuUwjrDMp8cmJKYLClKOQFwf1zKIdIqajxEqNMR76kR4ROr2_WONa3TgRER3lPpIuzsoWSzbYqm8IK23Ny9t2gHhQT-TUvvNqpL026L14

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 12:17:39 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=jx3VLdXNQ8eu8a3r9939oQ2&google_push=AaAOQGFEPWbuSKPy7xMKQP8jY4rVHl641yk7yhKuUwjrDMp8cmJKYLClKOQFwf1zKIdIqajxEqNMR76kR4ROr2_WONa3TgRER3lPpIuzsoWSzbYqm8IK23Ny9t2gHhQT-TUvvNqpL026L14
x-host: tde-deliveryengine-production-7c97bc8457-8xsn7
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3989
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEA-V3gq7bAp9O74UGCdVdyQ&google_cver=1&google_push=AaAOQGEBhvri9tn5mItLlgbHGbWu6yTRpEmo83XtazAxEC2XkEdENbJnbiRkeRtnAAuSYA-EuINftJwc_XeB3OpD_-f2...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEA-V3gq7bAp9O74UGCdVdyQ&google_cver=1&google_push=AaAOQGEBhvri9tn5mItLlgbHGbWu6yTRpEmo83XtazAxEC2XkEdENbJnbiRkeRtnAAuSYA-EuINftJwc_XeB3O...
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=119&user_id=5140084925901389052&expires=30&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEBhvri9tn5mItLlgbHGbWu6yTRpEmo83XtazAxEC2XkEdENbJnbiRkeRtnAAuSYA-EuINftJwc_XeB3OpD_-f2tcxeHwbPl489LFJeLIwJbAub84guectXA0ZvWdgvUW...

170 B
188 B

29ms
29ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEBhvri9tn5mItLlgbHGbWu6yTRpEmo83XtazAxEC2XkEdENbJnbiRkeRtnAAuSYA-EuINftJwc_XeB3OpD_-f2tcxeHwbPl489LFJeLIwJbAub84guectXA0ZvWdgvUWhc9jZJ1xw&google_hm=5YfdcoMiR_es79GZASgK0w==

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGEBhvri9tn5mItLlgbHGbWu6yTRpEmo83XtazAxEC2XkEdENbJnbiRkeRtnAAuSYA-EuINftJwc_XeB3OpD_-f2tcxeHwbPl489LFJeLIwJbAub84guectXA0ZvWdgvUWhc9jZJ1xw&google_hm=5YfdcoMiR_es79GZASgK0w==
date: Fri, 30 Jun 2023 12:17:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 3989 43 B
363 B 109ms
33ms Image
image/gif 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESENPN_sUEzZ9BsaxCWiOsRv4&google_cver=1&google_push=AaAOQGFwhGWYLXkz5Xe8pG1KP_0K9jutApLzJv641_1zAPkN9mDu4nz5ReN8umPx0r6vgDYLRVWSLbuvhyNQja1NBeV87l8K88JXs7smSQ_U3HmK2DKF-LmZGJhnHiVNNz9982BtABTE9nM

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 176208
expires: Fri, 30 Jun 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3989
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESECd6saKIxW2pD67CigYnwgw&google_cver=1&google_push=AaAOQGHvJBjZYB5bgfgfqWmr1Axs7bs_XbyicPc7XNfRi8Gs1X9SfV2Pns9FgvsouSs8yAkMwAkG1hHs0fzVj8_YrYQJEmD8M6...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGHvJBjZYB5bgfgfqWmr1Axs7bs_XbyicPc7XNfRi8Gs1X9SfV2Pns9FgvsouSs8yAkMwAkG1hHs0fzVj8_YrYQJEmD8M6C...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY2NTQ2NDg2NTkxNjUzNDkxMjQw&google_push=AaAOQGHvJBjZYB5bgfgfqWmr1Axs7bs_XbyicPc7XNfRi8Gs1X9SfV2Pns9Fgvso...

170 B
188 B

28ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY2NTQ2NDg2NTkxNjUzNDkxMjQw&google_push=AaAOQGHvJBjZYB5bgfgfqWmr1Axs7bs_XbyicPc7XNfRi8Gs1X9SfV2Pns9FgvsouSs8yAkMwAkG1hHs0fzVj8_YrYQJEmD8M6CpvbiGEoHJTAnzpD37-2fTSafjwhlqOV2uxLD70j7oAQ

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY2NTQ2NDg2NTkxNjUzNDkxMjQw&google_push=AaAOQGHvJBjZYB5bgfgfqWmr1Axs7bs_XbyicPc7XNfRi8Gs1X9SfV2Pns9FgvsouSs8yAkMwAkG1hHs0fzVj8_YrYQJEmD8M6CpvbiGEoHJTAnzpD37-2fTSafjwhlqOV2uxLD70j7oAQ
date: Fri, 30 Jun 2023 12:17:39 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
onetag-sys.com/match/ Frame 3989
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEBGW4ivfJ3LGvb8QdoQb0ik&google_cver=1&google_push=AaAOQGEW71GH0AmaVX2i4_4NDpgEniqdZGx_9zATAFLDqUXUi1mzz1h-z6fz48M6XUW4UfqZzGSRptG3ttK...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEW71GH0AmaVX2i4_4NDpgEniqdZGx_9zATAFLDqUXUi1mzz1h-z6fz48M6XUW4UfqZzGSRptG3ttK9mC-j2bsL2aKr8Bkv3sxZNkvlzQNWnyep3EJM...
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

19ms
19ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Protocol

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3989
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESECWEMR2BL...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESECW...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e587dd72-8322-47f7-acef-d19901280ad3&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

28ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e587dd72-8322-47f7-acef-d19901280ad3&%%GOOGLE_PUSH_PAIR%%

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e587dd72-8322-47f7-acef-d19901280ad3&%%GOOGLE_PUSH_PAIR%%
date: Fri, 30 Jun 2023 12:17:39 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 3989 0
130 B 44ms
26ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JdAXfbOV00wEOwWc0-30vNv8k_YU7GP1S7-1qFDe3O_IZobO4_PGsjIcT-UElk5051ZhqAOkU

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 946D 13 KB
5 KB 20ms
18ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 11047
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 09:13:32 GMT
expires: Sat, 29 Jun 2024 09:13:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3C5C 783 B
535 B 30ms
30ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c677d7edbe588631f292fed695f7df879e8b7c245d2373b30d86aec85e2456af

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tpWFqQ9joYkG4aWfDLZdZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-tpWFqQ9joYkG4aWfDLZdZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:39 GMT
expires: Fri, 30 Jun 2023 12:17:39 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F5A7 0
20 B 55ms
53ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1845896677043&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F5A7 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1845896677043&version=m202301230201&ct=76&x=1&cor=13831153620124797000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F5A7 92 KB
37 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B9plfVph7jrcfMlfg6Ams3wTF54XXZGzDlxluEdYEBiooWVK9a_s04SWTxIuf1-rkhriy4h5ufhnlN9WeLXq4PS0g4PvDzXcaJs98ShkptsdiE-Y0&cry=1&dbm_d=AKAmf-BOmvbDQDsPd0aaBCiGXURiBSRH6Tg7NAz4i9auzChVVU7yr5OTVRyeJDmZG3lVsu-yT1w0z4UkZkp_83J1Z4SJHU4codzePGPZDFaLfCmBXHEPvl-mrMRcvA0wqMcgG-yJI0iZU7nLucSy9BEGC8JKkIWBfJ3rx5Ec6Gx1HYU7mGFov6p4PnNh8tqFXdFq5cvgtjMnwvUx6vep2AixrdeP5qaLaozYSbPUti_LJPMmw-G6c2ETaCLHWAdqO5BB7vLqUw7SYvsiHBuea-Ob4GUYtPTAVeg5lJ-lMw_B1nIIDUI3hZG4qNNUPdMjvUI0HMiFitD7RT80gtSbs0eCIkExSZzsfl8epfuG_W96UnmXUsMDKTBUScrUqF567wQDxeFO68tBY1k2ZV1P_Zk0oaCKWHReC8htD0qj8pMEyqw-6nTEHNyIMZAFmNOav3JcPEHp9BAnm94_UjSmG2cTghJHq-qAVjsZItwrsnB1Yw0_RH4t6l17T1qP00WfPqcn9BceMlJCZKN5C9M5ZvTur7QhjGbSLz0EcBMCVjcftsEJnP0Gkmo8RPGLYePeg8DL6Me_iicqLYj46schwoJ9Sqh9l8Q7ZWzWwwkVRK3dVJUKCnklIOWozMvf8l6V3tn4SJGXKQwRB7pzLVdwo7eSecoNRtJcb-AifgyNEYFFLhxBhYMVNdny2KCse2xcmQVf9eKFnmjxc3O8gRj-46UU0ZiHkLIWeh8VV3JIv9D4x3EcY3AIJbdOKNs5K6XOEb-x9hcDiqCvUSsfjSA6V1EFIyS83Q-ywfdpfMxP1LbvRkwowXEFrb6SNK8R0Y5j6Lsf2XDtbjxXjR0PZZMcka5i5HOsuNUiQbvSYo0u_KrhE1nokJ9-8jSY-4IJuT6u4f8GiECxR5_JprcK3LtyyzMfO2FUFyVWrNBPRfv-rlGTLh7g7TdPqrZSNI83mCaEyqQbS9KafoXGK37Q4LcG3GUBRfBxJ_Leu77od2mYXg1MyIFOqA-VYaa7nFkyH5DWIrXSiv9K5X31n6WkniKI3Jfmf2I1bK10iWGDgEu9D3DCytso1VatYZeNTE65Vt2BfkF11Mv5m5xIVlxYdNUQPEJDfG_d2oWOAxepdVN9gW_TClV8XNBE3zfzXwRyQulegMWNLQ5xnGbHUHh44UcrLjQMnY9APTJGDEF0aWbDX6SRsUpF1hQRsII9xbRCldWLtTvN-NeyWN2HwUKoGUQW05-LzU22EQl-yrGhnvLDamvWAATCKfvM0pch_JLpQ7KWR5tDnQg6j9QfcxkZ_ZWUoCgMcwKdtoh4b5MrbhvZsILzJFXHkvmE5WTXzfOKMDv-VHlbmVSbPLurWWZhDKg6SGtlAdMrg88tDhNbXFSTAMW6u_lWXgf_ANUgyOb8hvc3BksTvaML1pCcRz5NoBXHM6mBOAY8-surQTb_uUru48Dt33A1oJilfO2vXa4-KLO2hbne-5-cMUEtVP5MTEXGBKrqLzbqU3WQy0DiKlEZyNW4eTllNmVXotkk3B5eW7hzLh23OPZQYWRKGa1GnN0FM3zhzkB7TlKuTJHukQQ2SBnsCSve7vyxr_8b7MxcnU_eek_VPiTYYeLhRnuymqefXOq-TWD0Jb2kjeFCpAfkdGB2yVaKf3fOPi-bc-KfgUENMUvO7bqSBsOsw6qqehmiWAspu8ii1TpudxMpQFD4Sr48vRfWuGryZeRkMfF49teuDPuseewsDd20PQmVhfhdeQrlU4kxNzIrsESewOUgyahIGpzWlWXNpRC95ouQWBP1iNp9D2RrVEyKVaYN7gmW6DmBVCLT8ejrVIrjFc7DX4nvk9TCdkmL40huhxHKMTq5p4n5Dz1i-Z4OOT2YCeoHYd3Y0PgyZEuRH5CjrSPr8MP7wt7-IJU0edS8LN79ljUzASTGUPCz3QIYXAGGQaOpkUy26DOrH9W3hBIj0CGg_NXct1lAayUIRy1wOvn1GaDv8ptaZhMPji57m9mhQSBQOR89X7GUhFD4ulJJ8xXefLiOeqZUQ5Z4dSKmFbZ0yJ74veGyJoE9010VPKeL1tjC48MFiACLb6S8Tg5PDZs76_JpHy_tKMbYiNeN7u9tCayaqHtz2NI9XY5bZJqghgDPHQx4gT6v36jY9dEDY2Al8C6vTUT49b-3lNUVdp9EWnjo1eIdQt7ZXwPPQrZVMLmxrmNV5Gjcn_qfpqoVHp8nO0KiW6YuOxZQTCg1rm-52A6KQO4syQ7I3barhEPphcPIntoBMMNSoyy9XPzG93YIgQQOCoogL4KqVaGQo92RgbdHKhb2AdMegFD961EhzkrWb6qSvTZlAakZEdDZXNyWQvzGA2fQ8M62whDNIuWDUv3jHvHg8japz_xG2terol15B7TEAPV4rQM-SchcYeunJvqeBnlBw0Zh-rObPFdSxq1qlLL2qnBLuQmOiLuhp-Db912CZPW_FJSsQgEejahaTkGzVrqGSbYYLE9C5GpnQ-m8sVb91VyOOc1PuGDJPneh242FTni22o98MDbiE9_kVRLoRvT7YjjGhzx_oUNtMgNomzYv21SSWqa-oPCoDolX4e_ExlitCXL7OkYSCMzt_EbrCFTAYPQz1zZ50Dqbi0tsC6yQ3kfIqOrM7S01OEDLa_wZUDvjPgBhyuWnLw4q0QHi2N4uHcOj14e-Kg9RS1hKRdRJfQSJWWhUBE9Qz0HyQt0BnnzojNykwE0RU2ZHDyGlSK47chbFaeZLW1z2IqGVerZbSidIDbv3w_04sbT7R0I7tUHvyZW3J3FcZq4htO2CcyHUE48HQBiPkm_X7S3J-xAQR6Jhip8qfGOmGwI29fVMXxW34W51NpewnYbI85jXKsWeaOwRMWYFD9OPrklPWMo-B20TQh0IETKkMXsmo6VGLxOMQy_hbzoGgXX7v8JAgDs60TyWZKNdtmcvIcGgBY20DWFOTYLS6L8zbbwVWwoy1Koz7ju4ZMnEBem1RD2KOYU9TcDXskTfk2eo9bW8OSbNpmsiYI3i_Uz1yzyfywGMwrA777_K6jz6ehnM0SnFiilWRdvKb3hXtLn3hjYXezp_r73ZuuQRp7t2GHm7aKW8XWd8W0BLiCZiisRSQkBesUCVwPygScrEAU9UFPvZfelBJxmViTijiR9tk2Epw8jYl21n3EnwKJeiOSPTDrYP_3Tvx6sj_Muz8FruDlPxP611mnG5iKsW17vxtLzBCEa63if25jDzSqsQL4jWRICJPI5W_92084JpwZXowpDM3tM1vMB3UG7qqKQLWSiS_Y60JWJIV3euvUxZq8ZRNAHKm-jBBlsXEymAmiH-E656fGGn8F5wvnu3oDzRdgOf2K9yXqhsqZ9H2lJsJSamS8c_iURM6M8uuYIPZwpZulv0pmBG2PU4lG-R4JcmHEusJDK4INc35cRt9B9CEZrEGRKiQkijCeKfNmXpdyK5g98SXEci159pOXtHVJvgIu4-4gGPCpWhJ9oMbcXWl68eFG5hjx2WxCOsv-Z-89LJagWoPbJh0PZVPNhkWvuFvVdE2mMvaIRCoF43ZsVyFlffC3dQwK2YcXPuCQ81U5sQfpT8mnPxE3O9n-WB-O4Lybc1QQD8eHzcTrhTLDy1KpsuaUA-Ec2IKcE2JC5ZwQI-Tg51254GLvujMybAK0AUtP1AKvDE1e6yZoy7vbtlWs172gtlSYVC-7uRSn4V6i9MG3hdS1PkaYVY8V4JKAqmddSDIgFKlJ-b_pdmgp_L8ogAuNpE_1MO2AyDMiQ&cid=CAQSOwBygQiDVcAvnw1UBRTkkFF7WLfSP-oz9k9bYpMx0wfxwlMz2P76Fs5WFKm0fa81Nkbl0cjgzxsNWge5GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13831153620124797000&adk=1599433117&idt=130&cac=0&dtd=46

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f18c5cd2c90bad9c70e30ffd450586440c838c754aceed8f6fdd0c2ade2521d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37831
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 4AE3 33 KB
33 KB 19ms
18ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 19:09:17 GMT
x-content-type-options: nosniff
age: 234502
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 19:09:17 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 3EAA 37 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238403
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:04:16 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 51A1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

43 B
632 B

22ms
19ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNW5hvRFjqU1Qc5TV2XnVOyLPHbLLa-yxvDWQz9g1dg0gWLoSSWyLkUh0sLPUE4K_ITNyTUGP9smEUjJZa79QsPmWwzoQzC2PjkCfvQVyHqtOgvp0tJNmJKpQSkwyabiLggPiq6Q44RgLZpCGY7ipvlOXG0z968PFsdvZyperb4ghrGQbtw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:17:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 51A1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7H4xSCMbGfoMyiTJ6XdgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

43 B
632 B

19ms
18ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNW5hvRFjqU1Qc5TV2XnVOyLPHbLLa-yxvDWQz9g1dg0gWLoSSWyLkUh0sLPUE4K_ITNyTUGP9smEUjJZa79QsPmWwzoQzC2PjkCfvQVyHqtOgvp0tJNmJKpQSkwyabiLggPiq6Q44RgLZpCGY7ipvlOXG0z968PFsdvZyperb4ghrGQbtw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:17:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 51A1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMT0waHzibZ2Ia42qUr39Ss&google_cver=1

43 B
1 KB

32ms
26ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMT0waHzibZ2Ia42qUr39Ss&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNW5hvRFjqU1Qc5TV2XnVOyLPHbLLa-yxvDWQz9g1dg0gWLoSSWyLkUh0sLPUE4K_ITNyTUGP9smEUjJZa79QsPmWwzoQzC2PjkCfvQVyHqtOgvp0tJNmJKpQSkwyabiLggPiq6Q44RgLZpCGY7ipvlOXG0z968PFsdvZyperb4ghrGQbtw

Protocol

HTTP/1.1

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:17:40 GMT
AN-X-Request-Uuid: cdce40f3-5e09-4f89-a03b-9ce81826e715
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 84.19.175.183; 84.19.175.183; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMT0waHzibZ2Ia42qUr39Ss&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 51A1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D

170 B
188 B

30ms
29ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 12:17:39 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 84.19.175.183; 84.19.175.183; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 4f2c80a9-4f17-4ded-9961-5097e9f32cc3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1EBC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

43 B
766 B

21ms
19ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYqYLo4gEwAQ&v=APEucNWw9ojrMJBAIyWBvYW80WHsiDWc32veOTllXB6bJ2WLjraTDVMAYk-a7fV2BpUWA45q4TDeisaersfzyiWVCx-eIUjfOPz6NO1HItB9is2SWDYKYfQMBEdO7_IKY5cQXPREZgaJqz1WrtNod9EwgZOZoD2KCZOvMNU6gy4S1iRLWLSbEA4
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:17:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1EBC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7H4xSCMbGfoMyiTJ6XdgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1

43 B
632 B

19ms
19ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYqYLo4gEwAQ&v=APEucNWw9ojrMJBAIyWBvYW80WHsiDWc32veOTllXB6bJ2WLjraTDVMAYk-a7fV2BpUWA45q4TDeisaersfzyiWVCx-eIUjfOPz6NO1HItB9is2SWDYKYfQMBEdO7_IKY5cQXPREZgaJqz1WrtNod9EwgZOZoD2KCZOvMNU6gy4S1iRLWLSbEA4
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:17:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELmZkALUNPD3QCnWVpudldI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 1EBC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMT0waHzibZ2Ia42qUr39Ss&google_cver=1

43 B
1 KB

25ms
25ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMT0waHzibZ2Ia42qUr39Ss&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYqYLo4gEwAQ&v=APEucNWw9ojrMJBAIyWBvYW80WHsiDWc32veOTllXB6bJ2WLjraTDVMAYk-a7fV2BpUWA45q4TDeisaersfzyiWVCx-eIUjfOPz6NO1HItB9is2SWDYKYfQMBEdO7_IKY5cQXPREZgaJqz1WrtNod9EwgZOZoD2KCZOvMNU6gy4S1iRLWLSbEA4

