pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Submission: On June 02 via api (June 2nd 2023, 9:14:35 pm UTC) from TR — Scanned from DE

Summary HTTP 443 Redirects Behaviour Indicators

Summary

This website contacted 75 IPs in 9 countries across 67 domains to perform 443 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:810::200a	() ()
40	2a02:6ea0:c70... 2a02:6ea0:c700::11	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	2.19.224.115 2.19.224.115	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	() ()
21	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
14	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
61	2a00:1450:400... 2a00:1450:4001:813::2002	() ()
3	52.222.208.154 52.222.208.154	16509 (AMAZON-02) (AMAZON-02)
21	2a00:1450:400... 2a00:1450:4001:830::2002	() ()
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::681a:8a9	() ()
1	18.155.122.7 18.155.122.7	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::2002	() ()
7	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:372	() ()
2	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 4	216.52.2.91 216.52.2.91	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
4	85.111.6.48 85.111.6.48	9121 (TTNET) (TTNET)
1 4	37.252.171.84 37.252.171.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2.18.232.7 2.18.232.7	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:2638:d::a 2a02:2638:d::a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	18.159.8.247 18.159.8.247	16509 (AMAZON-02) (AMAZON-02)
6	2602:803:c003... 2602:803:c003:200::41	() ()
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	185.89.208.11 185.89.208.11	29990 (ASN-APPNEX) (ASN-APPNEX)
1 35	2a00:1450:400... 2a00:1450:4001:800::2001	() ()
9	2a00:1450:400... 2a00:1450:4001:803::2002	() ()
1	2a00:1450:400... 2a00:1450:4001:80b::200a	() ()
1	2600:9000:248... 2600:9000:248c:b800:1b:f040:3600:93a1	() ()
1	154.58.197.185 154.58.197.185	174 (COGENT-174) (COGENT-174)
1	192.229.233.53 192.229.233.53	15133 (EDGECAST) (EDGECAST)
1 7	2a00:1450:400... 2a00:1450:4001:827::2004	() ()
1	44.235.132.190 44.235.132.190	() ()
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
10	18.203.131.238 18.203.131.238	16509 (AMAZON-02) (AMAZON-02)
2	151.101.129.108 151.101.129.108	54113 (FASTLY) (FASTLY)
4	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
9 48	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
4 6	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 6	104.111.217.42 104.111.217.42	() ()
2	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba29	() ()
1 2	52.212.231.135 52.212.231.135	() ()
2 3	185.94.180.126 185.94.180.126	() ()
2 2	3.75.62.37 3.75.62.37	() ()
3	2a02:fa8:8806... 2a02:fa8:8806:12::1400	() ()
3 3	18.195.124.86 18.195.124.86	() ()
1 1	185.29.134.248 185.29.134.248	() ()
3	3.33.220.150 3.33.220.150	() ()
1 1	2a05:d018:d29... 2a05:d018:d29:3601:7391:985f:3e9d:2132	() ()
2 2	35.186.193.173 35.186.193.173	() ()
27	2a00:1450:400... 2a00:1450:4001:831::2006	() ()
2	185.86.138.154 185.86.138.154	() ()
1	2a00:1450:400... 2a00:1450:4001:80e::200a	() ()
1	2a00:1450:400... 2a00:1450:4001:829::2003	() ()
4	2a00:1450:400... 2a00:1450:4001:830::200e	() ()
6	142.250.186.66 142.250.186.66	() ()
1	64.233.184.155 64.233.184.155	() ()
1	2600:9000:223... 2600:9000:223f:1c00:8:48e:53c0:93a1	() ()
7	2600:1f13:800... 2600:1f13:800:7781:4b1:18cc:611a:9549	() ()
2	2a00:1450:400... 2a00:1450:4001:828::2003	() ()
2	130.211.44.5 130.211.44.5	() ()
1 4	2606:4700::68... 2606:4700::6812:19ad	() ()
5 5	37.157.6.237 37.157.6.237	() ()
2 2	51.75.86.98 51.75.86.98	() ()
4 4	54.72.193.93 54.72.193.93	() ()
1	185.86.139.104 185.86.139.104	() ()
3 3	37.252.171.149 37.252.171.149	() ()
2 2	35.156.100.193 35.156.100.193	() ()
3 3	185.64.189.115 185.64.189.115	() ()
1 1	69.173.144.139 69.173.144.139	() ()
2	98.98.134.243 98.98.134.243	() ()
1 1	2600:9000:205... 2600:9000:2057:ae00:1b:5138:8a40:93a1	() ()
2 2	13.248.245.213 13.248.245.213	() ()
1	2600:9000:21f... 2600:9000:21f3:f000:19:8ca6:3640:93a1	() ()
1 1	35.204.158.49 35.204.158.49	() ()
2 2	85.114.159.93 85.114.159.93	() ()
1	35.227.252.103 35.227.252.103	() ()
1	213.202.235.8 213.202.235.8	() ()
1 1	35.190.0.66 35.190.0.66	() ()
1	178.250.7.11 178.250.7.11	() ()
1	23.35.236.201 23.35.236.201	() ()
2	23.56.202.187 23.56.202.187	() ()
443	75