Protocol

HTTP/1.1

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:17:40 GMT
AN-X-Request-Uuid: 0ab2bcb7-fbd3-4ef3-b705-220077c36e04
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 84.19.175.183; 84.19.175.183; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMT0waHzibZ2Ia42qUr39Ss&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1EBC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D

170 B
188 B

29ms
29ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 12:17:39 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 84.19.175.183; 84.19.175.183; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 937e0a79-ae5a-418b-8e8d-28324b397d7f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE4MDE1ODc1MjkzMjc3Njk2MA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012306200257000/ Frame 3BB8 222 KB
61 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20f091e39a994eac247abb2db8c48d424cb5f3ea8280cea2194168c2bf5f437e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61862
x-xss-protection: 0
server: sffe
etag: "bf95dc6813023782"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 3BB8 15 KB
5 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5232
x-xss-protection: 0
server: sffe
etag: "b6c1e0819a00bf67"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 3BB8 94 KB
28 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28873
x-xss-protection: 0
server: sffe
etag: "75041cf86819093a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 3BB8 5 KB
2 KB 31ms
29ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "5f86339daf79d63d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 3BB8 40 KB
13 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12958
x-xss-protection: 0
server: sffe
etag: "bf1167c9eaa58b59"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 3BB8 4 KB
655 B 37ms
37ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 10:54:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Jun 2023 12:17:39 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3BB8 3 KB
3 KB 20ms
19ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:04:08 GMT
x-content-type-options: nosniff
server: cafe
age: 62011
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Fri, 30 Jun 2023 19:04:08 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3BB8 344 B
368 B 20ms
20ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 81749
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 30 Jun 2023 13:35:10 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3BB8 0
0 31ms
31ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRkpUVd8BpPi95P2bWIrw9mmwfjvKoO-LYhq7MaX65QYURf05Zld46nNsa_1O4K4M079RrVYXoj9YwGBM0lTg2IeF9sZQ
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 6592766407814317453
tpc.googlesyndication.com/simgad/15468127536984677175/ Frame 3BB8 65 KB
65 KB 24ms
24ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15468127536984677175/6592766407814317453

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d95438c776e74dadebde188e24f12639308bd6ff835584ce9c93ea7420ab901a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 06:28:10 GMT
x-content-type-options: nosniff
age: 452969
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66843
x-xss-protection: 0
last-modified: Wed, 08 Jul 2020 16:10:05 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 24 Jun 2024 06:28:10 GMT

GET
H3 200 6653907961971863081
tpc.googlesyndication.com/simgad/ Frame 3BB8 4 KB
4 KB 26ms
26ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6653907961971863081?w=100&h=100

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3075f5f3f887fb74f408b00dcf064416aa12c5b02ca0767f97860d837dcada8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 06:02:18 GMT
x-content-type-options: nosniff
age: 540921
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4146
x-xss-protection: 0
last-modified: Mon, 24 Feb 2020 16:41:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 23 Jun 2024 06:02:18 GMT