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN- ()

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::11 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.224.115 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-224-115.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN- ()

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

61 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN- ()

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.208.154 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-208-154.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN- ()

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:8a9 (United States)

ASN- ()

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.122.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-122-7.cdg52.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN- ()

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:372 (United States)

ASN- ()

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.234 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.52.2.91 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 85.111.6.48 (Turkey)

ASN9121 (TTNET, TR)
PTR: ns1.ttidc.com.tr

cpm.programattik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.171.84 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.7 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.159.8.247 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-8-247.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2602:803:c003:200::41 (Amsterdam, Netherlands)

ASN- ()

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.208.11 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: prebid.ams3.adnexus.net

prebid.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany) 1 redirects

ASN- ()

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN- ()

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN- ()

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:248c:b800:1b:f040:3600:93a1 (United States)

ASN- ()

ads.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.58.197.185 (United States)

ASN174 (COGENT-174, US)
PTR: staticip-hv4m185.hispavista.com

t.hspvst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.229.233.53 (Granada Hills, United States)

ASN15133 (EDGECAST, US)

cti.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.235.132.190 (None, )

ASN- ()

i.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 18.203.131.238 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com

s.h.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.171.53 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

fra1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 142.250.186.98 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.111.217.42 (None, ) 2 redirects

ASN- ()

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:ba29 (None, )

ASN- ()

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.231.135 (None, ) 1 redirects

ASN- ()

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.94.180.126 (None, ) 2 redirects

ASN- ()

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (None, ) 2 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:fa8:8806:12::1400 (None, )

ASN- ()

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.124.86 (None, ) 3 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.33.220.150 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:7391:985f:3e9d:2132 (None, ) 1 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (None, ) 2 redirects

ASN- ()

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:831::2006 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.154 (None, )

ASN- ()

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::200e (None, )

ASN- ()

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.66 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.184.155 (None, )

ASN- ()

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:1c00:8:48e:53c0:93a1 (None, )

ASN- ()

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f13:800:7781:4b1:18cc:611a:9549 (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.44.5 (None, )

ASN- ()

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtbc-ew1.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:19ad (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.6.237 (None, ) 5 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.75.86.98 (None, ) 2 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.72.193.93 (None, ) 4 redirects

ASN- ()

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.104 (None, )

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.149 (None, ) 3 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.100.193 (None, ) 2 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.115 (None, ) 3 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (None, ) 1 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 98.98.134.243 (None, )

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:ae00:1b:5138:8a40:93a1 (None, ) 1 redirects

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (None, ) 2 redirects

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:f000:19:8ca6:3640:93a1 (None, )

ASN- ()

cdn.pathtosuccess.global	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (None, ) 1 redirects

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.93 (None, ) 2 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.8 (None, )

ASN- ()

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (None, ) 1 redirects

ASN- ()

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.201 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.56.202.187 (None, )

ASN- ()

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
100	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 123 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 157	951 KB
89	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 221 googleads.g.doubleclick.net — Cisco Umbrella Rank: 51 cm.g.doubleclick.net — Cisco Umbrella Rank: 231 googleads4.g.doubleclick.net bid.g.doubleclick.net	459 KB
43	ye-mek.net ye-mek.net — Cisco Umbrella Rank: 437805 cdn.ye-mek.net	632 KB
27	2mdn.net s0.2mdn.net	895 KB
19	virgul.com static.virgul.com — Cisco Umbrella Rank: 56516 ng.virgul.com — Cisco Umbrella Rank: 49823 ng2.virgul.com — Cisco Umbrella Rank: 54223	233 KB
16	w55c.net 3 redirects ads.w55c.net — Cisco Umbrella Rank: 11648 cti.w55c.net — Cisco Umbrella Rank: 3710 i.w55c.net s.h.w55c.net — Cisco Umbrella Rank: 10481 pm.w55c.net	109 KB
14	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 239 prebid.adnxs.com — Cisco Umbrella Rank: 1754 cdn.adnxs.com — Cisco Umbrella Rank: 1539 fra1-ib.adnxs.com — Cisco Umbrella Rank: 6876 secure.adnxs.com acdn.adnxs.com	81 KB
10	adsafeprotected.com 1 redirects fw.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	105 KB
10	rubiconproject.com 1 redirects prebid-server.rubiconproject.com — Cisco Umbrella Rank: 975 fastlane.rubiconproject.com — Cisco Umbrella Rank: 523 pixel.rubiconproject.com eus.rubiconproject.com pixel-eu.rubiconproject.com Failed pixel-us-east.rubiconproject.com Failed	6 KB
10	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 103 www.google.com — Cisco Umbrella Rank: 3	1 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	478 KB
7	gstatic.com www.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn0.gstatic.com fonts.gstatic.com	139 KB
7	teads.tv 2 redirects a.teads.tv — Cisco Umbrella Rank: 1450 sync.teads.tv	2 KB
7	adform.net 5 redirects adx.adform.net — Cisco Umbrella Rank: 4102 c1.adform.net	6 KB
6	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568 ssum-sec.casalemedia.com	5 KB
5	pubmatic.com 3 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 541 image6.pubmatic.com ads.pubmatic.com	7 KB
4	360yield.com 4 redirects match.360yield.com	2 KB
4	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	2 KB
4	doubleverify.com cdn.doubleverify.com rtb0.doubleverify.com rtbc-ew1.doubleverify.com	21 KB
4	programattik.com cpm.programattik.com — Cisco Umbrella Rank: 52678	565 B
4	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 718 ce.lijit.com Failed	3 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 348 aax.amazon-adsystem.com — Cisco Umbrella Rank: 440 aax-eu.amazon-adsystem.com Failed	60 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	smartadserver.com rtb-csync.smartadserver.com ssbsync.smartadserver.com	371 B
3	adsrvr.org match.adsrvr.org data.adsrvr.org Failed	914 B
3	dotomi.com dclk-match.dotomi.com	310 B
3	yahoo.com 3 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	1 KB
3	spotxchange.com 2 redirects sync.search.spotxchange.com	2 KB
3	openx.net us-u.openx.net — Cisco Umbrella Rank: 474 rtb.openx.net	663 B
3	google.de adservice.google.de — Cisco Umbrella Rank: 8155	818 B
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1494 mp.4dex.io — Cisco Umbrella Rank: 2461 c.4dex.io Failed	25 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 398 imasdk.googleapis.com — Cisco Umbrella Rank: 486 fonts.googleapis.com	212 KB
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	3lift.com 2 redirects eb2.3lift.com	955 B
2	sitescout.com pixel-sync.sitescout.com	374 B
2	bidswitch.net 2 redirects x.bidswitch.net	1 KB
2	onetag-sys.com 2 redirects onetag-sys.com	669 B
2	ctnsnet.com 2 redirects ius.ctnsnet.com gcm.ctnsnet.com	1 KB
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 569	59 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 93434	131 KB
2	criteo.com bidder.criteo.com — Cisco Umbrella Rank: 748 dis.criteo.com	552 B
2	pghub.io pghub.io — Cisco Umbrella Rank: 1962 feed.pghub.io — Cisco Umbrella Rank: 8248	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 165	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 12805	6 KB
2	cloakan.co www.cloakan.co	1 KB
1	travelaudience.com 1 redirects ads.travelaudience.com	553 B
1	exactag.com m.exactag.com	60 B
1	simpli.fi 1 redirects um.simpli.fi	714 B
1	pathtosuccess.global cdn.pathtosuccess.global	115 KB
1	smaato.net 1 redirects s.ad.smaato.net	440 B
1	mathtag.com 1 redirects sync.mathtag.com	931 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 367	26 KB
1	hspvst.com t.hspvst.com — Cisco Umbrella Rank: 133454	916 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49	21 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2020
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 70	47 KB
0	contextweb.com Failed bh.contextweb.com Failed
0	1rx.io Failed sync.1rx.io Failed
0	clickagy.com Failed aorta.clickagy.com Failed
0	blismedia.com Failed tr.blismedia.com Failed
0	bidr.io Failed match.prod.bidr.io Failed
0	quantserve.com Failed cms.quantserve.com Failed
0	mfadsrvr.com Failed rtb.mfadsrvr.com Failed
0	creativecdn.com Failed creativecdn.com Failed
0	demdex.net Failed unilever.demdex.net Failed
0	brealtime.com Failed biddr.brealtime.com Failed
0	emxdgt.com Failed hb.emxdgt.com Failed
443	67