GET
DATA 200
OK truncated
/ Frame 3BB8 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c68f834218f3f9e3873165d82fdaab17e92e16fe33ba5783c95491619f78e6aa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B8A 0
20 B 55ms
51ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8589326329828&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B8A 0
20 B 60ms
53ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8589326329828&version=m202301230201&ct=76&x=1&cor=13623238151096652000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4B8A 92 KB
37 KB 81ms
74ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BU8j7xOOB-F2IJGvkESkJMrbGKpZMgSef3nmMJL8DyzshHNoFWl7pwGzTKzsxHA245f2lD7e7ZjVhu1XgJi46lvtY0Usg2EzCxwAxnuTrF9QE6Q-I&cry=1&dbm_d=AKAmf-B3Uys8zKg4O1d_Udw4bc7gtU1TAl0xKObc_yiZ23uvJa2cE38EX6Hj0MEm14yAh_LSnoZNwjMUpmnRS5KHcSAQyE2wuwWrEh9BiwYrs2Z8qYNK_x8mZRFy3Ae-iJnEdoOD_Ii_gV2LuC-uNaSpkQJsY3fIWiXKmlo-jqMtFYm_MkNJhuy501bnRC-jVQ1IYFN2NhQOe0Yhm5LnaBLTzgD2Gl0XfJG6PqcsiUz-_AwaoS7gUpoxD5zZ_3YkWHjWsicVfUB6KQSPpNHudnu39zRpvKdAF8R2mqXEgakRM6nNZMrEsuy7ZbBvOq_OnTyotyZnlHhlfQpUOWl6kEXfWuHjx9uLzaB_KD5SNbvUodmOH28U6Ls4kg2JXu-jfUd8dRWevaH8oLmANv1NL_MT9qD7Qcxi6iAdcj6bTMNU09Ky6XFat14NuUWYKNp8D9zJmu5Aa9i37IoU6SmYZHlf58Q7RLCh2gtxZ37HhkOp2J9tRZ8SzZTe-tOxF3vryt_FbGYXfCfj0q4cQrkjRBClur5mrftMpe2hTeMFCu3qJvQdUT443GeX1Op_MvQXnhR4AWNxu3hgnNIUnwJNDIHTWzl-dR3-ROZW3X4J-YqF-lewaJvBF73O8EcbWxJrwzxUPfMSy_mNci4BWn1F2Rc8ggRS1vO6bm4JhVwjhkz5r98HFWVKGPLgVuGGMJUROvJr2WVbbpuUh_Kh462xCqxrxJY6nZhc6g3ZhW8JeaAuTR33js_4Vcq3Q4lnyc5QQle-Fbgk606cdCjDBgoazeW6MxAMofTzX24FdpjznZ7s8QmUVZGhr_cbyb7vHGLNGCGC9t8BtvjrFb9YwV9PH69EiNludV4Dt9dAu9eVtnMZmvaIjxOCMuRI5dqdxim_da8hl3nz-BDQHeMT_eOolH2OtcRk6RL00Jz_fZspdOXNGBu9m4alEkJwELXkJv2A61mv0aMr89QI5Q0UwR1-xD2OGZ2xWKfL7Hdz0uFeq7z67p_1_xfOCPpMi1taq-0tvCBbQDXwqHd057joxcUVbM3XYIdattNPeQcPA4G2eobTPKQ_lQXko-LBm2brRUloiWuaPlmNz1SS2tkZCrSxTtjDyj5u7x5qIWSC_lC_1BBhhWR3BWCA8CSO0Mr4MFYf7yir57lxfWYV05zxMozAPWgX-VQ9G59M1AGBEk-Qz6VVKDVQ8WVPMmSdwZVA2ejxf-nKMFgg2KB2HsNpIoQQX9riGz_Y68S4ynGVN71odHuCdFkhnoTSaDq6-Sht8bvmSj8o9IwfW9ZhW8W9-KV6unvLZl5O5uAR1IiTN_nxhB2OfHDf3cTBRTFsoHACRq3DcDAO4CtmHMcJYw25Ee2_Hye0PnYEkZdQktDdnA5Lgy5l5oOX85GY6s7uv4_72EgZIPFBJnap88dqC6vYIOwNh5FJj3iH-UqJD2QMIfISD4p7chgXrAPEBZhq4R8F4RFOtntXe0Eg1MDxjC9cQdK9_iE45-2Y0YlqAhKCs1iMy1maQGCqLBA3FEn6QWzErUh_W0my1Bc2dI5TAHhD7y_RgWhthQMJY1L_8s3LWMPS1tYt2Z4lXqCJ-bQj649qR53I4Cag1YqRfIFvtQ-D-sGD8v0sfn2HCfWEiJQD2RxG5DVnhrs5Nqn0HeMSI5vZJiBA__EvsK2dKLt0wqbRAsB0JguHueAnQ9R2wr66zc9bmXhvg8wHbUb7kcYg1_V3MRF7GYmREPZI-auxiRzmr1i7soxwkub77Y1bO7tlMzHR94iIEyjRzmvqntpvpaE_hWFPU7in4xrSIz4poMVTZBUJou1an-sKkF8XGI8o6IdAIWucKQtyGRAslyizzYY75VNtz5h4y_WuOQ-53Tz8I5wg_LvMdnRcWah0D9rS_JDdFEph81Fgs7sT_uPv4pebnH766418C--QXuuaNU91dnmUlMab_7eK4cWERc0oD7KFkje37sGxPP8vQfeqlK1kP_YNsSBPkj1b0_pHk6oKBCTlXigErO3Jc4sL25NS7-sQNNazKkBUoTP01cTU_KNCJMMV0wtI0Da9xix0CHxrSk8li_xNUtHP-AxuUufaWlzKz4DiLBaklw1UoaXcISSYVVtSqYUEquwzJq3NEj2_Xw7OVJNb1fUDyAaxvBPutDXkOr7teHebo4QTLRGWY4EAuWhsk2MCgEuCsbXJUjbnxJJVMe4Hsl_0w3bLFEQ2nL5bQ7PGQouqRgJ_D2EKbCQ8S28qu0ZAIjhgR0Ajojs6sij2IHTpl6BMMJzEPsKk6H36CbH2Qak19BlDNrKplvE2UmVetNqimXy1M7PWez4claAS1KQNtYinlAWO-cgm1Kx0aAHLB-xJYVKrrbfpChzol8KXKWa90bZjpjgsXJkm998anrIZfqpaal5m8hLzQN9BchaZ-LlhFIPXsWT4LMKADks1PWSa1eZuvn8OvNp0g6Pg2ln1q6i7BFVXk7i2mf-AG73Iwtxuh0dLdmFfspVa7chT14aHSqgSb5T0ggYupveVgX1du0JbcDPJjll-IMpYzcQmKC5wz547stARfuZSrrtYkVOvPKcd7BPSz3cG2dmgRsAkvlimi4iTOBK4PINCNaIxYtdQzGPPfkHZv86WukH2zHdolQc4KrSROrLA0hwcGcu7ksk_lNCdirn7uoJRv0_jZKq3GbBhUDYv2N0YWOMOeoeQ4SsLuO1C7FHXcQ9N3eLi3PUnhLoqEUFiZNSMpJvoAOPns1br6aSudNWTW9HaY2AW4MSlCOZDEK2lbp4n2IIpBkrZSOEyxUvKHQAfBg9uMWIH65zBzjPOj0MEculx6dmM2e_4rOZQMP81wb4XgvTYijKb5UQxWFTc_FhGmEB1Lu9gWI77e2029mqDwNtavYGLEQt8cEvk72oTJT-BPl6r_Tdb9SfI5CI0_zrbj6MXfsXVT3xAlssKMWmI8byySeeT1HtQvdH6EicUyK01QL4cHFNfmI-dGCWrSIhpJcscrvgHPpK9dyq9ChsyCZI2SjnnB2c5Caf3f681X0REiNbBFndx7YrniSz46PYIksPc12WltHYOM0q6UlQvNB6QxSSve4k4qpw0jcIkus7HAtyrxg011kflsgu5MrDQ_UFVxrHwsjTD69lP_ptFm4YI8xK3diUJm0gR-SlrxpHKeMhzxrOv_hrECOmmX4tZ_eukZt6G0YzWx-kz3vaQKfiE1cwvRxNmhgD9VDzu5hpa6cpgqsT0pVM2B3kfMnTtoTnooBX2onlShC5zOJrwwjuPHw5N8M1E5jGKp25X2bZwFq3amq1JAbKTLLx8smYDlQjv0N61W_HDvAtJ6UDjNOPyZk5zoje79XwKMIwxoQf8Cajenz0Hderb-9k2snnmiENtyvdbc95YDZrrvWEulRxjrU9wDwY_OwcyBX3p3TZVXzuzbivWJQqnHIsFTXaxNZf4qwLjDh8s3jVr0t_Myq4ZjbObxL5YofL2fF8mH_kC_Th-YxLii0TgQWQzXuXNK4_Tz15-WUOKI4os9AS7EUbIOPvrl-vgQbYSjjz4FP_mby5L-hXGsCvTg_6tPDCVmI5ef0e1qO3lkG5dYFw5flQc6P1iSLa9Ysg-KahuKF_SvUO6B8N9FGeV0Br77iGeOYNHBmXYW9K1qoPbjniVwdt6dbZP4zuTx8sfT8aisy4qArJJG5vh7LGSm5jE2VArJk-FCBvyrDxMoVEw3rXh_MukwekxvBRPtAr9mH9j6yImX8kZRJR4hmzeFDjo3ybOsXFH0zXj4yuTtBE&cid=CAQSOwBygQiDq3aVtHTnrzSpXF44uPfVAwraAvZi0dNwYsFX4CPOaGYYOz67MZQPZzXphFCZKzl92fMquk9NGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13623238151096652000&adk=2465470143&idt=103&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28cc4dd52768269f5a4f1717554bbd34a68421586a569aa0e5c2542cf777b79a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37838
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DCF 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1658030621997&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DCF 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1658030621997&version=m202301230201&ct=76&x=1&cor=13528083759159663000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5DCF 92 KB
37 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CArkS1wzjs-GPHiuzFmXih00VLQ8gujPRGeAjAmbis2f9347qJ7X8z41DOxwn2YzbkuK0y4ya40kNKUJu29wi7udaVTebTml2OqBZud-oyRSZzs_Q&cry=1&dbm_d=AKAmf-BZ1qEd47O4r7kymH8_S17l94j3EShIZG04QUlAcCQrNQpIE4dqF2wtnFgHWo-d7ZbYJ4gRBEVnSWOyMPPxQwcq7kZOBUVpVA_Yc2QomoLTjwinXo23izt75-jfBgHlLwoE_gmzi9vUnvPHUYqgHrbqRYUGKKjLrvkr21C66u_QFINy6xdqQahqSb5BzjPFLHlCH_7IKhI-rXh7ffVsxoU-7qsuLYIvJ3ePRFSPW_cfvEt7olalrOE9xaY3-fuyVfTBWlpb5gwHel0_qWb14me5Oj2MvLPhBPJ5VmDUcxoHIhtusM4bj72AI301dejcoIzacm3MRCi4pl7FOsEmyvXO_keRF2TalLXp5zCloeiUpzcU6QD8TSXu3CSgMPn7eAFRM4-SV5g99aY17EoGg9g5Yq21qEKrCZH6BL-uMcfhqprDi3sDDnLMMAcnbTXxTcAGbwtP18r6L18Yad1CDsGad_D1OGQQNfGr5AHjlfD1XqJF50mT58qgBsIlv8fstrttmzdUnZ3nrtMmrvGMxo7ZiBzNS-mZOs113cIHVNFg-IUr1kAHwTFpz5Qq72xsKXkyoJIUQ4lPMl5jubFaCjV_EDmDaTXTeZAKRr0kCIB_4IVmPBy9Mzh5bqtDXkeVlG3WWyG6w5PsZ1CEjnQpFfyP0MQeW2BwM09cezBOqKY5tn0f0uhsHBo4YGnU9XKvqgkpxvgRnfQcnN0V8VmgO2hpgCBqCAxUtUgU2Pj4SW-9XWbXwEb7RxXAJDWSlyCrUHM1Fx6913FBNc6ZEJJtchNX83ipNMltEIwiDD0oWm-2XXqwvg2-ygrYA34qmWpbuM1_wHiXNMizIvE6ca0v2nKAXJY04wMPR8l3A_wS1_5SuE0bPK3pzscr8mpcCgd1OjtWXHYnlVVsiUzd61AUs3eTvbrUdP767_sEvUsroXnIm-psByg-_gRz1t12da6tSMnNEZYse_ElOAAuzG4n-ZlT0ZDR8wMZr9wwFd8wUesw61OjdJokX9CbV6RHmLpc7PoIgZsnJuC5l0DrfR2DWnXZaE9Bofr1Owy6Gveqdw6ERFJhHBXk7yJWxjzBSVTLx-GdOEROuJC77xcmKWdypHPI-70RTL10m43i_rWKycm8lT9Gq8LYe4AySEVkr0GFUnY4CJt0iu7McGqTTT2ZS_c44CEM5jpPihHRjc16Y2nY_U7J3vrazg8kDvqpS1ITHoEcM3dqneAkGLmUZ1ebXALZDZ5Ei-TGlZzVmR4seWcxe5mylpQMsNe8XKWfIvDMD7ZqFcEaWNqkdNQocrgbS8u7_xF7Tffb11ron69qD_RyN0mXKYdBGW6fBGbc91zgcl4pHWqdViY7iJLLDaowRMBBDrD3f94bFnGzbXQBqPuXA6m3W-qpU0SOtm-5forg9zTVnjSd0YTEeadJXrkn-0aR-gQRwpshYi7of-ZdXxyTwyyWhW85ysg4vLVMdjcBv2dLR5AWFARiUtQjT_xz5mDBuXsSUARVmr_9jVe3kiW35tjS_q3KNWznY1xKyrdaBW8ZEWeUh0eG2mwC1aBbHK1gf3g9fPmgzVS-ua4cbVKdHzRrncCnZbaAJLzlRiC0AhO9JWGe40A_XPkKlksoxeuhWIbIT6zCvCJUKFXS7SkLpw48Qn52cbm81qHSb9bhpzO2lKRRE50VCmwpxIdJmm4z31x4lGhEGfB0oXDtQz17QGPGvT5MQAHL5JJglkybpemZd1KIgFa4hv3da_h1TSDyWETF7uBBZbfRn4cOOwxy2iZ9kX3KULc4ZoAqitS1UXndMugmqMoFmEFic2hlA3Y8M7NPRmdi3oKa9GZ6Oq_Yuv32TUNyb-IikwUeSK5xRO_5tcYxYnnV7O0SdanT2apsQCPZAgGQdJReCgsxJUi0n88L7kqrc432EhoT1d43NjHNWZEJc-LClKTq9-ptmcn55w1KMv6K2yIuAAF452LeVSXKDIFCY6_6jS1gjywJQt2TbartI6jNWxS0rzw38OSP3BozajctJN_bFh7n_KB2HxU0NKbYrrVJ6WtDssBupwUXOapJ4_ne4WHlYelr8KPjWPuG82WR7sP8ntItsD4c19zRKekqUS7iC35Pb6RO6GeARXDpZnfTRPQCBac_BPxokGGLGc4K_XPlSOxTRiAOxoObOlG6Hvz_SExM0xAEcbk_8nmHDrRjRcxJ3Mzhbg6fpkTlRZzrUTR5ixUb1_bDGZluqTTVPeHtbvGF5FvBykhknaCs_daqwOL8Xcurg_RZjSrCOdINWUb9wlkAGMGuH3arEuf02_2byPIAryVksQld_ZQSOLpYHlcGqHFElxs-zh000-CIsSZc6zPHiKOnirN3PW5-9uT-CuM0Ylt5OT14SjKdCQVM0RKwttWBdZI5ZeOvq8Hn1vAtvDnUHZsALC_rwdY6zGdnoU6PfKRhZ_P3hkPCRaMt04i8ZxREd5jDmLS0U9XIuttsoOYrTMPOj0eqzHn-MblNn63iC8XA2BETgYcl084feY1t_NthCsNWi7rZRQ8q_8MpjrcFSLOawK92UXW_gxhlksodjWkZRF4WoUrCLoMjQhV9ZYPmJyMaN8Drprk6F303EtzVLsYZB434g2lZIGUVyoQjR9mvLPhrJ8OPQVCAJDkZl74Tinv1RujKZFn3hmraMoki9e6SVRpcEkFtlOrQcNf_mUUVSojaTBQpBLUBeaKL5SfF9tygpOCRD0ixPEDRzPO9Y3eO8-CwbLMPlcfj6JnO9ZhB7lGaHM9Xl2-VeAnlv6OQwsKg-2vh0RUelhrLocBq5dzQiyxUCGA07b4NmLByWJG4lX-LqwPeYd2y8T243R_33dQGJNtyBEyuVtazDH_XzxstwGbJc3jlhXbKZuWGwXmzqUJQE3M5gpkx1ZdXOxVEKLRGiu7ees0fU2V2AyQcZ9jUaQgAc9FVQKTcM1VtBxAiesqIY8fxJDmGaJtLiKKoPovNp4YK00QH1a_OYAe6HT5IRLYhLOafv4PGBuH9U5ze_webyH1suoTI85wUgnb8QP74u7WPDDcZu_0p8J_xDvh2telehyQsnZK8UJ6auTmZgVq9C7BTGnP_i5bY3yO3yR8lwMmHePovB-ZqGKu6xTyooclDgPZRyBpIb4Jm1QJvEBzEApTkhKVVSMyHXpLCDU10hoFWF5_kcaqZbaFHi7ytt4o1fA07iaQDFJqxhR6Tvk5acHj-oJwjpQISlrUncxCQtfppNJ2LwU8apcmMfUUAoHCCP-Rx1CumhSR-U3w3YaT2GEn6t4fNsYJIB4_EZ9HnNqNnD5N1UiusUx3vZsRoGQd1JQRg0YgPBzctEKa_C6HgxR2hGjX7gr5FkeB4tWM0Jd-Bg6AzhOuWfYqQx2Q71AzDs0DDe3HcEOPUCJ_wCCkPsxultfI0CpFvsHFl0FN6XB0jBcDuBTmxp39EneJG4exUiOAaYuTtJy7vuJqNUqIKeso7uoasUNAJkc9vtuJ1kj83jV3B1hdyJ3vhD3fc3Shpe71L1w6TtxvfdsXR9RxhmmBcEmj1aSDUM-V6x-Z0kH3cMA&cid=CAQSOwBygQiDksCD-26czTqPaJ0sG6PT2d3_52Dd7CVWPxprdARqPWylSXouLfZ5EB4w5XfSIotyX5TAdZClGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13528083759159663000&adk=212707235&idt=152&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2bf03b00609a400a0967cb914b59bde9ae676e5ffc51e23b7f7073e79b50167a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38122
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F5A7 172 KB
61 KB 63ms
18ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Origin: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame F5A7 11 KB
4 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B9plfVph7jrcfMlfg6Ams3wTF54XXZGzDlxluEdYEBiooWVK9a_s04SWTxIuf1-rkhriy4h5ufhnlN9WeLXq4PS0g4PvDzXcaJs98ShkptsdiE-Y0&cry=1&dbm_d=AKAmf-BOmvbDQDsPd0aaBCiGXURiBSRH6Tg7NAz4i9auzChVVU7yr5OTVRyeJDmZG3lVsu-yT1w0z4UkZkp_83J1Z4SJHU4codzePGPZDFaLfCmBXHEPvl-mrMRcvA0wqMcgG-yJI0iZU7nLucSy9BEGC8JKkIWBfJ3rx5Ec6Gx1HYU7mGFov6p4PnNh8tqFXdFq5cvgtjMnwvUx6vep2AixrdeP5qaLaozYSbPUti_LJPMmw-G6c2ETaCLHWAdqO5BB7vLqUw7SYvsiHBuea-Ob4GUYtPTAVeg5lJ-lMw_B1nIIDUI3hZG4qNNUPdMjvUI0HMiFitD7RT80gtSbs0eCIkExSZzsfl8epfuG_W96UnmXUsMDKTBUScrUqF567wQDxeFO68tBY1k2ZV1P_Zk0oaCKWHReC8htD0qj8pMEyqw-6nTEHNyIMZAFmNOav3JcPEHp9BAnm94_UjSmG2cTghJHq-qAVjsZItwrsnB1Yw0_RH4t6l17T1qP00WfPqcn9BceMlJCZKN5C9M5ZvTur7QhjGbSLz0EcBMCVjcftsEJnP0Gkmo8RPGLYePeg8DL6Me_iicqLYj46schwoJ9Sqh9l8Q7ZWzWwwkVRK3dVJUKCnklIOWozMvf8l6V3tn4SJGXKQwRB7pzLVdwo7eSecoNRtJcb-AifgyNEYFFLhxBhYMVNdny2KCse2xcmQVf9eKFnmjxc3O8gRj-46UU0ZiHkLIWeh8VV3JIv9D4x3EcY3AIJbdOKNs5K6XOEb-x9hcDiqCvUSsfjSA6V1EFIyS83Q-ywfdpfMxP1LbvRkwowXEFrb6SNK8R0Y5j6Lsf2XDtbjxXjR0PZZMcka5i5HOsuNUiQbvSYo0u_KrhE1nokJ9-8jSY-4IJuT6u4f8GiECxR5_JprcK3LtyyzMfO2FUFyVWrNBPRfv-rlGTLh7g7TdPqrZSNI83mCaEyqQbS9KafoXGK37Q4LcG3GUBRfBxJ_Leu77od2mYXg1MyIFOqA-VYaa7nFkyH5DWIrXSiv9K5X31n6WkniKI3Jfmf2I1bK10iWGDgEu9D3DCytso1VatYZeNTE65Vt2BfkF11Mv5m5xIVlxYdNUQPEJDfG_d2oWOAxepdVN9gW_TClV8XNBE3zfzXwRyQulegMWNLQ5xnGbHUHh44UcrLjQMnY9APTJGDEF0aWbDX6SRsUpF1hQRsII9xbRCldWLtTvN-NeyWN2HwUKoGUQW05-LzU22EQl-yrGhnvLDamvWAATCKfvM0pch_JLpQ7KWR5tDnQg6j9QfcxkZ_ZWUoCgMcwKdtoh4b5MrbhvZsILzJFXHkvmE5WTXzfOKMDv-VHlbmVSbPLurWWZhDKg6SGtlAdMrg88tDhNbXFSTAMW6u_lWXgf_ANUgyOb8hvc3BksTvaML1pCcRz5NoBXHM6mBOAY8-surQTb_uUru48Dt33A1oJilfO2vXa4-KLO2hbne-5-cMUEtVP5MTEXGBKrqLzbqU3WQy0DiKlEZyNW4eTllNmVXotkk3B5eW7hzLh23OPZQYWRKGa1GnN0FM3zhzkB7TlKuTJHukQQ2SBnsCSve7vyxr_8b7MxcnU_eek_VPiTYYeLhRnuymqefXOq-TWD0Jb2kjeFCpAfkdGB2yVaKf3fOPi-bc-KfgUENMUvO7bqSBsOsw6qqehmiWAspu8ii1TpudxMpQFD4Sr48vRfWuGryZeRkMfF49teuDPuseewsDd20PQmVhfhdeQrlU4kxNzIrsESewOUgyahIGpzWlWXNpRC95ouQWBP1iNp9D2RrVEyKVaYN7gmW6DmBVCLT8ejrVIrjFc7DX4nvk9TCdkmL40huhxHKMTq5p4n5Dz1i-Z4OOT2YCeoHYd3Y0PgyZEuRH5CjrSPr8MP7wt7-IJU0edS8LN79ljUzASTGUPCz3QIYXAGGQaOpkUy26DOrH9W3hBIj0CGg_NXct1lAayUIRy1wOvn1GaDv8ptaZhMPji57m9mhQSBQOR89X7GUhFD4ulJJ8xXefLiOeqZUQ5Z4dSKmFbZ0yJ74veGyJoE9010VPKeL1tjC48MFiACLb6S8Tg5PDZs76_JpHy_tKMbYiNeN7u9tCayaqHtz2NI9XY5bZJqghgDPHQx4gT6v36jY9dEDY2Al8C6vTUT49b-3lNUVdp9EWnjo1eIdQt7ZXwPPQrZVMLmxrmNV5Gjcn_qfpqoVHp8nO0KiW6YuOxZQTCg1rm-52A6KQO4syQ7I3barhEPphcPIntoBMMNSoyy9XPzG93YIgQQOCoogL4KqVaGQo92RgbdHKhb2AdMegFD961EhzkrWb6qSvTZlAakZEdDZXNyWQvzGA2fQ8M62whDNIuWDUv3jHvHg8japz_xG2terol15B7TEAPV4rQM-SchcYeunJvqeBnlBw0Zh-rObPFdSxq1qlLL2qnBLuQmOiLuhp-Db912CZPW_FJSsQgEejahaTkGzVrqGSbYYLE9C5GpnQ-m8sVb91VyOOc1PuGDJPneh242FTni22o98MDbiE9_kVRLoRvT7YjjGhzx_oUNtMgNomzYv21SSWqa-oPCoDolX4e_ExlitCXL7OkYSCMzt_EbrCFTAYPQz1zZ50Dqbi0tsC6yQ3kfIqOrM7S01OEDLa_wZUDvjPgBhyuWnLw4q0QHi2N4uHcOj14e-Kg9RS1hKRdRJfQSJWWhUBE9Qz0HyQt0BnnzojNykwE0RU2ZHDyGlSK47chbFaeZLW1z2IqGVerZbSidIDbv3w_04sbT7R0I7tUHvyZW3J3FcZq4htO2CcyHUE48HQBiPkm_X7S3J-xAQR6Jhip8qfGOmGwI29fVMXxW34W51NpewnYbI85jXKsWeaOwRMWYFD9OPrklPWMo-B20TQh0IETKkMXsmo6VGLxOMQy_hbzoGgXX7v8JAgDs60TyWZKNdtmcvIcGgBY20DWFOTYLS6L8zbbwVWwoy1Koz7ju4ZMnEBem1RD2KOYU9TcDXskTfk2eo9bW8OSbNpmsiYI3i_Uz1yzyfywGMwrA777_K6jz6ehnM0SnFiilWRdvKb3hXtLn3hjYXezp_r73ZuuQRp7t2GHm7aKW8XWd8W0BLiCZiisRSQkBesUCVwPygScrEAU9UFPvZfelBJxmViTijiR9tk2Epw8jYl21n3EnwKJeiOSPTDrYP_3Tvx6sj_Muz8FruDlPxP611mnG5iKsW17vxtLzBCEa63if25jDzSqsQL4jWRICJPI5W_92084JpwZXowpDM3tM1vMB3UG7qqKQLWSiS_Y60JWJIV3euvUxZq8ZRNAHKm-jBBlsXEymAmiH-E656fGGn8F5wvnu3oDzRdgOf2K9yXqhsqZ9H2lJsJSamS8c_iURM6M8uuYIPZwpZulv0pmBG2PU4lG-R4JcmHEusJDK4INc35cRt9B9CEZrEGRKiQkijCeKfNmXpdyK5g98SXEci159pOXtHVJvgIu4-4gGPCpWhJ9oMbcXWl68eFG5hjx2WxCOsv-Z-89LJagWoPbJh0PZVPNhkWvuFvVdE2mMvaIRCoF43ZsVyFlffC3dQwK2YcXPuCQ81U5sQfpT8mnPxE3O9n-WB-O4Lybc1QQD8eHzcTrhTLDy1KpsuaUA-Ec2IKcE2JC5ZwQI-Tg51254GLvujMybAK0AUtP1AKvDE1e6yZoy7vbtlWs172gtlSYVC-7uRSn4V6i9MG3hdS1PkaYVY8V4JKAqmddSDIgFKlJ-b_pdmgp_L8ogAuNpE_1MO2AyDMiQ&cid=CAQSOwBygQiDVcAvnw1UBRTkkFF7WLfSP-oz9k9bYpMx0wfxwlMz2P76Fs5WFKm0fa81Nkbl0cjgzxsNWge5GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13831153620124797000&adk=1599433117&idt=130&cac=0&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66133
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame F5A7 30 KB
11 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66007
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F5A7 41 KB
13 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 191290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 07:09:29 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3C5C 0
0 53ms
53ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306280101&jk=50675476267560&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4AE3 3 KB
3 KB 18ms
18ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/032306202201000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:04:08 GMT
x-content-type-options: nosniff
server: cafe
age: 62012
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Fri, 30 Jun 2023 19:04:08 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4AE3 344 B
370 B 18ms
18ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/032306202201000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 81750
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 30 Jun 2023 13:35:10 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3BB8 15 KB
16 KB 19ms
18ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 501205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 17:04:15 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3BB8 15 KB
15 KB 21ms
21ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 550033
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 03:30:27 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 659A 1 KB
643 B 19ms
18ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16888
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F5A7 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65ce40b30b215322d0b66afacd9d219baf10af7723579b5306a81fec0339acc2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 946D 37 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:04:16 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4B8A 172 KB
60 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Origin: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 4B8A 11 KB
4 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BU8j7xOOB-F2IJGvkESkJMrbGKpZMgSef3nmMJL8DyzshHNoFWl7pwGzTKzsxHA245f2lD7e7ZjVhu1XgJi46lvtY0Usg2EzCxwAxnuTrF9QE6Q-I&cry=1&dbm_d=AKAmf-B3Uys8zKg4O1d_Udw4bc7gtU1TAl0xKObc_yiZ23uvJa2cE38EX6Hj0MEm14yAh_LSnoZNwjMUpmnRS5KHcSAQyE2wuwWrEh9BiwYrs2Z8qYNK_x8mZRFy3Ae-iJnEdoOD_Ii_gV2LuC-uNaSpkQJsY3fIWiXKmlo-jqMtFYm_MkNJhuy501bnRC-jVQ1IYFN2NhQOe0Yhm5LnaBLTzgD2Gl0XfJG6PqcsiUz-_AwaoS7gUpoxD5zZ_3YkWHjWsicVfUB6KQSPpNHudnu39zRpvKdAF8R2mqXEgakRM6nNZMrEsuy7ZbBvOq_OnTyotyZnlHhlfQpUOWl6kEXfWuHjx9uLzaB_KD5SNbvUodmOH28U6Ls4kg2JXu-jfUd8dRWevaH8oLmANv1NL_MT9qD7Qcxi6iAdcj6bTMNU09Ky6XFat14NuUWYKNp8D9zJmu5Aa9i37IoU6SmYZHlf58Q7RLCh2gtxZ37HhkOp2J9tRZ8SzZTe-tOxF3vryt_FbGYXfCfj0q4cQrkjRBClur5mrftMpe2hTeMFCu3qJvQdUT443GeX1Op_MvQXnhR4AWNxu3hgnNIUnwJNDIHTWzl-dR3-ROZW3X4J-YqF-lewaJvBF73O8EcbWxJrwzxUPfMSy_mNci4BWn1F2Rc8ggRS1vO6bm4JhVwjhkz5r98HFWVKGPLgVuGGMJUROvJr2WVbbpuUh_Kh462xCqxrxJY6nZhc6g3ZhW8JeaAuTR33js_4Vcq3Q4lnyc5QQle-Fbgk606cdCjDBgoazeW6MxAMofTzX24FdpjznZ7s8QmUVZGhr_cbyb7vHGLNGCGC9t8BtvjrFb9YwV9PH69EiNludV4Dt9dAu9eVtnMZmvaIjxOCMuRI5dqdxim_da8hl3nz-BDQHeMT_eOolH2OtcRk6RL00Jz_fZspdOXNGBu9m4alEkJwELXkJv2A61mv0aMr89QI5Q0UwR1-xD2OGZ2xWKfL7Hdz0uFeq7z67p_1_xfOCPpMi1taq-0tvCBbQDXwqHd057joxcUVbM3XYIdattNPeQcPA4G2eobTPKQ_lQXko-LBm2brRUloiWuaPlmNz1SS2tkZCrSxTtjDyj5u7x5qIWSC_lC_1BBhhWR3BWCA8CSO0Mr4MFYf7yir57lxfWYV05zxMozAPWgX-VQ9G59M1AGBEk-Qz6VVKDVQ8WVPMmSdwZVA2ejxf-nKMFgg2KB2HsNpIoQQX9riGz_Y68S4ynGVN71odHuCdFkhnoTSaDq6-Sht8bvmSj8o9IwfW9ZhW8W9-KV6unvLZl5O5uAR1IiTN_nxhB2OfHDf3cTBRTFsoHACRq3DcDAO4CtmHMcJYw25Ee2_Hye0PnYEkZdQktDdnA5Lgy5l5oOX85GY6s7uv4_72EgZIPFBJnap88dqC6vYIOwNh5FJj3iH-UqJD2QMIfISD4p7chgXrAPEBZhq4R8F4RFOtntXe0Eg1MDxjC9cQdK9_iE45-2Y0YlqAhKCs1iMy1maQGCqLBA3FEn6QWzErUh_W0my1Bc2dI5TAHhD7y_RgWhthQMJY1L_8s3LWMPS1tYt2Z4lXqCJ-bQj649qR53I4Cag1YqRfIFvtQ-D-sGD8v0sfn2HCfWEiJQD2RxG5DVnhrs5Nqn0HeMSI5vZJiBA__EvsK2dKLt0wqbRAsB0JguHueAnQ9R2wr66zc9bmXhvg8wHbUb7kcYg1_V3MRF7GYmREPZI-auxiRzmr1i7soxwkub77Y1bO7tlMzHR94iIEyjRzmvqntpvpaE_hWFPU7in4xrSIz4poMVTZBUJou1an-sKkF8XGI8o6IdAIWucKQtyGRAslyizzYY75VNtz5h4y_WuOQ-53Tz8I5wg_LvMdnRcWah0D9rS_JDdFEph81Fgs7sT_uPv4pebnH766418C--QXuuaNU91dnmUlMab_7eK4cWERc0oD7KFkje37sGxPP8vQfeqlK1kP_YNsSBPkj1b0_pHk6oKBCTlXigErO3Jc4sL25NS7-sQNNazKkBUoTP01cTU_KNCJMMV0wtI0Da9xix0CHxrSk8li_xNUtHP-AxuUufaWlzKz4DiLBaklw1UoaXcISSYVVtSqYUEquwzJq3NEj2_Xw7OVJNb1fUDyAaxvBPutDXkOr7teHebo4QTLRGWY4EAuWhsk2MCgEuCsbXJUjbnxJJVMe4Hsl_0w3bLFEQ2nL5bQ7PGQouqRgJ_D2EKbCQ8S28qu0ZAIjhgR0Ajojs6sij2IHTpl6BMMJzEPsKk6H36CbH2Qak19BlDNrKplvE2UmVetNqimXy1M7PWez4claAS1KQNtYinlAWO-cgm1Kx0aAHLB-xJYVKrrbfpChzol8KXKWa90bZjpjgsXJkm998anrIZfqpaal5m8hLzQN9BchaZ-LlhFIPXsWT4LMKADks1PWSa1eZuvn8OvNp0g6Pg2ln1q6i7BFVXk7i2mf-AG73Iwtxuh0dLdmFfspVa7chT14aHSqgSb5T0ggYupveVgX1du0JbcDPJjll-IMpYzcQmKC5wz547stARfuZSrrtYkVOvPKcd7BPSz3cG2dmgRsAkvlimi4iTOBK4PINCNaIxYtdQzGPPfkHZv86WukH2zHdolQc4KrSROrLA0hwcGcu7ksk_lNCdirn7uoJRv0_jZKq3GbBhUDYv2N0YWOMOeoeQ4SsLuO1C7FHXcQ9N3eLi3PUnhLoqEUFiZNSMpJvoAOPns1br6aSudNWTW9HaY2AW4MSlCOZDEK2lbp4n2IIpBkrZSOEyxUvKHQAfBg9uMWIH65zBzjPOj0MEculx6dmM2e_4rOZQMP81wb4XgvTYijKb5UQxWFTc_FhGmEB1Lu9gWI77e2029mqDwNtavYGLEQt8cEvk72oTJT-BPl6r_Tdb9SfI5CI0_zrbj6MXfsXVT3xAlssKMWmI8byySeeT1HtQvdH6EicUyK01QL4cHFNfmI-dGCWrSIhpJcscrvgHPpK9dyq9ChsyCZI2SjnnB2c5Caf3f681X0REiNbBFndx7YrniSz46PYIksPc12WltHYOM0q6UlQvNB6QxSSve4k4qpw0jcIkus7HAtyrxg011kflsgu5MrDQ_UFVxrHwsjTD69lP_ptFm4YI8xK3diUJm0gR-SlrxpHKeMhzxrOv_hrECOmmX4tZ_eukZt6G0YzWx-kz3vaQKfiE1cwvRxNmhgD9VDzu5hpa6cpgqsT0pVM2B3kfMnTtoTnooBX2onlShC5zOJrwwjuPHw5N8M1E5jGKp25X2bZwFq3amq1JAbKTLLx8smYDlQjv0N61W_HDvAtJ6UDjNOPyZk5zoje79XwKMIwxoQf8Cajenz0Hderb-9k2snnmiENtyvdbc95YDZrrvWEulRxjrU9wDwY_OwcyBX3p3TZVXzuzbivWJQqnHIsFTXaxNZf4qwLjDh8s3jVr0t_Myq4ZjbObxL5YofL2fF8mH_kC_Th-YxLii0TgQWQzXuXNK4_Tz15-WUOKI4os9AS7EUbIOPvrl-vgQbYSjjz4FP_mby5L-hXGsCvTg_6tPDCVmI5ef0e1qO3lkG5dYFw5flQc6P1iSLa9Ysg-KahuKF_SvUO6B8N9FGeV0Br77iGeOYNHBmXYW9K1qoPbjniVwdt6dbZP4zuTx8sfT8aisy4qArJJG5vh7LGSm5jE2VArJk-FCBvyrDxMoVEw3rXh_MukwekxvBRPtAr9mH9j6yImX8kZRJR4hmzeFDjo3ybOsXFH0zXj4yuTtBE&cid=CAQSOwBygQiDq3aVtHTnrzSpXF44uPfVAwraAvZi0dNwYsFX4CPOaGYYOz67MZQPZzXphFCZKzl92fMquk9NGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13623238151096652000&adk=2465470143&idt=103&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 4B8A 30 KB
11 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66008
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4B8A 41 KB
13 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 191291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 07:09:29 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 5DCF 172 KB
60 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Origin: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 5DCF 11 KB
4 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CArkS1wzjs-GPHiuzFmXih00VLQ8gujPRGeAjAmbis2f9347qJ7X8z41DOxwn2YzbkuK0y4ya40kNKUJu29wi7udaVTebTml2OqBZud-oyRSZzs_Q&cry=1&dbm_d=AKAmf-BZ1qEd47O4r7kymH8_S17l94j3EShIZG04QUlAcCQrNQpIE4dqF2wtnFgHWo-d7ZbYJ4gRBEVnSWOyMPPxQwcq7kZOBUVpVA_Yc2QomoLTjwinXo23izt75-jfBgHlLwoE_gmzi9vUnvPHUYqgHrbqRYUGKKjLrvkr21C66u_QFINy6xdqQahqSb5BzjPFLHlCH_7IKhI-rXh7ffVsxoU-7qsuLYIvJ3ePRFSPW_cfvEt7olalrOE9xaY3-fuyVfTBWlpb5gwHel0_qWb14me5Oj2MvLPhBPJ5VmDUcxoHIhtusM4bj72AI301dejcoIzacm3MRCi4pl7FOsEmyvXO_keRF2TalLXp5zCloeiUpzcU6QD8TSXu3CSgMPn7eAFRM4-SV5g99aY17EoGg9g5Yq21qEKrCZH6BL-uMcfhqprDi3sDDnLMMAcnbTXxTcAGbwtP18r6L18Yad1CDsGad_D1OGQQNfGr5AHjlfD1XqJF50mT58qgBsIlv8fstrttmzdUnZ3nrtMmrvGMxo7ZiBzNS-mZOs113cIHVNFg-IUr1kAHwTFpz5Qq72xsKXkyoJIUQ4lPMl5jubFaCjV_EDmDaTXTeZAKRr0kCIB_4IVmPBy9Mzh5bqtDXkeVlG3WWyG6w5PsZ1CEjnQpFfyP0MQeW2BwM09cezBOqKY5tn0f0uhsHBo4YGnU9XKvqgkpxvgRnfQcnN0V8VmgO2hpgCBqCAxUtUgU2Pj4SW-9XWbXwEb7RxXAJDWSlyCrUHM1Fx6913FBNc6ZEJJtchNX83ipNMltEIwiDD0oWm-2XXqwvg2-ygrYA34qmWpbuM1_wHiXNMizIvE6ca0v2nKAXJY04wMPR8l3A_wS1_5SuE0bPK3pzscr8mpcCgd1OjtWXHYnlVVsiUzd61AUs3eTvbrUdP767_sEvUsroXnIm-psByg-_gRz1t12da6tSMnNEZYse_ElOAAuzG4n-ZlT0ZDR8wMZr9wwFd8wUesw61OjdJokX9CbV6RHmLpc7PoIgZsnJuC5l0DrfR2DWnXZaE9Bofr1Owy6Gveqdw6ERFJhHBXk7yJWxjzBSVTLx-GdOEROuJC77xcmKWdypHPI-70RTL10m43i_rWKycm8lT9Gq8LYe4AySEVkr0GFUnY4CJt0iu7McGqTTT2ZS_c44CEM5jpPihHRjc16Y2nY_U7J3vrazg8kDvqpS1ITHoEcM3dqneAkGLmUZ1ebXALZDZ5Ei-TGlZzVmR4seWcxe5mylpQMsNe8XKWfIvDMD7ZqFcEaWNqkdNQocrgbS8u7_xF7Tffb11ron69qD_RyN0mXKYdBGW6fBGbc91zgcl4pHWqdViY7iJLLDaowRMBBDrD3f94bFnGzbXQBqPuXA6m3W-qpU0SOtm-5forg9zTVnjSd0YTEeadJXrkn-0aR-gQRwpshYi7of-ZdXxyTwyyWhW85ysg4vLVMdjcBv2dLR5AWFARiUtQjT_xz5mDBuXsSUARVmr_9jVe3kiW35tjS_q3KNWznY1xKyrdaBW8ZEWeUh0eG2mwC1aBbHK1gf3g9fPmgzVS-ua4cbVKdHzRrncCnZbaAJLzlRiC0AhO9JWGe40A_XPkKlksoxeuhWIbIT6zCvCJUKFXS7SkLpw48Qn52cbm81qHSb9bhpzO2lKRRE50VCmwpxIdJmm4z31x4lGhEGfB0oXDtQz17QGPGvT5MQAHL5JJglkybpemZd1KIgFa4hv3da_h1TSDyWETF7uBBZbfRn4cOOwxy2iZ9kX3KULc4ZoAqitS1UXndMugmqMoFmEFic2hlA3Y8M7NPRmdi3oKa9GZ6Oq_Yuv32TUNyb-IikwUeSK5xRO_5tcYxYnnV7O0SdanT2apsQCPZAgGQdJReCgsxJUi0n88L7kqrc432EhoT1d43NjHNWZEJc-LClKTq9-ptmcn55w1KMv6K2yIuAAF452LeVSXKDIFCY6_6jS1gjywJQt2TbartI6jNWxS0rzw38OSP3BozajctJN_bFh7n_KB2HxU0NKbYrrVJ6WtDssBupwUXOapJ4_ne4WHlYelr8KPjWPuG82WR7sP8ntItsD4c19zRKekqUS7iC35Pb6RO6GeARXDpZnfTRPQCBac_BPxokGGLGc4K_XPlSOxTRiAOxoObOlG6Hvz_SExM0xAEcbk_8nmHDrRjRcxJ3Mzhbg6fpkTlRZzrUTR5ixUb1_bDGZluqTTVPeHtbvGF5FvBykhknaCs_daqwOL8Xcurg_RZjSrCOdINWUb9wlkAGMGuH3arEuf02_2byPIAryVksQld_ZQSOLpYHlcGqHFElxs-zh000-CIsSZc6zPHiKOnirN3PW5-9uT-CuM0Ylt5OT14SjKdCQVM0RKwttWBdZI5ZeOvq8Hn1vAtvDnUHZsALC_rwdY6zGdnoU6PfKRhZ_P3hkPCRaMt04i8ZxREd5jDmLS0U9XIuttsoOYrTMPOj0eqzHn-MblNn63iC8XA2BETgYcl084feY1t_NthCsNWi7rZRQ8q_8MpjrcFSLOawK92UXW_gxhlksodjWkZRF4WoUrCLoMjQhV9ZYPmJyMaN8Drprk6F303EtzVLsYZB434g2lZIGUVyoQjR9mvLPhrJ8OPQVCAJDkZl74Tinv1RujKZFn3hmraMoki9e6SVRpcEkFtlOrQcNf_mUUVSojaTBQpBLUBeaKL5SfF9tygpOCRD0ixPEDRzPO9Y3eO8-CwbLMPlcfj6JnO9ZhB7lGaHM9Xl2-VeAnlv6OQwsKg-2vh0RUelhrLocBq5dzQiyxUCGA07b4NmLByWJG4lX-LqwPeYd2y8T243R_33dQGJNtyBEyuVtazDH_XzxstwGbJc3jlhXbKZuWGwXmzqUJQE3M5gpkx1ZdXOxVEKLRGiu7ees0fU2V2AyQcZ9jUaQgAc9FVQKTcM1VtBxAiesqIY8fxJDmGaJtLiKKoPovNp4YK00QH1a_OYAe6HT5IRLYhLOafv4PGBuH9U5ze_webyH1suoTI85wUgnb8QP74u7WPDDcZu_0p8J_xDvh2telehyQsnZK8UJ6auTmZgVq9C7BTGnP_i5bY3yO3yR8lwMmHePovB-ZqGKu6xTyooclDgPZRyBpIb4Jm1QJvEBzEApTkhKVVSMyHXpLCDU10hoFWF5_kcaqZbaFHi7ytt4o1fA07iaQDFJqxhR6Tvk5acHj-oJwjpQISlrUncxCQtfppNJ2LwU8apcmMfUUAoHCCP-Rx1CumhSR-U3w3YaT2GEn6t4fNsYJIB4_EZ9HnNqNnD5N1UiusUx3vZsRoGQd1JQRg0YgPBzctEKa_C6HgxR2hGjX7gr5FkeB4tWM0Jd-Bg6AzhOuWfYqQx2Q71AzDs0DDe3HcEOPUCJ_wCCkPsxultfI0CpFvsHFl0FN6XB0jBcDuBTmxp39EneJG4exUiOAaYuTtJy7vuJqNUqIKeso7uoasUNAJkc9vtuJ1kj83jV3B1hdyJ3vhD3fc3Shpe71L1w6TtxvfdsXR9RxhmmBcEmj1aSDUM-V6x-Z0kH3cMA&cid=CAQSOwBygQiDksCD-26czTqPaJ0sG6PT2d3_52Dd7CVWPxprdARqPWylSXouLfZ5EB4w5XfSIotyX5TAdZClGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13528083759159663000&adk=212707235&idt=152&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 5DCF 30 KB
11 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66008
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5DCF 41 KB
13 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 191291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 07:09:29 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6909 1 KB
643 B 18ms
18ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16888
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4B8A 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d9cc487384666e66ecda67b5564463b1c4fa7be08a913ad2f7314103bc60355