	Domain	Requested by
58	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com googleads.g.doubleclick.net pcloak.blob.core.windows.net tpc.googlesyndication.com fw.adsafeprotected.com s0.2mdn.net ye-mek.net www.googletagservices.com
48	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net ye-mek.net 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com ap.lijit.com
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
35	tpc.googlesyndication.com	1 redirects 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com googleads.g.doubleclick.net pcloak.blob.core.windows.net tpc.googlesyndication.com pagead2.googlesyndication.com s0.2mdn.net ye-mek.net
27	s0.2mdn.net	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com pcloak.blob.core.windows.net s0.2mdn.net ye-mek.net
20	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com static.virgul.com pcloak.blob.core.windows.net
14	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com pcloak.blob.core.windows.net www.googletagservices.com
10	s.h.w55c.net	cti.w55c.net s.h.w55c.net
9	www.googletagservices.com	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net
8	ng.virgul.com	static.virgul.com ye-mek.net
7	dt.adsafeprotected.com	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com ye-mek.net
7	www.google.com	1 redirects googleads.g.doubleclick.net 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com tpc.googlesyndication.com
7	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
6	sync.teads.tv	2 redirects googleads.g.doubleclick.net ye-mek.net
6	fastlane.rubiconproject.com	static.virgul.com
5	c1.adform.net	5 redirects
4	match.360yield.com	4 redirects
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	fra1-ib.adnxs.com	static.virgul.com ye-mek.net cdn.adnxs.com
4	ng2.virgul.com	ye-mek.net
4	ib.adnxs.com	1 redirects static.virgul.com googleads.g.doubleclick.net ap.lijit.com acdn.adnxs.com
4	cpm.programattik.com	static.virgul.com
4	ap.lijit.com	2 redirects static.virgul.com
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	image6.pubmatic.com	3 redirects ads.pubmatic.com
3	secure.adnxs.com	3 redirects
3	a.tribalfusion.com	1 redirects 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
3	match.adsrvr.org	googleads.g.doubleclick.net 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com static.virgul.com
3	pm.w55c.net	3 redirects
3	dclk-match.dotomi.com	googleads.g.doubleclick.net 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
3	sync.search.spotxchange.com	2 redirects googleads.g.doubleclick.net
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	eus.rubiconproject.com	static.virgul.com eus.rubiconproject.com
2	dsp.adfarm1.adition.com	2 redirects
2	eb2.3lift.com	2 redirects
2	pixel-sync.sitescout.com	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com ap.lijit.com
2	ssum-sec.casalemedia.com	2 redirects
2	x.bidswitch.net	2 redirects
2	onetag-sys.com	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
2	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
2	rtb-csync.smartadserver.com	googleads.g.doubleclick.net
2	ups.analytics.yahoo.com	2 redirects
2	fw.adsafeprotected.com	1 redirects 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
2	cdn.doubleverify.com	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com cdn.doubleverify.com
2	static.criteo.net	static.virgul.com static.criteo.net
2	us-u.openx.net	googleads.g.doubleclick.net ap.lijit.com
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	adx.adform.net	static.virgul.com
2	script.4dex.io	static.virgul.com script.4dex.io
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	ads.pubmatic.com	static.virgul.com ap.lijit.com
1	acdn.adnxs.com	static.virgul.com
1	dis.criteo.com	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
1	ads.travelaudience.com	1 redirects
1	m.exactag.com	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
1	rtb.openx.net	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
1	gcm.ctnsnet.com	1 redirects
1	um.simpli.fi	1 redirects
1	cdn.pathtosuccess.global	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
1	rtbc-ew1.doubleverify.com	cdn.doubleverify.com
1	s.ad.smaato.net	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	ssbsync.smartadserver.com	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
1	s.tribalfusion.com	ye-mek.net
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	static.adsafeprotected.com	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
1	bid.g.doubleclick.net	8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
1	www.gstatic.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	ius.ctnsnet.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync.mathtag.com	1 redirects
1	cdn.adnxs.com	static.virgul.com
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	i.w55c.net	googleads.g.doubleclick.net
1	cti.w55c.net	googleads.g.doubleclick.net
1	t.hspvst.com	googleads.g.doubleclick.net
1	ads.w55c.net	googleads.g.doubleclick.net
1	imasdk.googleapis.com	c1.imgiz.com
1	prebid.adnxs.com	static.virgul.com
1	feed.pghub.io	pghub.io
1	prebid-server.rubiconproject.com	static.virgul.com
1	bidder.criteo.com	static.virgul.com
1	a.teads.tv	static.virgul.com
1	hbopenbid.pubmatic.com	static.virgul.com
1	mp.4dex.io	static.virgul.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	pghub.io	static.virgul.com
1	www.google-analytics.com	www.googletagmanager.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
0	c.4dex.io Failed	pcloak.blob.core.windows.net
0	bh.contextweb.com Failed	ap.lijit.com
0	data.adsrvr.org Failed	ap.lijit.com
0	pixel-us-east.rubiconproject.com Failed	ap.lijit.com
0	aax-eu.amazon-adsystem.com Failed	ap.lijit.com
0	sync.1rx.io Failed	ap.lijit.com
0	aorta.clickagy.com Failed	ap.lijit.com
0	tr.blismedia.com Failed	ap.lijit.com
0	pixel-eu.rubiconproject.com Failed	ap.lijit.com
0	match.prod.bidr.io Failed	ap.lijit.com
0	ce.lijit.com Failed	ap.lijit.com
0	cms.quantserve.com Failed	ap.lijit.com
0	rtb.mfadsrvr.com Failed	ap.lijit.com
0	creativecdn.com Failed	ap.lijit.com
0	unilever.demdex.net Failed	ye-mek.net
0	biddr.brealtime.com Failed	static.virgul.com
0	hb.emxdgt.com Failed	static.virgul.com
443	118

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-04-04` - `2023-07-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-03-12` - `2023-06-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2022-11-23` - `2023-11-22`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-31` - `2023-08-31`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2023-05-06` - `2024-05-04`	a year	crt.sh
*.programattik.com GeoTrust RSA CA 2018	`2022-10-25` - `2023-10-25`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
teads.tv R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
prebid.adnxs.com GeoTrust TLS RSA CA G1	`2022-05-26` - `2023-06-26`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.w55c.net Amazon RSA 2048 M02	`2023-05-29` - `2024-06-25`	a year	crt.sh
*.hspvst.com Gandi Standard SSL CA 2	`2022-12-12` - `2023-12-09`	a year	crt.sh
ads.w55c.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-30` - `2024-06-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
h.w55c.net R3	`2023-04-04` - `2023-07-03`	3 months	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2023-03-27` - `2024-04-26`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-07`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
cdn.pathtosuccess.global Amazon RSA 2048 M02	`2023-04-20` - `2024-05-18`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh

This page contains 50 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Frame ID: 2DB11DC4A173493A0DE48D00F20B0D5F
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 48AFAE4A0227B88A5646AEDB45BAFFA0
Requests: 124 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: EE70553601101260F887C932469DCEC6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230531/r20190131/zrt_lookup.html
Frame ID: 7B7DE1134CCEB046F2B7875A934812CE
Requests: 1 HTTP requests in this frame

Frame: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 3DE86E3F744204EF02656BE40F76B3DA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740470740&bpp=4&bdt=639&idt=254&shv=r20230531&mjsv=m202305300101&ptt=9&saldr=aa&nras=1&correlator=3160278201483&frm=24&ife=1&pv=2&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C44788442%2C21065724&oid=2&pvsid=2150670595636049&tmod=952913366&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.viu0ogpn687e&fsb=1&dtd=271
Frame ID: 82BB61BA0D88AC4F96D96EEBDDEB1AC9
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 7C8A6E2336A824BE71031B7413C524F6
Requests: 1 HTTP requests in this frame

Frame: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 471C756773D295C50494DDB066DD56FC
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471568&bpp=15&bdt=96&idt=158&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&nras=1&correlator=8262993181040&frm=8&ife=1&pv=2&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.7rxomm3jjv1k&fsb=1&dtd=178
Frame ID: DDE27E9DC9E8EA18414B496436721640
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471583&bpp=3&bdt=111&idt=167&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8262993181040&frm=8&ife=1&pv=1&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.y583jcix5nzd&fsb=1&dtd=177
Frame ID: 08748BEE5F4F3E52B4977BD267527B59
Requests: 21 HTTP requests in this frame

Frame: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 7B5C69EE7F685BDF1898A8A83FF00F63
Requests: 19 HTTP requests in this frame