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9917 1 KB
643 B 18ms
18ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16888
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5DCF 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 897cefcae52ea159087459e4e735654e5f2cb340c3505ecda4a80e64f1854559

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3BB8 3 KB
3 KB 18ms
18ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:04:08 GMT
x-content-type-options: nosniff
server: cafe
age: 62012
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Fri, 30 Jun 2023 19:04:08 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3BB8 344 B
370 B 19ms
19ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 81750
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 30 Jun 2023 13:35:10 GMT

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/17952959967271059456/ Frame 7DBA 47 KB
12 KB 66ms
27ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

011e3c5d05b1f8220f59241e57ac65c49b382e8ed8eff99149e2eda18e36a660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:40 GMT
expires: Sat, 29 Jun 2024 12:17:40 GMT
last-modified: Wed, 15 Feb 2023 15:44:22 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F5A7 0
0 128ms
67ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv86l7nHnBAF7vKC5kkagw3vEC-pIl4DeEe2KrtDPgMDxUxZl_ZB6Gq5dLNdL7H2raTYYGgHI0UaRc3QFG0-oBpNkldUk9T6HmNrJHoY4_tE9xVR34IO-rDwWYXNe3qwY31H2F0By7WdLrJHm3y4GSPmYNkGI6lcdNj7yudtbnjgtSk4-oPkN5p5rUZfx-PUIVTjTrCooN9a2BeaJzRReycYcMoguPrFFwWTS3OqRx1fm3kDjAfCkUdx5foKLuHviWQDY8TxngNMwW_K6JJcVUvI75305cL3Nx_bupcMtOyvvaUdT5UfHQCEduvFt0L8RTEe0vs6lLQyiCSBr7RHBSSPxmyVylnKkdPa9TGw2ev9GOmaP6F7S9ywsnXX7QK8oWyQHpVb7gdmqEl4vOFuMdwi22yUjZDE09OkAQILalF6R3Q9LBazgYveQU9-s0gnK5AS2VHDZ6YMvAstIW8FlmLuxCtZlOlIl7-q30xbPlsHjmJvh6P7CZkPmpivhp5ZasAYAWL5GxbvQxUR_TdhcK5W7dolOcHC9VXVBFFp2cQIG2-VMOp3flXvpJD7anfuN-YtTWgQEvdSO0PoiwANwZCDbso65EH4l_4EP6joELVwMlALwFdmWediLdBzmeNFcnB4w4adLpDDyDmy9N-dzSlUr0Aa5IKJ-dLQu6Zbyo5xggEdeUO70YveJmMJhoNKXIHhKFp_M4mfs2sKON-YeuImVPOMDsjjWBPyyGxg7jFBV5kgSW2CxiRYclhQqKp49lxD_FyGr9CQLY4NgCe8RTjG-uQ8VflHMcUni9LmoO5t3aQ43tF6hQ1yUhnsq56E-AYUHngmx2Mcyv2sAZANk8C9MIkdrOW-1-w1wpScA_e3Jax-0BQH3772kJP0CWc8ad3vPYvnkiOrVr0wLoztWvyhhCni6E8Fu2vaEuvNFEM7lkjFUIsjj0xmS585hsZR1ojB4U5QXl4xLXgciHdgEZcoILyY3jMYUarUnUYncdjz370-0Nv185dN6vd2wXKXEtDJLGUDgJLbTDMjE-GawkRAsNrBsiq6jiKNN9QVeAFwv10eCzOahG9UQd8M-RH-CytVxA75VvuCBIFa8LHm8BK4dIPVSIzYbAJuOeoWCdwmsZBzn9-RbDAKCAyDEaf2oSBenfTQcwsajGs6kpfXTQyWuXEgGVnvsFTE6itNQhwjZzkq6lfBIn-KcadnVIldSJc_1OVq62TxfpId5L2_ZLChIUGzlJx4XKMqIogTfR1UZABW6G7sLD_KDg4sUroftsrdRRUtqmMDMG-6jsY2trYm8NLoJDf7Fk47nmk7pZ7kuNXnv2UEqY6hp7tnfx3ag&sai=AMfl-YSXcst9oZGi0fobIJW0aSUHFxobTdMwlRdNBLlie3H79y5Q6UOcvB1AUTFy7Tc5e2OxVMFqS7XU0aK8unEdZ8wPadgSQrQTuNsH0pd42-7lZgQW1TCzVnEIQuW3p7aiDHNbMinq4t1fFmUQSEJIqUANs3hIWh8nBN7t6_TmDLlSRxDGWLyI4duNhJIKyci4bpaskZVfX66TglXg7PleKmDwKa76u0uHiPVoNM4KVIMs_GZRU7_AgZSIGiI0eihWAxICku5PAJfk7r3qFL1dWASa_yMs&sig=Cg0ArKJSzMpaK7i7Tw7lEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=277&cbvp=1&cstd=269&cisv=r20230627.47996&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659A
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBYis11Vqv4_nj3hyoDuouk&google_cver=1&google_push=AaAOQGEAB9SWgjSRXsvoDDBG1pVDBibvDZncR5sX3DDU5ouI5rVEjOhb3T...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGEAB9SWgjSRXsvoDDBG1pVDBibvDZncR5sX3DDU5ouI5rVEjOhb3T9VcTtKZNreJ981hVwAPaVBjicGjcR_fTSYYOiJg4iU&google_hm=WlpNCCBW-vXc...

170 B
188 B

28ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGEAB9SWgjSRXsvoDDBG1pVDBibvDZncR5sX3DDU5ouI5rVEjOhb3T9VcTtKZNreJ981hVwAPaVBjicGjcR_fTSYYOiJg4iU&google_hm=WlpNCCBW-vXcyn--epFUHw

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGEAB9SWgjSRXsvoDDBG1pVDBibvDZncR5sX3DDU5ouI5rVEjOhb3T9VcTtKZNreJ981hVwAPaVBjicGjcR_fTSYYOiJg4iU&google_hm=WlpNCCBW-vXcyn--epFUHw
date: Fri, 30 Jun 2023 12:17:40 GMT
cache-control: private, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 659A 0
104 B 158ms
68ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEM6SqDdDlPt-MyRnLiOmuPI&google_cver=1&google_push=AaAOQGFqGZ9zP2jqCpCEy9xNbvbf0hz1MO8MtLC6i5D3gx7VRcBSVmN0s23OhG_SQewH5TwWZLnmFc4yxZo5voiLO7af3_laSm3I
Requested by: Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 659A
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHxxNm40B05RAo-TPuCKRVk&google_cver=1&google_push=AaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3ib&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHxxNm40B05RAo-TPuCKRVk&google_cver=1&google_push=AaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3i...