Frame: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 9F36FE507630067D0FD29C0DC2F49032
Requests: 18 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssewCzeOgkfjW1W52dXJzCU5488CdOAG4pKyRiqwPL6Vyl8TqvAzcwTbX8Z0tpsVmy6-bjuR_YEL-YWI2PQWq-4VS2_pIByruuyczF-SkJk-i00ShKRnd9lVmurdqcilBD4NtgCOgoNjbMzaK5yr7iWuSzvW0awGH-clIw1HGNPC72ezFVe0ZwtxyFg8aDljbJfxURjhF_-WOolu0QDt0zBQCG_tLDiyfocpExJGWvJ1RGVdn8vvRXDwwL0DG6CRA6y5rbBGUPMZ4mAU0b5yOyRCmv_90NtXwjUQqDLn6pyW04oJtpCmAZ9kIzJDWno-gEl1W2GoDxZy25U0A0&sai=AMfl-YTaukcm2RrF8lzhGtKH9IjO_-W34Cm25wYUO4mzrvmZLKcUCL25UWc_XK4WNuH3a1De7v5FpuEE1pjFctxQX8A08ou2DsACbwdtlN4oyvXitn0mpzZ0TMbDJXEHvQ&sig=Cg0ArKJSzBNhdP6LB3KGEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: F8D934966896DDFE1E52CB9E5D8FB1F2
Requests: 14 HTTP requests in this frame

Frame: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 568D6F3685641D161EDA68A408724614
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNVfVYr27azoeRjGoNS84eXQEzEquFngWQnb7kRtKVYaIjgC37KH6iVQIfVyf9K-DUJNcea2iUJcOuhxvYN7JVTRUJrXbo1J_rvaGlMHMmpsSBp1lgsooLSzHVZ5BgPTPTE3gBHuty6dxiE2vuIEznVy79g-zD0XHMYijxinkHhLPntqDD8
Frame ID: 7041630E47033D0FE62E00BB09936C31
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNUqP5bKbuIGdlAivAey6Xfzj6sIxlkKtDa7XBJivWxRW0xq5GIYkK84ZkjxtS8UOsjxxbg-VZ4mdd4yx4laFKffphj0LV8GoMSvIrHmWJR8jk4teXoDQv2JEZ1jg9aPcWG_PjoqSQM2_NV-rmDmGNoeSgMB2mR3uQtAODnn4JvIA453f_U
Frame ID: 73B71275F325DF15BCED874E741AF97D
Requests: 5 HTTP requests in this frame

Frame: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 9F87A3F9C09D83B31ADBA4BE678B32A2
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 2C1AF17C80E9E2D39F18BE3A777B593D
Requests: 20 HTTP requests in this frame

Frame: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 6606BBC70EEED347B8ECBCBAB45094ED
Requests: 28 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 29240DA5EC835BE7E02CCD0A0D24F9F2
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJDi1MQCENjdsOICGPmPnOYBMAE&v=APEucNU6s73lUCcABnrEniq_jrNyyYN4z9wpyv8ERNDfvU3c1DUn38PXlVjr3CP_mX0_a6pJTz0ZpOJQO1xfV9V7Z3pwUTkk7L3At4vEsQMLF6qtfHgKxM8auHUzINd4rLUQ632WUveaZOY9f8gNtL9zzhtCXdd2MBlul8nQIvYDkkS2D9VTNeI
Frame ID: 28ED15F03D03EFD25CB6D776322246B1
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNW4ZzOUlQaIPiUca1uR7_vVss9RBNcGSvwIBAk9MtULvtw7Jdx7TS43YtecLxh5j8-JUY5SGmu6UNvAwuU0a0wH0H3GiVgkw34Cvc2BLxc4ifaIUQ-GnoR05Rd1IBomRZa2oExlXqLrt6l8cn119OF84Cfti1nBy19Hhyr00UUh9pyaeYU
Frame ID: 9EC0059216463176A8093F9CFEAA5025
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C5A1D75C75774670C1FEE9754D2760DD
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F70A727BC43F56890B2ADC5BF93409B5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 48FB0B9D7DD93A23F0C39E3B4C80AF06
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DE030A975B50EDDB5470FCC3464F3BF3
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250
Frame ID: 6ACCDDF369709164FF7728C79F85F596
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9355A500FB8116E3B86E25C86E0D9307
Requests: 3 HTTP requests in this frame

Frame: blob://https://googleads.g.doubleclick.net/371f3489-1029-435f-8a4d-602bbf3162af
Frame ID: 5FAEA645F162FE69F84834CC2DAF1B8C
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 6F1600105BE2F8B56980A544A3DDCAD1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3AF61730711933BC6C65F2A9FFF6F120
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 124446A0889CF062CBFE57E18044849C
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250
Frame ID: 438F532682FD83601B4A498E2026CA32
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 038187A863D7E7450BF5175672C0B155
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9564131E03AE54B47E9619C1F02081A4
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 42AF31ECB9B344D39AE914B0C6062250
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js
Frame ID: 8DFDC0E6D06181071084546FCB28EC68
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CD0494895E34965C08CFDBB2C2624E79
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E2309CFE887EA285CA1EF173FFA6C749
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=JUpa7ve0ik&t=1&renderingType=2&ev=01_250
Frame ID: 0AAF8D942D1878195CD48349BE8C503B
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js
Frame ID: B2A9F30E54578E31B84361A01265BAFA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js
Frame ID: FC1994C3FD625405AE9B703CFFFD0B6C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 2BDDAC064DF717F74F2040859F28CE31
Requests: 2 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13442375
Frame ID: F1BC3248E3FA38D81A99626032F8791A
Requests: 19 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=159432
Frame ID: B1C2A7D02183F1BFB90F39C2AFF17ACD
Requests: 2 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 1FD323F5376077506C9F2DEFF2E087BC
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: CC11D4D17693C20942F1855789DA9206
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: 58B32D229DC801D11E08378BEABF627B
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: 0082C644B546A218902823C6A62E0FA4
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Frame ID: E4A5E41BA15ACB8960B883C64A339BA8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

443
Requests

83 %
HTTPS

37 %
IPv6

67
Domains

118
Subdomains

75
IPs

9
Countries

4917 kB
Transfer

11348 kB
Size

20
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJffxKbjiWZ54xKyssYlY4U&google_cver=1

Request Chain 168

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJffxKbjiWZ54xKyssYlY4U&google_cver=1

Request Chain 169

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECP6HMRx4jL--LrggKsUuMY&google_cver=1

Request Chain 170

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D

Request Chain 181

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC56DiABxWBBT_ZauSulKrg&google_cver=1

Request Chain 183

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEFq4r7xCd-Y5jHB2Zpc6738&google_cver=1

Request Chain 211

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEK25q0VPlhDq_m5laEcU_NY&google_cver=1

Request Chain 212

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=781ed828-018a-11ee-9583-129210fe0206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzgxZWQ3ZTctMDE4YS0xMWVlLTk1ODMtMTI5MjEwZmUwMjA2

Request Chain 213

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS02N0xVZ25aRTJ1RktGeWxoLmtOQ25La21Melh1NmYyZH5B

Request Chain 215

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGMnzqYMy1h2o5sC4td8HDFazGdrlFxcvq0PuW-y0azJAKlJkYBTuOgWPnxEV7nNa9YVgtqac1WbE1G4Osuux9lrOnGBn4-PynhJT7AqjZJSOkGLDjVt9v8Gdo7I0pF4Ba_YT0gAeQH6Zay7i8iwlSFboQg HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGMnzqYMy1h2o5sC4td8HDFazGdrlFxcvq0PuW-y0azJAKlJkYBTuOgWPnxEV7nNa9YVgtqac1WbE1G4Osuux9lrOnGBn4-PynhJT7AqjZJSOkGLDjVt9v8Gdo7I0pF4Ba_YT0gAeQH6Zay7i8iwlSFboQg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dkxxYnRpQUQxUTVjNnM1&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGMnzqYMy1h2o5sC4td8HDFazGdrlFxcvq0PuW-y0azJAKlJkYBTuOgWPnxEV7nNa9YVgtqac1WbE1G4Osuux9lrOnGBn4-PynhJT7AqjZJSOkGLDjVt9v8Gdo7I0pF4Ba_YT0gAeQH6Zay7i8iwlSFboQg

Request Chain 216

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAlXgJRN8dAY8tMfEKz6iQk&google_cver=1&google_push=ATf1kGN6yc7BlCfNKhZSUX-k1DvQPY_eJWpeLNSDwnVxnnCjO5QeXYWmnNo9W4FrZGx7npfQd5pRJtZM8jhIbDopWccN2qvdA8n-P-eJ4Aaiemnmydwk2GLoTyAsmbXkCKVqp3wZ3Dib2A-x3m0DqlSk_-113A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGN6yc7BlCfNKhZSUX-k1DvQPY_eJWpeLNSDwnVxnnCjO5QeXYWmnNo9W4FrZGx7npfQd5pRJtZM8jhIbDopWccN2qvdA8n-P-eJ4Aaiemnmydwk2GLoTyAsmbXkCKVqp3wZ3Dib2A-x3m0DqlSk_-113A