43 B
420 B

189ms
188ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHxxNm40B05RAo-TPuCKRVk&google_cver=1&google_push=AaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3ib&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3ib%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df658f40a21bbf1-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 139
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHxxNm40B05RAo-TPuCKRVk&google_cver=1&google_push=AaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3ib&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGHbqlK-TiYlvedfiAb7ZkwEQZkzQGooaIgumgjoifn1_Kgi_Wcheqre6mJgVip5FuTZfOJg5xXT7myX3o-RnHmQtOpXs3ib%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df658f2b878bbf1-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659A
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGdZZM-OnRtEdvI4LlhI1hU&google_cver=1&google_push=AaAOQGHFTLzT5X6iF6ntuEJ1plBrpRVImE7vH2d4FXAqdquSG41JI8Sibuo__k9gpostj_KvjlK...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpJSkk0U1ctMUstNjBRSA==&google_push=AaAOQGHFTLzT5X6iF6ntuEJ1plBrpRVImE7vH2d4FXAqdquSG41JI8Sibuo__k9gpostj_KvjlKzY15K6haBVCv7g-80www31YM

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpJSkk0U1ctMUstNjBRSA==&google_push=AaAOQGHFTLzT5X6iF6ntuEJ1plBrpRVImE7vH2d4FXAqdquSG41JI8Sibuo__k9gpostj_KvjlKzY15K6haBVCv7g-80www31YM

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpJSkk0U1ctMUstNjBRSA==&google_push=AaAOQGHFTLzT5X6iF6ntuEJ1plBrpRVImE7vH2d4FXAqdquSG41JI8Sibuo__k9gpostj_KvjlKzY15K6haBVCv7g-80www31YM
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e06182bf224d96e6550f4595601cdb0b
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659A
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOhutd-K4D_tNl1XTc13bZs&google_cver=1&google_push=AaAOQGE2KWm5lZbmwUE9YRMgHUsSwjfJpi3SF5OweEqgv9p6MKEnTVb6Dl1amldbrOY7AYmnIYmvHEr2OAmhBmHJx...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOhutd-K4D_tNl1XTc13bZs&google_cver=1&google_push=AaAOQGE2KWm5lZbmwUE9YRMgHUsSwjfJpi3SF5OweEqgv9p6MKEnTVb6Dl1amldbrOY7AYmnIYmvHEr2OAmhBmHJx...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGE2KWm5lZbmwUE9YRMgHUsSwjfJpi3SF5OweEqgv9p6MKEnTVb6Dl1amldbrOY7AYmnIYmvHEr2OAmhBmHJxqdCrnSpXWw&google_hm=G5vhvGZHmse5RpfQR42eiKbw

170 B
188 B

29ms
29ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGE2KWm5lZbmwUE9YRMgHUsSwjfJpi3SF5OweEqgv9p6MKEnTVb6Dl1amldbrOY7AYmnIYmvHEr2OAmhBmHJxqdCrnSpXWw&google_hm=G5vhvGZHmse5RpfQR42eiKbw

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 12:17:40 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGE2KWm5lZbmwUE9YRMgHUsSwjfJpi3SF5OweEqgv9p6MKEnTVb6Dl1amldbrOY7AYmnIYmvHEr2OAmhBmHJxqdCrnSpXWw&google_hm=G5vhvGZHmse5RpfQR42eiKbw
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659A
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMIATPErFKnFmOVEzUq98qo&google_cver=1&google_push=AaAOQGGvCBeJg8vhCVxb5C_wKbjQ_DUUMtNXItZ1Aac98Y1EteHAXYTLysmCypYmFSyUvZhncvsiPPPEix5T...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGvCBeJg8vhCVxb5C_wKbjQ_DUUMtNXItZ1Aac98Y1EteHAXYTLysmCypYmFSyUvZhncvsiPPPEix5T8jCGOGctolNfMMY

170 B
188 B

29ms
29ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGvCBeJg8vhCVxb5C_wKbjQ_DUUMtNXItZ1Aac98Y1EteHAXYTLysmCypYmFSyUvZhncvsiPPPEix5T8jCGOGctolNfMMY

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGvCBeJg8vhCVxb5C_wKbjQ_DUUMtNXItZ1Aac98Y1EteHAXYTLysmCypYmFSyUvZhncvsiPPPEix5T8jCGOGctolNfMMY
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 659A 0
45 B 106ms
33ms Image
text/plain 185.86.139.103
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPNKpIdtkSJrac2K6XADmw8&google_cver=1&google_push=AaAOQGH8KgxEdcKnSCYSYGn-deLm32-ta_qBYcS5mwcJNyk0_EERIV6U55OAELV0XBrTu3UJesMMUI1plUcu3HgC2fdk0J2538hQ
Requested by: Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.103 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:39 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 659A 0
12 B 26ms
26ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LgLewEQidZZa9iKPHfS10bSYiWo7TfavBtqpdUMaWBdJtmP2ofnOoJzV9mh6OkP195aYb3

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 7722 0
209 B 71ms
71ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688127458255&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:40 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4848 22 KB
8 KB 19ms
19ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 191227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 07:10:33 GMT
expires: Thu, 27 Jun 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/5793540040533475328/ Frame 9821 47 KB
12 KB 28ms
27ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:40 GMT
expires: Sat, 29 Jun 2024 12:17:40 GMT
last-modified: Wed, 15 Feb 2023 15:29:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4B8A 0
0 68ms
67ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstziGRcwPIp9mjDL-XgKUYHzREMZbSzlvtlW6f-R70OXlEqOYb911j0Q7SraCB3HsNKs4GIo8yr-gjENgpqTLRYvfh5Yjm58MrPzqgzlN8chYrhYlXOOvXKjtvndUi6JFu3PpupXCtbRPzrgj7f5NvNGa09SPcURJ_GxkvBGnfPRhFaExMKjf_hfUmkfFYX06rZHBPGQL-5zqp-Lg2gMU3b7fKIlAscfizlzq-oVhbjNZDSYr4hbtog9ayUd3g6jl7-qR6J3gtqNnUXmohwgTw2wzAwlshrb1VbrRnbPQY1o9hjDt4jV4nciX5WXZDeK1Ll7wEe25K_sQ4a5iy5B9hL5p8Ng9FyqVddqginyt_kdiVyfQYmu5d_mKzidLt05__9UoulmMnwLxROZiDi37OP1DZGkFXGu5IRY06mxGL2zwGuW6P5NuLcilJD-pq9-AIlVBg-v8EVTgtSs5Z6dz5P4i2Uuw3-aTV5qvqJs-Krutyzv2Cepw3hEhRj5UC1SeJxA5ssVU3yOARUNT7oioOpR8QL6aooU_4xT6GMcrTkAaEwJsYP2o5XtOfD0Z2XEZq_evMAjMR1av13kDZw7D-dM17XY-Pz-aOuM-NKYMWZp8xxjQO8cREgnKiFeXiImnzr6apa5Ny121tynhlMxT71tqTbKdLD_8UBteItLO5-up2P3tRzVLFXlqY8SX0Mg0dT-YQXWM2uAKXMOlcXuchTKdnJY4ZqRXDoKiMHiqYJVb7pVxRih22QzTq81UBmhD3ZnD3vlCgLO0zltf6xcHf22aTrNQRFYgMju5xsf3oMf-p2muzVtZ1ZY16uNZaApIDn6IsYx6r1nVJ9Z9wtUBCQ9oD47Vc1Arl1ghFBaYgY9jgPv1PqH3mmBV_Zgmihzbdw2N-tzYfknSsH5YI3MBIE30ULAjAcfsJMUbOjerI1nMXXKNhZ6NAD4bkBF9ks-Kzez7unwoD7_uMuU6eCq-acoP__cYCjmPlp2JrEFSeoScriJRbkfh-7dL7OivUAdNEKX3PeHNo0EoShVJZ06llDGxeBJy6x33bolPuUdWD50bOrU7LLF7IfWUFDvZPT-zkcksKYLnz7nHA_V5yTe-MDeHP7cwGznfyW7EMr6ZMPIirHYRJcfjyLgY5AP1UBYUtqZ2UegmWVCGPS2UaVdMJEpJ1XJ3dJGjlaShHOKQUgo5nRi_f12crAzPEb3ujhdb6l9NUIEC3lwdABQ6EfWSqRqV1FnIiGLLOlM7WAkazJeqOCIbfbq2RoVq-CcAJk5yssTheAnk4zAMvDr_rFzSPIwg9ImjQc9zlfCSmZelOBXT2VLxKEbSXRr3bVI01aVPElBpumSA&sai=AMfl-YSyvhqkDqx269GnmxishgHHjxsRJyDL4rchS2C4ACc_WD6E_ImVKmColRWxfLaZmsO0zoH1DTszMAhNB4SrKIQPhFIVG_fPFJVS-G9smJdOFlJMJ04lKqa032TFe2_12r1hVyeif8btDK3N4q6Ah1ncr9xKocvHa5E8waIKfyjgevrlJJLOOBbpvUBGVGkWiMg95_N4n7ri9x2jsB4dX9lPZh-R7Py1EYccjqnP6_CSKMtgCa4cSt7x5xLu3CxsPX9L4aQCP4N8SslNdiDV4Prug_o6GA&sig=Cg0ArKJSzNskahxgx_NEEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=189&cbvp=1&cstd=183&cisv=r20230627.45305&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12943809228921786815/ Frame 3D25 1 KB
767 B 27ms
26ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:17:40 GMT
expires: Sat, 29 Jun 2024 12:17:40 GMT
last-modified: Thu, 27 Apr 2023 13:46:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5DCF 0
0 62ms
62ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssOIKaUsgawUqhYUkfbqxvOP8o6Dt4GbYNFyN_rHOyOnBymDKeOrx5jgQvkGV_PKh4QDFA6Hybq3eqC_kSp6Bfd6wvyHjagQR2TZT1O6KYXPbWfOPxCaTpGnunvQENbOLKLeUmSOLmb5CqjifLGFhEJgVpy3wl0SszrYkKsM88IuwWSwyQyV5Oeuz1kfu7pGi3G4WM8EWKsXpdM4IchrzuEEbsCpRahEAiuogkMqU32mVIRxdH4DWfDU0pZ3RKTL3VgN3SxSsdarbNd4JDIOL0jpmPzgKMOKyhrdkoCYKHS8jK0_ighqjAIC1zGn06OO5j8YcjlBgwuUZ-I1ujBTJi9LT7AWoKLr4kJvbsjAlz5nfKY2tstmg3gfqBxYL0OzTkiMkvJZZFz_3ZAsZqCE1lcSyOqfIxbrRfT4U4PBWdaTNKJwUt6p2PtwgIxaaFSXZpvHqycVOrs4fvnsS2Y2toi-xmrSt2vJPF8uYbzb-r1EOrXnaMFx0ygTc-PGH2mzI3BBHbYWShrGp-S5jpBrn7DvUXFDcMFxRf-j8jQUQuK0rU2miCxk4cEGSmi9ubsgZxKg1IZHsAGCWASJSxu1TubGDbrWmjG6ZL5tXll-6TUxEVJChBFnsjU4w24Y6ntWQhaJa5CiS62rM99LSz0Z4H0ImeHtaZzgdjuC5HUc3SPSiTwuCTXipMSl56b2OK4_VJdpiWd9B64TfooHC_-HnX7dTX3Cxmht_lvCpEoNX1sBwMt2Qx3NFHtKYckdrpa2HL_-z-nrrwBeGbqdn2GiW9sk8Z9YtoIKDRBbJ6-IUWoM8UuqPZigmD1B0iaeIbIgypEW2tPQAUoo5Mme5p_dL2dxxza6-tMFtLEPlpHKPtzhu3Z4fO4bgT4ZG8XTPbBdMI6_jfegcZmOtqrO0TtqaaKp2oVYZ5BKizLNBGQDUJEOeoPAwDbBT3TIdhDXMQXJl8Sn4kQTsNyNap0AcKM9y1bdg0sjxwmrwZe1r6kWwUTESICL4_IejUNt7z9VfbMC4nRO1etTXMA6JJWmnsHjQwweGh8yhsRPK30o6LWwDoxDEHMAFP5BEkCTWzEdzZg_j-jdoGRK73btOCi8-uz0NxVvOOsfMQN2FH9Kzfk3HCkfM2kbUsyHMfmL-QpUjE41lmVfoXX0pUfVmlxO8PsR-eSJodfh_937gWQ9ecBC_4DoKEgVjIWoaB5LpmW3_Ap5XJgXUGFK2QmAet344YmMeRLqlShC8zEbxw1hCG9MsgxkqLLCKkAlwejWYZD4CPThB1eoefguU7S13SLXS9oG8i31iqLqFE8MaoB7xdbjGhMNiJZWicDAIZm&sai=AMfl-YQnFm8Ess5ziIo7OtjUGCMCdhGa50xNx4N_QYjYobd3YJ3UxRxlWYIJXdANY3YUrUmDaI37alrt2Wv9enz8lG5nAfUHmzAU1h2cKAKlnn-QoDA0VtSZd8wtZl063rDgLoHfAuNLLFbZqhr5hIA1YKl_vI-s-OZeS66LM-lF0wf5cMH-CrzF47HjNFGOn-jvC8In5f32HQZMX6LeYQifR5gbAD73X2TpmseYTllJKSg3mJBWbCLQzNcWzBTteduaBEVQ&sig=Cg0ArKJSzCB3XYqQkvZtEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=185&cbvp=1&cstd=178&cisv=r20230627.83412&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 5DCF 43 B
1 KB 106ms
30ms Image
image/gif 213.202.235.8
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180662177&extPm=361577817&gdpr_consent=&gdpr=

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.8 Grenzach-Wyhlen, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 30 Jun 2023 12:17:40 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Fr, 30 Jun 2023 12:17:40 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 6909
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEEsQ_orFYe-RiV4MtyrTCZI&google_cver=1&google_push=AaAOQGGbTrrgOqjVFM8XY9qpmCd94orcEb8Q3qgPDz_ynJH9K48Iv6U9AJSDj1PZ-MQ-kUq1vC6bdyWCIaa_BydeIKRqjvs-9-Y
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzkxMTEzMzc4MDE2NTAwNDA0OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKBOs3V2hnb_GhRZTxVNV20&google_cver=1

43 B
398 B

56ms
25ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKBOs3V2hnb_GhRZTxVNV20&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 30 Jun 2023 12:17:39 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKBOs3V2hnb_GhRZTxVNV20&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6909
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGx_J1jdWIUdwzuA_IgwikY&google_cver=1&google_push=AaAOQGFzwBSPWpdVmhMb21sP0sqcqeKX72BI_7i3GWao6ihNo3wvGD7pnl...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGFzwBSPWpdVmhMb21sP0sqcqeKX72BI_7i3GWao6ihNo3wvGD7pnl6L3jriLkfTpk2-VN9TzbiCXiEGdBrRxAXr600FV52h&google_hm=WlpNCCBW-vXc...

170 B
188 B

29ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGFzwBSPWpdVmhMb21sP0sqcqeKX72BI_7i3GWao6ihNo3wvGD7pnl6L3jriLkfTpk2-VN9TzbiCXiEGdBrRxAXr600FV52h&google_hm=WlpNCCBW-vXcyn--epFUHw

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGFzwBSPWpdVmhMb21sP0sqcqeKX72BI_7i3GWao6ihNo3wvGD7pnl6L3jriLkfTpk2-VN9TzbiCXiEGdBrRxAXr600FV52h&google_hm=WlpNCCBW-vXcyn--epFUHw
date: Fri, 30 Jun 2023 12:17:40 GMT
cache-control: private, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 6909
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJIIhqJLlCOeQRvwwpu3c0k&google_cver=1&google_push=AaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vdy&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJIIhqJLlCOeQRvwwpu3c0k&google_cver=1&google_push=AaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vd...

43 B
381 B

187ms
186ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJIIhqJLlCOeQRvwwpu3c0k&google_cver=1&google_push=AaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vdy&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vdy%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df658f46a84bbf1-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 138
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJIIhqJLlCOeQRvwwpu3c0k&google_cver=1&google_push=AaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vdy&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGE43X-RiizzZOa8CzSgtFu35U1VmuPe4OxRgVBogco700yuIGIm8Behob3lyWXWhY_2LI5-7o9275pIs7E5WSLGbAeR8Vdy%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df658f308d4bbf1-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6909
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEHQvoZ4sO2-d2Y0wH83O9ZQ&google_cver=1&google_push=AaAOQGEm-BPw2X2BlS0ONvtyFj3kWpPMfePU8eeRvOQJ42fyCMwipOTJ3IzhJte5AvFG39cMp3drvBDmqA9Th3w19QPfo2tOFs0
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0497EC7F591340419E30080902E48845&google_push=AaAOQGEm-BPw2X2BlS0ONvtyFj3kWpPMfePU8eeRvOQJ42fyCMwipOTJ3IzhJte5AvFG39cMp3drvBDmqA9Th3w...

170 B
188 B

28ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0497EC7F591340419E30080902E48845&google_push=AaAOQGEm-BPw2X2BlS0ONvtyFj3kWpPMfePU8eeRvOQJ42fyCMwipOTJ3IzhJte5AvFG39cMp3drvBDmqA9Th3w19QPfo2tOFs0

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 12:17:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0497EC7F591340419E30080902E48845&google_push=AaAOQGEm-BPw2X2BlS0ONvtyFj3kWpPMfePU8eeRvOQJ42fyCMwipOTJ3IzhJte5AvFG39cMp3drvBDmqA9Th3w19QPfo2tOFs0
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 29 Jun 2023 12:17:40 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6909
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESECyV7o-qP8jNjCoy4x_nbv8&google_cver=1&google_push=AaAOQGEVmj6sMkevV1j4DhXLT_r6suZxKWaPRqTeRqacMVVfDOBmvBy63ZpvinAFbhRm0zzYuMYxkwEmw08dLl...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDQ1MjIzMjE5NDY4NTA3Ng%3D%3D&google_push=AaAOQGEVmj6sMkevV1j4DhXLT_r6suZxKWaPRqTeRqacMVVfDOBmvBy63ZpvinAFbhRm0zzYuMYxkwEmw08dLl_MxD...

170 B
188 B

28ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDQ1MjIzMjE5NDY4NTA3Ng%3D%3D&google_push=AaAOQGEVmj6sMkevV1j4DhXLT_r6suZxKWaPRqTeRqacMVVfDOBmvBy63ZpvinAFbhRm0zzYuMYxkwEmw08dLl_MxDlmZc3l-1s

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDQ1MjIzMjE5NDY4NTA3Ng%3D%3D&google_push=AaAOQGEVmj6sMkevV1j4DhXLT_r6suZxKWaPRqTeRqacMVVfDOBmvBy63ZpvinAFbhRm0zzYuMYxkwEmw08dLl_MxDlmZc3l-1s
Date: Fri, 30 Jun 2023 12:17:40 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 dds
rtb.openx.net/sync/ Frame 6909 43 B
245 B 74ms
28ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEAV-1ZpdM1P6tA634xvt3t8&google_cver=1&google_push=AaAOQGGSK6DqMT6wEz9L3TGpiNG5YfyR_0B4R94AtiXhl3D2EPWGEM02r0n9TU_jU69DkaGs4HrSCVlhdG6YaQQvgux7lANi7WLv
Requested by: Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6909
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wbvuY92-TayX2hlwA7VLqQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

29ms
29ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wbvuY92-TayX2hlwA7VLqQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGFHYVsja2PMoSzdsXQpmJnl2R1sEJGYJChRpIR40rS-WeVY_020iePEWHMn00XNF0NUoAP_3IXD_vUr7AqXG-PSdRWQ1tIl

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wbvuY92-TayX2hlwA7VLqQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGFHYVsja2PMoSzdsXQpmJnl2R1sEJGYJChRpIR40rS-WeVY_020iePEWHMn00XNF0NUoAP_3IXD_vUr7AqXG-PSdRWQ1tIl
date: Fri, 30 Jun 2023 12:17:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6909 0
12 B 27ms
27ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KAl74mkabtrrUYVjq2RO5SMYiJS6imILd_dDApqbFxSpOQGrqLA0ZYbZWg1CMgXyXdnpIl

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 7DBA 118 KB
40 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80704
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 13:52:36 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 7DBA 63 KB
25 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 9917 0
103 B 50ms
48ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEIJcQruUD48nabFJjcxbimw&google_cver=1&google_push=AaAOQGGQsmuYiscN5ls-9vaVlbu8j6zV9evHIWGG2goDJ0CG7OraAXdLi1NyrovCjVIkqnyNkclPNzE2wkoQk77mL5GdHC8g3bhlWRSq1KRb4edPdX0PizVfi-frDsKeQAU2E4qTXXn7TToF
Requested by: Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9917
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESENkh8s4czCe5RhlTTxdrCHA&google_push=AaAOQGGpBNWOrjRw4De8Yd90Y0yiHlfE3FdtTGNVgCA4EIqioPmZ7JoTrY...

170 B
188 B

29ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESENkh8s4czCe5RhlTTxdrCHA&google_push=AaAOQGGpBNWOrjRw4De8Yd90Y0yiHlfE3FdtTGNVgCA4EIqioPmZ7JoTrYLs_uUmHDajhWOG9XUVv9Hqzw4IbLKe0u1POBxMmWZDvZSjJqlRY5EXYMYp8zfEl1z-m5x8GwF94tPgoyquXO4

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-etou8220072-FRA
pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1688127460.394078,VS0,VE88
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESENkh8s4czCe5RhlTTxdrCHA&google_push=AaAOQGGpBNWOrjRw4De8Yd90Y0yiHlfE3FdtTGNVgCA4EIqioPmZ7JoTrYLs_uUmHDajhWOG9XUVv9Hqzw4IbLKe0u1POBxMmWZDvZSjJqlRY5EXYMYp8zfEl1z-m5x8GwF94tPgoyquXO4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9917
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEEGxCaYYSXjzXFk5jVPlEK0&google_cver=1&google_push=AaAOQGEJqTWVQ818JToPJsIwxhlL0xJGvPswuLVMynmsS1o8MDFIi7XlH08SW5CdbynEFjBAsVPsYYrzaZE...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEJqTWVQ818JToPJsIwxhlL0xJGvPswuLVMynmsS1o8MDFIi7XlH08SW5CdbynEFjBAsVPsYYrzaZEFSwWTP5F2Yd-MIA1TYsmvqM65JfqFzhRzgVJ351GaHQ20VvE...

170 B
188 B

39ms
38ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEJqTWVQ818JToPJsIwxhlL0xJGvPswuLVMynmsS1o8MDFIi7XlH08SW5CdbynEFjBAsVPsYYrzaZEFSwWTP5F2Yd-MIA1TYsmvqM65JfqFzhRzgVJ351GaHQ20VvEF7bphOPtz0lT0&google_hm=sFkCXbUFQRa7KZY_lJgh4bc

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEJqTWVQ818JToPJsIwxhlL0xJGvPswuLVMynmsS1o8MDFIi7XlH08SW5CdbynEFjBAsVPsYYrzaZEFSwWTP5F2Yd-MIA1TYsmvqM65JfqFzhRzgVJ351GaHQ20VvEF7bphOPtz0lT0&google_hm=sFkCXbUFQRa7KZY_lJgh4bc
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9917
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFlYjk0WjR4GdvEIS-cTkhs&google_cver=1&google_push=AaAOQGEa0e5SsJrvRRuWhhj8Mn5Uu7woqO2XbUUQBWy0xYxlUkdE6fV89xo93JaSSa7giBjO14BoZf47...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFlYjk0WjR4GdvEIS-cTkhs&google_cver=1&google_push=AaAOQGEa0e5SsJrvRRuWhhj8Mn5Uu7woqO2XbUUQBWy0xYxlUkdE6fV89xo93JaSSa7giBjO14B...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjQ3MDk5NTU4NTAzMjIwNTg1Mw&google_push=AaAOQGEa0e5SsJrvRRuWhhj8Mn5Uu7woqO2XbUUQBWy0xYxlUkdE6fV89xo93JaSSa7giBjO14BoZf...

170 B
188 B

29ms
29ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjQ3MDk5NTU4NTAzMjIwNTg1Mw&google_push=AaAOQGEa0e5SsJrvRRuWhhj8Mn5Uu7woqO2XbUUQBWy0xYxlUkdE6fV89xo93JaSSa7giBjO14BoZf470Rmli_ZrpXQ-be-5uETwqJdIT2Lu9LZU8JWzKWMZFr0IIBv11P2K9CFq9U6BFto

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjQ3MDk5NTU4NTAzMjIwNTg1Mw&google_push=AaAOQGEa0e5SsJrvRRuWhhj8Mn5Uu7woqO2XbUUQBWy0xYxlUkdE6fV89xo93JaSSa7giBjO14BoZf470Rmli_ZrpXQ-be-5uETwqJdIT2Lu9LZU8JWzKWMZFr0IIBv11P2K9CFq9U6BFto
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9917
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMIshDCJetYdUaQPDnYizPw&google_cver=1&google_push=AaAOQGGO-R375D7Ksyamb1WIFzVWr9113ciH5osTycZQ2BjRG6kuiSApSCcIjYaoDqyl_iBEytY...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpJSkk0VUctMTAtSUM2VQ==&google_push=AaAOQGGO-R375D7Ksyamb1WIFzVWr9113ciH5osTycZQ2BjRG6kuiSApSCcIjYaoDqyl_iBEytYnBuSvEC3_DF4x-COVZ3msoh3aW...

170 B
188 B

29ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpJSkk0VUctMTAtSUM2VQ==&google_push=AaAOQGGO-R375D7Ksyamb1WIFzVWr9113ciH5osTycZQ2BjRG6kuiSApSCcIjYaoDqyl_iBEytYnBuSvEC3_DF4x-COVZ3msoh3aW9YqFbs8taMRBeE1LAW1uGItC41JcUKSmo5yfUGA4cw

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpJSkk0VUctMTAtSUM2VQ==&google_push=AaAOQGGO-R375D7Ksyamb1WIFzVWr9113ciH5osTycZQ2BjRG6kuiSApSCcIjYaoDqyl_iBEytYnBuSvEC3_DF4x-COVZ3msoh3aW9YqFbs8taMRBeE1LAW1uGItC41JcUKSmo5yfUGA4cw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e06182bf224d96e6550f4595601cdb0b
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9917
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEP7EwT_Bzg_VoSkshZeUg8&google_cver=1&google_push=AaAOQGGaE_-dBkdAB35MSNgSzmpYEcEEsLrHOlJEvanAQx3r3YW88m2UA1yNwSFkEN01O6DKUGQvj5ALDNEK...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGaE_-dBkdAB35MSNgSzmpYEcEEsLrHOlJEvanAQx3r3YW88m2UA1yNwSFkEN01O6DKUGQvj5ALDNEK3blr8AFsv8a4h-8pFiumkKXs06hwu272WxO1...

170 B
188 B

29ms
28ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGaE_-dBkdAB35MSNgSzmpYEcEEsLrHOlJEvanAQx3r3YW88m2UA1yNwSFkEN01O6DKUGQvj5ALDNEK3blr8AFsv8a4h-8pFiumkKXs06hwu272WxO1f2Diai3nkWfm-i4YZ9HGoMIk

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGaE_-dBkdAB35MSNgSzmpYEcEEsLrHOlJEvanAQx3r3YW88m2UA1yNwSFkEN01O6DKUGQvj5ALDNEK3blr8AFsv8a4h-8pFiumkKXs06hwu272WxO1f2Diai3nkWfm-i4YZ9HGoMIk
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame 9917 0
125 B 92ms
20ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESECkmIxFchYKhZ2etOxvJ6t8&google_cver=1&google_push=AaAOQGGHiWorCAFmWOvnYzZjzh49v8ygcvfKlOdfSa-nljZl36_RCQd6VweRsc88GunuSrWWX_DpgZnvvqL8o_WK8z_YL1ss67PHSZ6Pazwm7r9jdXsEsZGSBcXuPfkUg4xRmjeO2mGPOROygw

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9917 0
12 B 27ms
26ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kf72txyr3DoyIt-HFhGJOdtv_5vhEAQnmqa4HpKe7m_N_8XYItP_4C9VYX0ufFn-E9E3La3A

Requested by

Host: 8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
URL: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3BB8 0
0 62ms
62ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cai6248eeZK-JEtiImLAPsY676AKvofq1caiZq8jAEbCQHxABIMCygmtglbL4gZQHoAH8_Pj3AsgBCakC2FikVXE8sj7gAgCoAwHIAwqqBOEBT9AiBrg2-kUaVPf3-QXbmB1eKs83spSZPha_moYZr81tT1H6nnfbrm4qs-USfAIHjfkK0tVQGYI8B7PIqo_WB9J_GHPGSQB-yiHdiF3WIDUV5gW9GHCXvUep1FkShcnjydgXs2L2_sZ80W2gn-E_AP4tTY68cQJwcMirmPsx_od5fjn9yXMNywVo0ZI1oniizKTVcvnLasx-YgctuukVitojR_XI3m7Z56daatA7lEtXwDPzPmonoxnu9gOh5Gs_i7d8IK_uRWirdnJ187H1jLDGIM6vQmCA4o_hyBXW-kkVwASendfPkQTgBAGgBi6AB7Om75oBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQkN4D0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA8gLAaIMCCoGCgTDsLECuBPkA9gTA9AVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=HCHUgnYeotg&uach_m=[]&cid=CAQSOwBygQiDrx-xTbJo0vlOrovzx94-VemAZSUVh1C4Uf6BNd7HqAY7Ehhj0whzFJm-du1s0ldYofZF3IPeGAE&template_id=484&cbvp=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 9821 118 KB
40 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80704
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 13:52:36 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 9821 63 KB
25 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FD72 22 KB
8 KB 19ms
18ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 191227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 07:10:33 GMT
expires: Thu, 27 Jun 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C8EF 22 KB
8 KB 19ms
18ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 191227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 07:10:33 GMT
expires: Thu, 27 Jun 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3D25 113 KB
38 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 3D25 118 KB
40 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80704
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 13:52:36 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 4848 37 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:04:16 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F5A7 0
0 56ms
56ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv86l7nHnBAF7vKC5kkagw3vEC-pIl4DeEe2KrtDPgMDxUxZl_ZB6Gq5dLNdL7H2raTYYGgHI0UaRc3QFG0-oBpNkldUk9T6HmNrJHoY4_tE9xVR34IO-rDwWYXNe3qwY31H2F0By7WdLrJHm3y4GSPmYNkGI6lcdNj7yudtbnjgtSk4-oPkN5p5rUZfx-PUIVTjTrCooN9a2BeaJzRReycYcMoguPrFFwWTS3OqRx1fm3kDjAfCkUdx5foKLuHviWQDY8TxngNMwW_K6JJcVUvI75305cL3Nx_bupcMtOyvvaUdT5UfHQCEduvFt0L8RTEe0vs6lLQyiCSBr7RHBSSPxmyVylnKkdPa9TGw2ev9GOmaP6F7S9ywsnXX7QK8oWyQHpVb7gdmqEl4vOFuMdwi22yUjZDE09OkAQILalF6R3Q9LBazgYveQU9-s0gnK5AS2VHDZ6YMvAstIW8FlmLuxCtZlOlIl7-q30xbPlsHjmJvh6P7CZkPmpivhp5ZasAYAWL5GxbvQxUR_TdhcK5W7dolOcHC9VXVBFFp2cQIG2-VMOp3flXvpJD7anfuN-YtTWgQEvdSO0PoiwANwZCDbso65EH4l_4EP6joELVwMlALwFdmWediLdBzmeNFcnB4w4adLpDDyDmy9N-dzSlUr0Aa5IKJ-dLQu6Zbyo5xggEdeUO70YveJmMJhoNKXIHhKFp_M4mfs2sKON-YeuImVPOMDsjjWBPyyGxg7jFBV5kgSW2CxiRYclhQqKp49lxD_FyGr9CQLY4NgCe8RTjG-uQ8VflHMcUni9LmoO5t3aQ43tF6hQ1yUhnsq56E-AYUHngmx2Mcyv2sAZANk8C9MIkdrOW-1-w1wpScA_e3Jax-0BQH3772kJP0CWc8ad3vPYvnkiOrVr0wLoztWvyhhCni6E8Fu2vaEuvNFEM7lkjFUIsjj0xmS585hsZR1ojB4U5QXl4xLXgciHdgEZcoILyY3jMYUarUnUYncdjz370-0Nv185dN6vd2wXKXEtDJLGUDgJLbTDMjE-GawkRAsNrBsiq6jiKNN9QVeAFwv10eCzOahG9UQd8M-RH-CytVxA75VvuCBIFa8LHm8BK4dIPVSIzYbAJuOeoWCdwmsZBzn9-RbDAKCAyDEaf2oSBenfTQcwsajGs6kpfXTQyWuXEgGVnvsFTE6itNQhwjZzkq6lfBIn-KcadnVIldSJc_1OVq62TxfpId5L2_ZLChIUGzlJx4XKMqIogTfR1UZABW6G7sLD_KDg4sUroftsrdRRUtqmMDMG-6jsY2trYm8NLoJDf7Fk47nmk7pZ7kuNXnv2UEqY6hp7tnfx3ag&sai=AMfl-YSXcst9oZGi0fobIJW0aSUHFxobTdMwlRdNBLlie3H79y5Q6UOcvB1AUTFy7Tc5e2OxVMFqS7XU0aK8unEdZ8wPadgSQrQTuNsH0pd42-7lZgQW1TCzVnEIQuW3p7aiDHNbMinq4t1fFmUQSEJIqUANs3hIWh8nBN7t6_TmDLlSRxDGWLyI4duNhJIKyci4bpaskZVfX66TglXg7PleKmDwKa76u0uHiPVoNM4KVIMs_GZRU7_AgZSIGiI0eihWAxICku5PAJfk7r3qFL1dWASa_yMs&sig=Cg0ArKJSzMpaK7i7Tw7lEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=493&vt=11&dtpt=216&dett=3&cstd=269&cisv=r20230627.47996&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame FD72 37 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:04:16 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4B8A 0
0 57ms
57ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstziGRcwPIp9mjDL-XgKUYHzREMZbSzlvtlW6f-R70OXlEqOYb911j0Q7SraCB3HsNKs4GIo8yr-gjENgpqTLRYvfh5Yjm58MrPzqgzlN8chYrhYlXOOvXKjtvndUi6JFu3PpupXCtbRPzrgj7f5NvNGa09SPcURJ_GxkvBGnfPRhFaExMKjf_hfUmkfFYX06rZHBPGQL-5zqp-Lg2gMU3b7fKIlAscfizlzq-oVhbjNZDSYr4hbtog9ayUd3g6jl7-qR6J3gtqNnUXmohwgTw2wzAwlshrb1VbrRnbPQY1o9hjDt4jV4nciX5WXZDeK1Ll7wEe25K_sQ4a5iy5B9hL5p8Ng9FyqVddqginyt_kdiVyfQYmu5d_mKzidLt05__9UoulmMnwLxROZiDi37OP1DZGkFXGu5IRY06mxGL2zwGuW6P5NuLcilJD-pq9-AIlVBg-v8EVTgtSs5Z6dz5P4i2Uuw3-aTV5qvqJs-Krutyzv2Cepw3hEhRj5UC1SeJxA5ssVU3yOARUNT7oioOpR8QL6aooU_4xT6GMcrTkAaEwJsYP2o5XtOfD0Z2XEZq_evMAjMR1av13kDZw7D-dM17XY-Pz-aOuM-NKYMWZp8xxjQO8cREgnKiFeXiImnzr6apa5Ny121tynhlMxT71tqTbKdLD_8UBteItLO5-up2P3tRzVLFXlqY8SX0Mg0dT-YQXWM2uAKXMOlcXuchTKdnJY4ZqRXDoKiMHiqYJVb7pVxRih22QzTq81UBmhD3ZnD3vlCgLO0zltf6xcHf22aTrNQRFYgMju5xsf3oMf-p2muzVtZ1ZY16uNZaApIDn6IsYx6r1nVJ9Z9wtUBCQ9oD47Vc1Arl1ghFBaYgY9jgPv1PqH3mmBV_Zgmihzbdw2N-tzYfknSsH5YI3MBIE30ULAjAcfsJMUbOjerI1nMXXKNhZ6NAD4bkBF9ks-Kzez7unwoD7_uMuU6eCq-acoP__cYCjmPlp2JrEFSeoScriJRbkfh-7dL7OivUAdNEKX3PeHNo0EoShVJZ06llDGxeBJy6x33bolPuUdWD50bOrU7LLF7IfWUFDvZPT-zkcksKYLnz7nHA_V5yTe-MDeHP7cwGznfyW7EMr6ZMPIirHYRJcfjyLgY5AP1UBYUtqZ2UegmWVCGPS2UaVdMJEpJ1XJ3dJGjlaShHOKQUgo5nRi_f12crAzPEb3ujhdb6l9NUIEC3lwdABQ6EfWSqRqV1FnIiGLLOlM7WAkazJeqOCIbfbq2RoVq-CcAJk5yssTheAnk4zAMvDr_rFzSPIwg9ImjQc9zlfCSmZelOBXT2VLxKEbSXRr3bVI01aVPElBpumSA&sai=AMfl-YSyvhqkDqx269GnmxishgHHjxsRJyDL4rchS2C4ACc_WD6E_ImVKmColRWxfLaZmsO0zoH1DTszMAhNB4SrKIQPhFIVG_fPFJVS-G9smJdOFlJMJ04lKqa032TFe2_12r1hVyeif8btDK3N4q6Ah1ncr9xKocvHa5E8waIKfyjgevrlJJLOOBbpvUBGVGkWiMg95_N4n7ri9x2jsB4dX9lPZh-R7Py1EYccjqnP6_CSKMtgCa4cSt7x5xLu3CxsPX9L4aQCP4N8SslNdiDV4Prug_o6GA&sig=Cg0ArKJSzNskahxgx_NEEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=354&vt=11&dtpt=165&dett=3&cstd=183&cisv=r20230627.45305&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame C8EF 37 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:04:16 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 946D 0
11 B 18ms
18ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?t_AxmA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 9821 47 KB
47 KB 19ms
18ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:05:55 GMT
x-content-type-options: nosniff
age: 705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:20:55 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 9821 46 KB
46 KB 21ms
20ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:15:50 GMT
x-content-type-options: nosniff
age: 110
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:30:50 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9821 7 KB
6 KB 61ms
61ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f6c5b48c90974402e154281549a8106cba6bbbfb584c3acd1ea983ef1142000

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5730
x-xss-protection: 0

GET
H3 200 60005582_20230403054618305_APP_iPhone_14_Airpods_Pro.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 9821 160 KB
160 KB 24ms
23ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230403054618305_APP_iPhone_14_Airpods_Pro.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9331a76e62dd3e0053a589d108a922eb800d3790823ecb916a02a26a84b4e1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:41:09 GMT
x-content-type-options: nosniff
age: 12991
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 163495
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 12:46:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 08:41:09 GMT

GET
H3 200 60005582_20220825085130495_160x600_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 9821 38 KB
38 KB 28ms
28ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085130495_160x600_BG.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef3a6cef3c8af50dd4b8e6c84af98d1b9a6acb716a038209d59970ebdb15302c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:02:11 GMT
x-content-type-options: nosniff
age: 62129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38995
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:51:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 19:02:11 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 9821 43 B
608 B 87ms
27ms Image
image/gif 141.101.90.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_354695792_145341318_PO2902A20230503&ref=29118705_4307561_354695792_145341318_PO2902A20230503
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 12:17:40 GMT
via: 1.1 varnish-live-1-0
CF-Cache-Status: HIT
age: 6712823
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 22 Mar 2023 08:05:14 GMT
Server: cloudflare
etag: "2b-5f7789eafa280"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 45356224
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7df658f4991691de-FRA
Expires: Sat, 29 Jun 2024 12:17:40 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 9821 26 KB
26 KB 25ms
24ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=n7vJf0n3UD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:08:02 GMT
x-content-type-options: nosniff
age: 578
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:23:02 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5DCF 0
0 56ms
56ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssOIKaUsgawUqhYUkfbqxvOP8o6Dt4GbYNFyN_rHOyOnBymDKeOrx5jgQvkGV_PKh4QDFA6Hybq3eqC_kSp6Bfd6wvyHjagQR2TZT1O6KYXPbWfOPxCaTpGnunvQENbOLKLeUmSOLmb5CqjifLGFhEJgVpy3wl0SszrYkKsM88IuwWSwyQyV5Oeuz1kfu7pGi3G4WM8EWKsXpdM4IchrzuEEbsCpRahEAiuogkMqU32mVIRxdH4DWfDU0pZ3RKTL3VgN3SxSsdarbNd4JDIOL0jpmPzgKMOKyhrdkoCYKHS8jK0_ighqjAIC1zGn06OO5j8YcjlBgwuUZ-I1ujBTJi9LT7AWoKLr4kJvbsjAlz5nfKY2tstmg3gfqBxYL0OzTkiMkvJZZFz_3ZAsZqCE1lcSyOqfIxbrRfT4U4PBWdaTNKJwUt6p2PtwgIxaaFSXZpvHqycVOrs4fvnsS2Y2toi-xmrSt2vJPF8uYbzb-r1EOrXnaMFx0ygTc-PGH2mzI3BBHbYWShrGp-S5jpBrn7DvUXFDcMFxRf-j8jQUQuK0rU2miCxk4cEGSmi9ubsgZxKg1IZHsAGCWASJSxu1TubGDbrWmjG6ZL5tXll-6TUxEVJChBFnsjU4w24Y6ntWQhaJa5CiS62rM99LSz0Z4H0ImeHtaZzgdjuC5HUc3SPSiTwuCTXipMSl56b2OK4_VJdpiWd9B64TfooHC_-HnX7dTX3Cxmht_lvCpEoNX1sBwMt2Qx3NFHtKYckdrpa2HL_-z-nrrwBeGbqdn2GiW9sk8Z9YtoIKDRBbJ6-IUWoM8UuqPZigmD1B0iaeIbIgypEW2tPQAUoo5Mme5p_dL2dxxza6-tMFtLEPlpHKPtzhu3Z4fO4bgT4ZG8XTPbBdMI6_jfegcZmOtqrO0TtqaaKp2oVYZ5BKizLNBGQDUJEOeoPAwDbBT3TIdhDXMQXJl8Sn4kQTsNyNap0AcKM9y1bdg0sjxwmrwZe1r6kWwUTESICL4_IejUNt7z9VfbMC4nRO1etTXMA6JJWmnsHjQwweGh8yhsRPK30o6LWwDoxDEHMAFP5BEkCTWzEdzZg_j-jdoGRK73btOCi8-uz0NxVvOOsfMQN2FH9Kzfk3HCkfM2kbUsyHMfmL-QpUjE41lmVfoXX0pUfVmlxO8PsR-eSJodfh_937gWQ9ecBC_4DoKEgVjIWoaB5LpmW3_Ap5XJgXUGFK2QmAet344YmMeRLqlShC8zEbxw1hCG9MsgxkqLLCKkAlwejWYZD4CPThB1eoefguU7S13SLXS9oG8i31iqLqFE8MaoB7xdbjGhMNiJZWicDAIZm&sai=AMfl-YQnFm8Ess5ziIo7OtjUGCMCdhGa50xNx4N_QYjYobd3YJ3UxRxlWYIJXdANY3YUrUmDaI37alrt2Wv9enz8lG5nAfUHmzAU1h2cKAKlnn-QoDA0VtSZd8wtZl063rDgLoHfAuNLLFbZqhr5hIA1YKl_vI-s-OZeS66LM-lF0wf5cMH-CrzF47HjNFGOn-jvC8In5f32HQZMX6LeYQifR5gbAD73X2TpmseYTllJKSg3mJBWbCLQzNcWzBTteduaBEVQ&sig=Cg0ArKJSzCB3XYqQkvZtEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=393&vt=11&dtpt=208&dett=3&cstd=178&cisv=r20230627.83412&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 7DBA 47 KB
47 KB 19ms
18ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:05:55 GMT
x-content-type-options: nosniff
age: 705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:20:55 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 7DBA 46 KB
46 KB 19ms
19ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:15:50 GMT
x-content-type-options: nosniff
age: 110
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:30:50 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7DBA 7 KB
6 KB 61ms
60ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597d03cc09c370d64e455adfa00cd8ca7f47f56b2c5230337d0109905a8681b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5707
x-xss-protection: 0

GET
H3 200 60005582_20210507060843268_Asset_Transparent.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 7DBA 2 KB
2 KB 20ms
19ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210507060843268_Asset_Transparent.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 18:42:46 GMT
x-content-type-options: nosniff
age: 63294
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2040
x-xss-protection: 0
last-modified: Fri, 07 May 2021 13:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 18:42:46 GMT

GET
H3 200 60005582_20230412024536330_o2_homespot_5G_ASSET.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 7DBA 33 KB
33 KB 23ms
22ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230412024536330_o2_homespot_5G_ASSET.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

549667bd2dc0f6f1bb069fbe4151ebf664f6167be869d8b83032c0019a6e00e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 22:43:08 GMT
x-content-type-options: nosniff
age: 48872
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33586
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 09:45:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 22:43:08 GMT

GET
H3 200 60005582_20230413245535820_728x090_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 7DBA 41 KB
41 KB 20ms
20ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230413245535820_728x090_LOOK-01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6340ab066c8cd3fc0ff1e47b254690638b7481954f793601c5602be5c7692f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 10:51:11 GMT
x-content-type-options: nosniff
age: 5189
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42135
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 07:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 10:51:11 GMT

GET
H3 200 60005582_20220825085202338_728x090_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 7DBA 30 KB
30 KB 22ms
21ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085202338_728x090_BG.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5bfdb5e4886a5d739b60e2a8938706714242d4e9a68cb77281630a3e518faad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:13:01 GMT
x-content-type-options: nosniff
age: 61479
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30980
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:52:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 19:13:01 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 7DBA 43 B
608 B 31ms
30ms Image
image/gif 141.101.90.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29115794_4307561_354697130_145341330_HSP0203A20230413&ref=29115794_4307561_354697130_145341330_HSP0203A20230413
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 12:17:40 GMT
via: 1.1 varnish-live-1-0
CF-Cache-Status: HIT
age: 6712823
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 22 Mar 2023 08:05:14 GMT
Server: cloudflare
etag: "2b-5f7789eafa280"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 45356224
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7df658f4e97b91de-FRA
Expires: Sat, 29 Jun 2024 12:17:40 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9821 17 KB
6 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 3D25 3 KB
1 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 223
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:28:57 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3D25 7 KB
6 KB 62ms
61ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44c91c53b6deeadf0cecdb8d23cb0eaff319f694b152d39187a09eda0d25fa44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5773
x-xss-protection: 0

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 7DBA 26 KB
26 KB 19ms
19ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=ItRp4l9Lhr&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:08:02 GMT
x-content-type-options: nosniff
age: 578
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:23:02 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7DBA 17 KB
6 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F5A 37 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:04:16 GMT

GET
H3 200 160x600_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 3D25 62 KB
17 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf035fa0bfc989035b3a60bd3384033c03a80a1ba4103a81d20e0bd053301e9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:16:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17856
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 08:23:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:31:22 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3D25 17 KB
6 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:17:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 12:17:40 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame B876 37 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:04:16 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4848 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bj49S48eeZPb8M4e69u8PusqMoAwAAAAAOAHgBAI&bg=!S0ilSBzNAAb90kgr3dI7ADkAdvg8Wtr4B3J9pqQdtU01dDMy7Km78A2tboPYi8KT8GKGJ9vNtm6AGO9lWz-w1LBrbCWpXPMm480CAAABBlIAAAACaAEHmQMYhlEpYzvnwShOeIpUj2Qu7QbR7MLH0bfgwnzSzp9KOQDenvbl6w6ADNB0jDsnPOc2y6dlL5h1iSawyIpyn9tOjww1zbNVtrLf-TmRG97icdjMGl72allghP89HMNjmLeMvL78XW8H4m_pCvihJIvWCjXr8tLKHAES-NMzRjObRRWnTNXR-0qwgkeKiPrqHnIJGvP9OQjO_srQBUak2FpCaCVWzzP6Izfwv5O-D7DZHTBoD3-ypqePa_7-SzfojaTO-EQ374f-9MxwD8ikPIJ5pYG33Kclih2LooUTXqfiQWYOvEzGfrb6YZOCiC1nn3rmd68kHRAmd0PdJcjvf8br8_SxsZjzdYuLnBfK3N0b6wVgAwYD-WrhtelBXgAzHyJ98ROcBUyfvG5Gyw85JI2RIzN8EpFfYDFsjQQvQALJS9GP75PWQnJA-OcuC3Wj20zeld6dKJj7YjudG4DwIh96Crvy7W_pAnJB1pA7MsCjb-vRbsGdH0xSJyIzzm_hP7VSB-NqDI1xLIpWdEYwE4IBJXl4IwSyMnGhBO-XqAC0Pagoa4U678RbIrPRACOe9ZjSjAulPCHeZT0gZIQ7_TIFo8xwsgzIMk5xF5xrmQ_0MYuDSpHEzmlzgzxVgl0656ZFqc83oO0YR71wXBW5T2Pulv9kzZKYFygQVYJT0kZb0ByJHn0egV3xv2_6o1vDYK9Jhk3kN0M7n8bRZP9rRzK0i5xxuvsj7EIhk9IwnN-itLdPdJYl3xjjVIOUE1V0eGKQMn41BTuVUs0gJ7C1_HCJBOkWfNQ0PNb5zsurvtFldn3lEfrotl4ItpXi9LwQ9hEZCMAE3k7KrXMh_xo-2eaIwRWjrXcjeMap7GpsH6NuBdbch9T1rt7aN0v9W0x2TSLjBlqGQDiQnbomQWJawkAV9eMgAWQXLAqSkX1Jz_OcNftQB41DEt9MSB6r9sqfVMDmM3OikXVMXG5qU-lITgBYWzMOL9kViq7FsRMkZ0PzEKKSA6Lj9lazKEf2OxyGaOX2dF58BBoMV_MzMCgI_ifUuaknDLzNdYO8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 4174 37 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zBQz3-TNDKCcnEtYIoHgFkOKi9KToA93A8ow_70HNHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 18:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 238404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 18:04:16 GMT

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 3D25 6 KB
2 KB 20ms
20ms XHR
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:12:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 281
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2334
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 11:06:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:27:59 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 3D25 5 KB
2 KB 21ms
20ms XHR
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 611
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:22:29 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 3D25 2 KB
1 KB 21ms
21ms XHR
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:06:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 666
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:21:34 GMT

GET
H3 200 NH_D_NA_Los-Angeles-Palms-Indian_160x600.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame 3D25 49 KB
49 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_D_NA_Los-Angeles-Palms-Indian_160x600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aacabf18ca50818c4598de6f5a05e4c32a0c89a1e3ee39ced2b5fe758c9acaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:06:11 GMT
x-content-type-options: nosniff
age: 689
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49691
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 09:07:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:21:11 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0006 42 B
64 B 63ms
63ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvOJmtb4Se12NFxzvFVHIbv6b2oBJzKVVqe_2OB3BnlpE7mlyBTeRgEsjF7TX2-OnLSEZTIzAjEF0rAFUS2o5JRlX0dj6wPwvpunGddjgZrCg6zohtizP9PnkEVRsv9NF0HUYnUckcon3KGEPtzpdwZBy0SCp9Bn69frBrPQ_6Eu92NC7zKH49wABo78huLjYXHH5ENwScapI_7t9HwQCb6SGU4MHQrkez1wa6zKxL0SEJYazcUhL3zPXYl-Dz-bmxSYkXm4StsDMr25LpHpCbgf0thbLvDL0HlkcO8G_wn7A2MSNUJ29B2FFCi9gT3vnGEdaqYrhX4yA1lbmbAbrV3r5tIhiTSUY9f6w_sVujiN3NtP3UkdxWvG4uYQtMjT5euRsVZ29f7td3SAGUcUdQzVDVgUcYZIx5Kmh5iTBoedfxFj3kh_Wv7TcH6bNdD5vgZjI6Uf-kmNOtONamfs17Ql8uPMLEyJxzl5vCLiYZa9_qsw5K-aHcLSUQ0kbUUlBPR8TMl30ZrzOLNDkxwOYsZBEqTcfJsQHNxbk31c29BIixo4WKYyxUwIUQBKQwkiS5iOwVmiTjcW67OQbHiFXuXXjNxpzvuVRafzYfxbVKYvJCFKw24rig4miKnaU3sP_RWAlPIVjcu9w_5ypJClMRQPJLZgE7W4mCp-bpTmlS8y72cCldC2rkVXcSJXGz8MOA24xGiI7Ozo3c8kohWdMLC81-JOtoWMqOK43RWTdGK0mKA7ot_7S4JIub_9XMmo6ar6R84dL9JJo6NxYTKRwr6zh0fQ04-lD3fwYyeNq-M6LEmfrN1GA903lItru9MHKl9rIguC_DEixPEjwz7JsJFafGoxzmxCi_H01zFluKE56dI6VFozFddmC7pOF3mZFv4TWlXhovV4rVi1uRYWJCe74F5M_KWry4HwtFmXSfprysle0mD2skipcOrZjmazWF8kMQGUKIeH0T2Wu1S6eUJpLifjCZq-jKkDnQIq0ciGkTqe-5LDEw828DLyn0vuvDYchP_8HheTdL86Fnq5qoloHKbNeZn-5G1HSGPqkkAPG0d7ItECOUf6rlq0A0rLyao9qM&sai=AMfl-YTTxcZYxFBLlPLsG5uhCrWWDdUJoeSviTTJP0-0Lu5oe2oSpmgQbZbhpfensTsMx2xI7WUdSnV7erEBZZdXQsHEjlp4lNYA67_gU5hjBqwQw-DWW8Lg5Esj6NWMCLKpp80M-am3EkGd&sig=Cg0ArKJSzPWQSQojGTBbEAE&cid=CAQSOwBygQiDwqpV-Rsdc4Yr1scq0njPKI3bZSH3K7wT8kbBPZ4ktuQNzLoHei602ZoSmZTDfAkGLJuBr-PpGAE&id=lidar2&mcvt=1031&p=0,0,90,728&mtos=1031,1031,1031,1031,1031&tos=1031,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688127459558&rpt=219&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FD72 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0-oT48eeZM7wOM2z9u8PtPCgsAoAAAAAOAHgBAI&bg=!oKOlo_fNAAb90kgr3dI7ADkAdvg8WmAOKfjOzX5JjV4J9Yi8uais_P4Olg5gpjW4GJguF4c5PeHqb7Cl_39QFPfMd_x2tOLLbBQCAAABDFIAAAABaAEHmQMH55RbSfIZO7leNaVcNSbdyy_iLw7YPGJ6KY8FU7IVdy-v1Rrv2myl2jYTL0XKe0dv7fP47tZ8PrCffk0iDmGPeiY4_kzvGX9p2IUBHlliHufufINGvWqu2O6eWGVHkxBLFZElMzRF4dWAlkeKXw347JGX_HK9H7CsP7wZWNr5GwzA5rZ01_x28S5B6O1siTKCm0yy985rzUdPfIULlyUyGqgMtscaIVL_D_glKoitK8gh94SklE9W_imq_JjWlAcsWr-9nha0Z_wv1kTSkUnONq5o7CbjQ_GmLl0j2NPL-nQ9fZjprSCRpP5DS7sv7oHMd0yTFFYERmpov32y78L3TFC12C5LQ5969dMaJ5TYoNR2NCLMGNWizgiRhkLbFbUXhKirUDrDsP_y3XgamrNOlsSvGIrqvPkJn4AeImQ4P9HKNjXdYIGtXw9dcD85FLhhY6v3yZnbd8HBA0ncnJgPbuv9bKsBqMrbDQKTKSOg5U31ENY9izzJKD1h0y6C7KphuYAa3Sk_FsJTuWpen1mL-IAC4pkgUb8Wbistm-8WVby-hcADNTFpAlT9ITo5hkeeULzAMbjT5byumA63CVPRjLt6BPRZIKQchea-IkTiu15b0yVSdSrh0xUOZo2ah-_odD_qEy6tXaFgE4eB-P221lNJvEbdXrFQQW9PmjSSd8SwBR2AJjXOpvoqwFexAXY0YMgzS5UHh-ISZIIqpuC53AX1oOGwhac7qP0WKLrgfWbKPPCjjqCXVuoXA1MgfjXzUmWyjx5D_6JjZVCpjvFiqD9EPiifpw16mcybCX0Awr32xrSEqX6LH-nN1jZwIUepXynCpE6gHv30N4v7oxHXttMCYglb1UccNVhJZxo4AwDaafpDdEw6MH09oqwcX5VjYKFyjY9D3YoqDSntzXWl8L3_GEg4WJX9dG6IFxq9u0YbUwZwfIm9z5xP0RJkNh45gmjqyXeRPgGiMkJ3ystnMr5D_qd9ghdAOv4nqo3ByFzATZ0nQe6D_BZd8BD0x0JRmmESkdNWVw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame 3D25 50 KB
50 KB 19ms
19ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=D8bwHR1w5d&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:16:09 GMT
x-content-type-options: nosniff
age: 91
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:31:09 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C8EF 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkX4G48eeZODiOuzE9u8P_reh6AwAAAAAOAHgBAI&bg=!JiWlJXHNAAb90kgr3dI7ADkAdvg8WvXCQetteJvXETUZ-Eab7GTP_un9m2NmvOWUZ9w4P7SXDZXeNczwP4g0aFSjrMzxL1KIqqgCAAAA91IAAAADaAEHmQMM1dwFanM1d0LBxpS2V1ATAf82P9_rkzbvbwhKLcfQfIq-2n8HmWrh241OCRUS7hNuEdubW5EmafRb96ZJpxl4aPopCdqFw90lsnYBKL2TEO39h363KqHMC86Zo4SRfKDHblD7gMUdTDw1rb2w2TQXIJkZ-xZjbZ1-OiI0foL9s_7f4OvX4uWJpT8ECCwg2v-YsJzsLZKa9lKMLaIcaKbYnKfd7gawpHCmcYt6S8WWkhTF60amJT925SZxYNx2a8UioEV5bC_LYuph0nx_Opv-YTIOiO1j0nNT-MrD0ZdRHrh0IWytg5WcM9IkOd_PNrlpuTVlyEuU5ObiChA_3t5K_a8xq6NhVeRjPpy_SsniuA6CD0T-ZSldTD0rVx-Wf93xe-y0O7le0peF9s_8tPzokktJbUhnw39Q5hXsmKh16CqZyNHfiXz5HRdIdTpNt_V_zlQQf57bix0jLXTkBRMEAQCeYWWvZW7EIzy_8EalgINSxpwE8PqFD2WrlYw_SXyq3BCxguNKvQbQsT9gg3rX58BQuFsLCsZ5l0TQbu6QNHvgeRuVpdZqLXZfBl32BJh6gVzQTtwmsIhGAG1bOou1s3c8u5j9hSUMLyrECmOvAAGen6LD5T0-e_Gar05eWAcDOuaCCWu6WE3Lj-eNpkNiq4zggyOr0MPZI0I-48TmpzhUJuoYquxgFgQ6dqlX6U7YE_e3zDRogDYtn3qZcGOvcZBWFaXO3S_WmLb9XrMD-4ZyEVkgnKIZ7QQ-R8szsXNssmW3-tjXFSEAP7gvKtI9w0M6qM401ynVy8AegQOn-MfXtR4teGIbNAi6UoNg8FWWceUSf7eO25-pmhObeEIAGiGDOtQcxxkTkbFwPiubrUfy29CZi0qx-xVVDKpHhXrHn4Gho-3y_GJ5mRR2tjlS4bASKLLyB6wogfnC1zPwn310l301s5VM4q-6nfDOcJXdf6QXYjqxUfiFBGLeAzm-gWPvPD8UJar1onnNf2l9x5dsUzieEmAWCZ-bR3bykFyUyT4vw799_V_DR7Fg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 7722 0
209 B 71ms
71ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688127458255&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7722 0
0 57ms
56ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306280101&jk=50675476267560&bg=!e3ileCzNAAb90kgr3dI7ADkAdvg8Wr6wJbYvN1Ce-501JQfMdfBxRpIwoG8b4SHHpDUdVxgp8AXJVW4Xlp51sKuRf5J8Z0JyoKICAAABPFIAAAACaAEHmQLNsHJ-Waae-ZDBv6YEmdWSYy1XCbHjBghmPQkajPz1oZbOkkAcPvOZH2FcrhMPtl6b8uVqqY3zPZCgIxRZS0wGRLdRroV8_UZX330lN1bnPXSTqYhUqQG8NRh9rwlGkNv8HlKjku1Xyl8K80Psin-kEu-t9-BevfQpSSlq0Q0cfgJ4R3Urua0GvN4wcX1qmVHSdWr3IphqdkJSxPyqxKef-_24umuwn61qv5yUmxDTvtqphOCx3teyiUN2gw3N6slDA5IM77_nDOJ_wGag7ff6OftZgRNv68upRkO86t8s73_0y-xZJXGoVzeaBcq3zBjfBb5TgUPKqSP3bN1g-F-nU1Fhu_NAss72UFqRnpuMPV1PDUV_zE2-zHAUDDK4WYHYyUPt7CkUdlBRj4RKCL-h6Zbc2LMYYARFj4yQKTgzAy4D7tXOMTLtJF1ezo_8FA7BZwzY9AfoZuQY7DtuscE86Q51hBtX62ep4Fz4oKaK9B3P1vynDqtdku8Lk-hoQjleadS0kOfaL7MK_TMAIjNCa16PRdBuec7_YkOVQi2qcrcUuA2hd_44CD7fGD_h66zeDWjimC3jlAcxDPeQdeAWRVzb1yQ0xTvtuPAEKZnB2slRwl6TZFmngNIBC451uDWefeZIMHed_YaVzX5BIn5A5Kk6G__GNvQrCCNSepBs0HDmhTvf1N01iRO3dAYjV1UgM01HWb76uQZQBghmHQVPywQf4teEZkW2SNQHoVn108-IhM6cG-7VBqdeEfOrRU3g_4I_74XuVYAIZeii0OIfnoN7NbQuxUGeq-LlcO99m-1PpXkQTVsx50HOISQ8yRSkuzm493eVc3BO4N2wA7mXBM0flZFjBGjKtdRLyv-EMHmEd2yJAbeWsh_EGKwfERAT1goIWX5ehCuLBngfhKiuS086W0rM4IfIg1cVMBVOQnC11R6BXK5WUT5HywXP
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 4AE3 42 B
64 B 60ms
60ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdCjCEuNtndMS4o5sgHhnvsvh2UsiOGQ9i4LWYJ0i4tVQlKib76judq90APytDcKh9flv14vG-HmuulSGtDCGs6Udk4Hld7L4EOfp4IVRyB868TbuT94GitV5XbQITgLlof1rU5ZABoZag&sai=AMfl-YTFLiqeEsMl2rLdrj0EoRYHZXuMPwETY4vodydfCP5udd0LN50As9Nk-3OZzxKawAb_yfqOg1UgyLignaFbCO6RTijOBIJ-H9_bygaK_2TJ5katht32LY-M8fA&sig=Cg0ArKJSzP4Xy8p6vd7PEAE&cid=CAQSOwBygQiDMgyiGssxoAD0Smjtas52_KwQh_gI5vG-s4oV6_-VUx9UTfX_rTNGLnIPd73vY7NTG6LAqplSGAE&id=ampim&o=0,251&d=996,250&ss=1600,1200&bs=996,250&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=508&tls=1509&g=100&h=100&tt=1509&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5DCF 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvrztrd7wuM997dkkcomamJCuNEU1zi4bGNxMfTl79x-t1QCzWmCj0eXTc6FKBsmBRRuU7eaMpU9cEtLPHRvFAVOgJipEZeCJfyVyz5_dCIe1LiFiMxRDrbjYw2NTnsPPLjJTQf9WLCWc61&sai=AMfl-YTX-4700DI_sSyR6d3ZTRU75kBJZgU6V-b3_eHW_jWthUzR5a9anMOjaA-6hlV52xO7dBTKH51W6Wc2_iRBxUBjp6uAclOP0IGZYPQnS-js0XMCVm0UXQFCPJc&sig=Cg0ArKJSzHYEuy1vyEsBEAE&cid=CAQSOwBygQiDksCD-26czTqPaJ0sG6PT2d3_52Dd7CVWPxprdARqPWylSXouLfZ5EB4w5XfSIotyX5TAdZClGAE&id=lidar2&mcvt=1000&p=0,119,40,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688127459629&rpt=561&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4B8A 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvbjVpROCMXdvszAkhjbbQ_cttp0MCqkfbbeZzXj59K2K7iXc5vdJSVUaIPoyIr27zoQ92YLj9Z9VLLRd7yAFnJUEOTQZifFEL7C6Z2u6ljF_FOB0Y2tGgIDY0JeIDWEVvSEFgohMQZZ5U5&sai=AMfl-YRdRPMIHe0kR1lXQVaLqJKfe6O_CZPVR-288YMnbL0B_jJqE0spsND3GKwtTKDCZVWAPAXg5qYUk59Y42Gq3YJ77apIkHyFWCJmPXjXn_XI86jdTV_u9xHEmh8&sig=Cg0ArKJSzB2aXAUtrC-tEAE&cid=CAQSOwBygQiDq3aVtHTnrzSpXF44uPfVAwraAvZi0dNwYsFX4CPOaGYYOz67MZQPZzXphFCZKzl92fMquk9NGAE&id=lidar2&mcvt=1001&p=0,119,40,160&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3299242717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688127459617&rpt=544&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7638be4b07a92411bbffe
ng.virgul.com/tck/i_vb2/ Frame 7722 0
209 B 71ms
70ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed7638be4b07a92411bbffe?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1688127461419&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 7722 0
209 B 71ms
71ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1688127461420&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 7722 0
209 B 71ms
70ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1688127461420&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 7722 0
209 B 71ms
71ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1688127461420&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F5A7 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1845896677043&version=m202301230201&ct=76&x=1&cor=13831153620124797000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B8A 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8589326329828&version=m202301230201&ct=76&x=1&cor=13623238151096652000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DCF 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1658030621997&version=m202301230201&ct=76&x=1&cor=13528083759159663000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:17:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 7722 0
209 B 71ms
71ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688127458255&userId=vnet468bed14-c7d2-422e-a498-0fc5b4427201
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:17:42 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.casalemedia.com/	1970-01-20 21:41:03	Name: CMID Value: ZJ7H4xSCMbGfoMyiTJ6XdgAA
.casalemedia.com/	1970-01-20 15:05:03	Name: CMPS Value: 1151
.casalemedia.com/	1970-01-20 15:05:03	Name: CMPRO Value: 1151
.quantserve.com/	1970-01-20 15:05:03	Name: d Value: EBwBCQGtKYEA
.quantserve.com/	1970-01-20 22:25:41	Name: mc Value: 649ec7e3-c455b-83c0d-9dec8
.doubleclick.net/	1970-01-20 22:17:03	Name: IDE Value: AHWqTUnv4Q_SL81-8gd7gp7UgA_AL8HmtNXn5Y4XlS9H8HqgJqV0KDfEqPh5k0ZONOw
.adnxs.com/	1970-01-20 15:05:03	Name: uuid2 Value: 2180158752932776960
.3lift.com/	1970-01-20 15:05:03	Name: tluid Value: 366546486591653491240
.bidswitch.net/	1970-01-20 21:41:03	Name: c Value: 1688127459
.bidswitch.net/	1970-01-20 21:41:03	Name: tuuid_lu Value: 1688127459
.bidswitch.net/	1970-01-20 21:41:03	Name: tuuid Value: e587dd72-8322-47f7-acef-d19901280ad3
.travelaudience.com/	1970-01-20 22:25:41	Name: _tracker Value: %7B%22UUID%22%3A%228F1DD52D-D5CD-43C7-AEF1-ADEBF7DDFDA1%22%7D
.adnxs.com/	1970-01-20 15:05:03	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>=woWV!]tam8i_iqf!oN/@E'zz<Z0Qm`pK5:%#DqYfVN99phC7hqzzGn-v9gwT.b)<QG=%9sk@3@'s>T@wx2K
.rfihub.com/	1970-01-20 22:17:03	Name: eud Value: H4sIAAAAAAAA_1vFwmtoZmFhaGRuYmZgaGICAIfeyssQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0MrU0MDS2sDQwNRLiM9RNCqkyyIiKLwv1ds4DADTjqCElAAAA
.rfihub.com/	1970-01-20 22:17:03	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0MrU0MDS2sDQwNRLiM9RNCqkyyIiKLwv1ds4DADTjqCElAAAA
.quantserve.com/	1970-01-20 15:05:03	Name: sp Value: CgsI2WUSBgjkj_ukBg==
.lijit.com/	1970-01-20 21:41:03	Name: ljt_reader Value: G5vhvGZHmse5RpfQR42eiKbw
.adfarm1.adition.com/	1970-01-20 15:05:03	Name: UserID1 Value: 7250452232194685076
m.exactag.com/	1970-01-20 15:05:03	Name: exactag_new_gk Value: a4dd0e69e3104c6dbea3a5d85b890781%7c29.08.2023+12%3a17%3a40
m.exactag.com/	1970-01-20 17:14:39	Name: exactag_new_uk Value: 30586dab98684227812e6789f61ef1f8%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 7d50403530f347c1bbe1b3a8
.simpli.fi/	1970-01-20 21:42:29	Name: suid Value: 0497EC7F591340419E30080902E48845
.pubmatic.com/	1970-01-20 12:56:53	Name: KTPCACOOKIE Value: YES
.turn.com/	1970-01-20 17:14:39	Name: uid Value: 3911133780165004048
.adform.net/	1970-01-20 13:38:39	Name: C Value: 1
.pubmatic.com/	1970-01-20 21:41:03	Name: KADUSERCOOKIE Value: C1BBEE63-DDBE-4DAC-97DA-197003B54BA9
.everesttech.net/	1970-01-20 21:41:03	Name: everest_g_v2 Value: g_surferid~ZJ7H5AAVmcDeAgAn
.adform.net/	1970-01-20 14:21:51	Name: uid Value: 6470995585032205853
.ctnsnet.com/	1970-01-20 21:41:03	Name: cid_b059025db5054116bb29963f949821e1 Value: 1
.ctnsnet.com/	1970-01-20 21:41:03	Name: gid_CAESEEGxCaYYSXjzXFk5jVPlEK0 Value: 1
.tribalfusion.com/	1970-01-20 15:05:03	Name: ANON_ID Value: aPnseFwZcF1foXarpfrgQwxHk6tPiKj7oEsStQeVrac7hP7Mk5YwctafQrvc3aPNh9MXaggRUfMNVrp9w1V0W

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127458451&bpp=4&bdt=694&idt=224&shv=r20230627&mjsv=m202306210101&ptt=9&saldr=aa&nras=1&correlator=3964987613545&frm=24&ife=1&pv=2&ga_vid=1295873688.1688127459&ga_sid=1688127459&ga_hid=173576919&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C44788441&oid=2&pvsid=50675476267560&tmod=1666243786&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.2ohk4hm8ne5n&fsb=1&dtd=238 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8987b6797d032767f348e2db68c5490b.safeframe.googlesyndication.com
a.tribalfusion.com
aax.amazon-adsystem.com
ad.turn.com
ads.travelaudience.com
adservice.google.com
ajax.googleapis.com
ap.lijit.com
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.ampproject.org
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
m.exactag.com
ng.virgul.com
ng2.virgul.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel.rubiconproject.com
portal.o2online.de
r.turn.com
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static.virgul.com
sync-tm.everesttech.net
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
www.cloakan.co
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
ye-mek.net
141.101.90.98
142.250.186.66
151.101.2.49
151.139.128.10
172.217.16.194
178.250.7.11
18.173.191.32
18.66.23.147
185.64.190.78
185.7.176.221
185.7.176.222
185.80.39.216
185.86.139.103
185.89.210.122
193.0.160.130
20.60.220.36
2001:678:cb4:bbbb::11
213.202.235.8
216.52.2.39
23.206.208.114
2606:4700::6812:19ad
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:806::2001
2a00:1450:4001:809::2003
2a00:1450:4001:810::200a
2a00:1450:4001:811::2001
2a00:1450:4001:813::2001
2a00:1450:4001:813::2004
2a00:1450:4001:813::200a
2a00:1450:4001:827::2006
2a00:1450:4001:827::200a
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::2003
2a00:1450:4001:829::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2002
2a02:6ea0:c700::19
2a02:fa8:8806:12::1400
2a03:2880:f083:9:face:b00c:0:3
3.73.11.83
3.75.62.37
34.102.243.38
35.186.193.173
35.186.253.211
35.190.0.66
35.204.74.118
35.241.45.217
37.157.6.237
51.89.9.254
69.173.144.139
76.223.111.18
77.245.159.14
85.114.159.93
94.138.206.83
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
011e3c5d05b1f8220f59241e57ac65c49b382e8ed8eff99149e2eda18e36a660
01204747c552676cceff27ecab875807de15fc28860715608db3d368ba736b3e
02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767
0b18bed4bbcede9a0955396f6165f86a5823f46a2f86865dc530d80ee8c2f6fc
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce5ab0260a7860ea167511114f1b2a1a8c5dff2b1a3885e2c2e70fb54c4e7a9
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
147c0a445950fa29f9fc3784910f112bdc6dc232412915e1162da9e7ea36ad51
162c5ebe4d8983b62bbb17bdcbec49361953db02abb8ef83a527c25544b4de9a
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1a6d6ecc5afe8b370681181e0077b6c838310f74f8473a1f36527577d5a1fab7
1aacabf18ca50818c4598de6f5a05e4c32a0c89a1e3ee39ced2b5fe758c9acaa
1bd2603da78c0513ae07dff23bf8925d95683b782d9eaabc18e003d3167b8dc9
1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986
1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc
20f091e39a994eac247abb2db8c48d424cb5f3ea8280cea2194168c2bf5f437e
219c8316a72342d0f3031d56f54e9bad3670d3c4a083bb2cdc1c7361a53af9a5
22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
28cc4dd52768269f5a4f1717554bbd34a68421586a569aa0e5c2542cf777b79a
298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2bf03b00609a400a0967cb914b59bde9ae676e5ffc51e23b7f7073e79b50167a
2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4
307798b2ebdc1274886ea9263f8ba8c80f18f1e9bb3fc6b3a9200adcc4ed0592
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
34c4f4260f734b22cfad2e89670f46df34abf62c67524fd9a8e99080c23d6f7a
372e646203759b4bf2ddab1f01469d03dd8bc920f187a3a09bb316f4edf6d604
385b19d8c7f7bedac5169d996fa57206b3a35b608518dfd0aa4669f7d3a7b7de
38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5
39c08603c7d4694a38f40e3f1e972d38207a90c77d38ae025f64676f79844bb6
3a5fa3073b94aa8259d04802566504c897fd640610ea9f36654cfacc615f325e
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3be63679d6ca5fd205bdbc6dc4e6caf8d376a09decaea16226da1bae6d24fad6
3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07
3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53
3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
4266a26017bbabaae6b988d28297ebf3ca75bed3e392e0b69969bc6ec748822c
43204d58f6a24cdd36d594f28e4dc0f9ab0f5ad29b4a166bb6d5f3c16756636f
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
44c91c53b6deeadf0cecdb8d23cb0eaff319f694b152d39187a09eda0d25fa44
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5061ede8e14dd075136fdcf6a3879f4b42a692eeaa605e2c5aa5f354e753fa61
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
51571e6e49d9d1243db244dd3bb1790047c7b566dabc9400564dd7f74432ffc6
52337cf2499996a25da3c2f17c8e0492c2d728c4b22bdd9b4da2089fcedac9ba
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
53d1025f404312f7d29eb76a13c1042d2331f863c5dea11abd5191ac10e9d85d
549667bd2dc0f6f1bb069fbe4151ebf664f6167be869d8b83032c0019a6e00e7
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
58fa8288d109b6525ab6ced54d659e79cc4e2a925f61d6c76da140f0a689ef59
597d03cc09c370d64e455adfa00cd8ca7f47f56b2c5230337d0109905a8681b6
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5af02ce6b5997fabe156a5cf9e0dfdf4901a0552a78732b587d1ca38ffc2e4f4
5ceb5b977d49c1c974dd2f68075110e11f8bdcc0a2e94b9f8e772cefbe599bfb
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
6340ab066c8cd3fc0ff1e47b254690638b7481954f793601c5602be5c7692f8c
64af7a328ead4e6e3e77587ae81c88a4156eea6f476df565496f8f46d89d255f
6501e50ffffdc89ec56c93111f32c70f697610d4af971fb38ae964b5824c7eb1
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
65ce40b30b215322d0b66afacd9d219baf10af7723579b5306a81fec0339acc2
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
664b84071e126b584fa4689c9e088869e82684bbfe67b0ed8d08df2031c3eacb
66f57830eba3793b6d407a90dc0636b5e5e028f466bec6045ebc0813acaf7afa
68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f
68bbcab002cfe978fe70454b240f442046de6170bdef247b98f4819f1e7f2417
6d9cc487384666e66ecda67b5564463b1c4fa7be08a913ad2f7314103bc60355
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6f18c5cd2c90bad9c70e30ffd450586440c838c754aceed8f6fdd0c2ade2521d
6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4
704ff688af5b808bcea0345abd5eaad9877b0f5072ca994621f946736738531b
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5
7b17d2d0a88d045b86c025e6a7978189716ddd6776e975bb9de1ad43be17348f
7c6b019131e06a004b9e446fb887e97e5f14815e3cd3beed8a9261a2fdfd46e5
7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460
7f6c5b48c90974402e154281549a8106cba6bbbfb584c3acd1ea983ef1142000
8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8
8206b7cb4977df1646b35835886cc5ad752365263197f15f0581d41c3751aa0a
842c88bbde71118e56fc313dbe3ad3d9e5dd9b3b9913960838734a29e5982b7e
897cefcae52ea159087459e4e735654e5f2cb340c3505ecda4a80e64f1854559
8ab758e32437cf86d59e683d808940365c56bf6893f391a96d19e731b21bf154
93877a4648f07d0a209913c6a05dcdc1810fe91fb41c96320aea06de80b708c5
94439c92d7b20cef4532243ed9ca2e30577d5ac192a09ea4f09fd94f079f6803
96aa3667db041dd0f9351d85ca19b7485bf1dad1832ae2099c65cd5a11841275
96d4fe982b3836a4c78ef5b6f89a58dafee4e7b87465fbfae457b1d5215b3561
9a430e38ea12b4f7b299602fd6e15650e8b052891af22138323504df0f4bc6b5
9a4a6644b24f9cb5dbda8f0f4a9e57ea016cbbe12d32366df87cfad198dc5de5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9e6682e7866db8b1275fec9ba7e0ea976eff8049bf57a5f635f385e50ac90c32
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a9e0c3f2f8aa72179351f0b5edcde6cfcf708285785c4a358331e05da8bff5a3
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5bfdb5e4886a5d739b60e2a8938706714242d4e9a68cb77281630a3e518faad
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b8c6455e904d995bc877812c22cb70bdba38efcaac331e7c98991d8f673a2a81
be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588
c25e33aaf9d908bb036672ed26b9af74032d7cb464d5e3f3b9b67e868798290a
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c441adb135107cb8f04906896e5d8cf75f262629577bfce6bf99ffd6b61aab02
c52e2a15cba5be54e6986bd808f5a6aa6705b0efffd9379feb005dabdb748e32
c677d7edbe588631f292fed695f7df879e8b7c245d2373b30d86aec85e2456af
c68f834218f3f9e3873165d82fdaab17e92e16fe33ba5783c95491619f78e6aa
c9331a76e62dd3e0053a589d108a922eb800d3790823ecb916a02a26a84b4e1a
ca52a0eec13c48696bf05cbe5e76a0b67c73967c1f8825cfe4b733e24a775580
cb70a0b5ac2b1a8d8e5f0e0b91b99d95723392847800eb91f42673794ce38e5f
cb896af8e865a3d863e7970665f560571261d7ad91b26b26b77be11e7f77fece
cc1433dfe4cd0ca09c9c4b582281e016438a8bd293a00f7703ca30ffbd073475
cf035fa0bfc989035b3a60bd3384033c03a80a1ba4103a81d20e0bd053301e9a
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d3075f5f3f887fb74f408b00dcf064416aa12c5b02ca0767f97860d837dcada8
d41d07189295595e39267e87a880138ce04d72fe0ba272a91c07c735db7d2092
d5544013c9c882cd032a4ed06f6f8338f6fce934e82311a1267f59b5e717c4c7
d5907d04f8aa7cc029868fb441fd2a02dce10b72e3a68d6294aa7a2debf90440
d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942
d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d95438c776e74dadebde188e24f12639308bd6ff835584ce9c93ea7420ab901a
d966ecd46380ed5fdc36aadcd4b5a4bbd65ba852833ce5e834a4e37380ac9535
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
de5adb774910a7afd4f2224dfd9c21dff806178a06ffcd60d4c86b8d61debde2
e1e333f39d61f0882b164269d2701b3bbdfb719503dae87e5c40a792fa25673f
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e47fe684eeb5978f6c7437edacdbe8f33a60d89a68403c3e58c0128bfe36a52d
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d
ec88c9de3a44165db5e410d072fee68874d371d17eeac4ea36c5325d485b3f7b
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3a6cef3c8af50dd4b8e6c84af98d1b9a6acb716a038209d59970ebdb15302c
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f708629593939b0ad37b651e8eab6bd370300201838c33d0129ac447b29398ab
f78276da5b3c017b06994750541d6f481b8b41a735ae5e15d1f8a16cf97dff04
fb117e4b7d65389a1bffe3dc164603d660fd132c3b5f589ab9bc4421379df8ca

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

318 Requests

90 %HTTPS

39 %IPv6

44 Domains

60 Subdomains

45 IPs

9 Countries

4304 kBTransfer

9721 kBSize

32 Cookies

0 Outgoing links

Redirected requests

318 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

318
Requests

90 %
HTTPS

39 %
IPv6

44
Domains

60
Subdomains

45
IPs

9
Countries

4304 kB
Transfer

9721 kB
Size

32
Cookies

318 HTTP transactions
11 data transactions