Request Chain 218

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEFR5Gb04EXmXaiEMZfZhX2w&google_cver=1&google_push=ATf1kGNU3Y31sveH0wch84-yVUmaU8NYECHnkytDsGMh1kUrp0vzbcLLaRI-UiWcUrG7EDvnuYAYQFBT5_rRLDk-VmG1SVpAmu8wv6WQZnjCmDfb_4H4d02_tOvpTyoD_whyujKDradw2xB5TlkEtMizBNF4HSo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGNU3Y31sveH0wch84-yVUmaU8NYECHnkytDsGMh1kUrp0vzbcLLaRI-UiWcUrG7EDvnuYAYQFBT5_rRLDk-VmG1SVpAmu8wv6WQZnjCmDfb_4H4d02_tOvpTyoD_whyujKDradw2xB5TlkEtMizBNF4HSo&google_hm=eS1HLnBuMEJkRTJwRVBUY1RQRm5lLmg4Q3hYLi5FSFVlTX5B

Request Chain 219

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEOovkkdY1eZBecR-FnijYe8&google_cver=1&google_push=ATf1kGMUJdXNDKXuv-nR0tPMKaBsYcFYKknM3WIkYj85_YMleLgBjlLaf7zTmRYHw1f5TB_e1TvhPWEdNeWxXYG5ZqJf4oM8pH8KAEeJwnFLvWf5qDR04OoEukPPuV0Lh5exafSpjjf-E6NY_-st2fkOuyP0_DmR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=ATf1kGMUJdXNDKXuv-nR0tPMKaBsYcFYKknM3WIkYj85_YMleLgBjlLaf7zTmRYHw1f5TB_e1TvhPWEdNeWxXYG5ZqJf4oM8pH8KAEeJwnFLvWf5qDR04OoEukPPuV0Lh5exafSpjjf-E6NY_-st2fkOuyP0_DmR&google_hm=OHYtUjrMSOetfIM4pORGigc

Request Chain 220

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENp_adFgDZ20uK7uAqWJuY4&google_cver=1&google_push=ATf1kGOKPr8o17-zEQIS08VkQoU_QqKE8kG6m3rDx_i5rsNdU_8fRojzJV_qJkan9d_dLzMGA9-HkXe3uc3WLPcvmT69z1-Wy-OyFsveWBwSnWm7_ufWaZeHyVwPKpD15rO2EDIgASKkQZJWezZ39AZzMahw6ibg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGOKPr8o17-zEQIS08VkQoU_QqKE8kG6m3rDx_i5rsNdU_8fRojzJV_qJkan9d_dLzMGA9-HkXe3uc3WLPcvmT69z1-Wy-OyFsveWBwSnWm7_ufWaZeHyVwPKpD15rO2EDIgASKkQZJWezZ39AZzMahw6ibg HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 237

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEI6zdXB_9i4cqAjtLmPoAn8&google_cver=1

Request Chain 270

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOCat6zDHxCwCRiwCTIIZ7MB4_P2Swc HTTP 301
https://tpc.googlesyndication.com/simgad/3995853839924061625

Request Chain 282

https://fw.adsafeprotected.com/rfw/bgd/1352960/70224255/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DWwPfUgMeWgpUm80xJfeqCuqUhdyjwPrxnDlbhslAc76FEeWGhIqorI4IPMdkp0rbt2cze9HdZTi1IbJ_WJ4MtNcNbzPMC-HLk3FSYlEXWmO1XDt2HMKEOGdOebBZ1DkpvjKfYeEH2oqkInYWqK10uKrSeGyrwuMecOkr9udNOwAxjWKoS2RQAoCZ_4G5SClNukvCP3FOcxiTD5wi4RL7Nm2enXWJJme7ESZCJP9FM0B1SU4V8zM78HgPKipsLtqbBlLuB3w3nv5vYZcZkhrGNvZYMEaeEuWYzs9gz4_nVKwUlc4tvDJZGAiA3KxRfhSDUA8CeST9khdwxPQNwMXDUy3dojIQJmTTs2GXVCx3OCiXMiI4AyMEE8S1K2YlcQNwteldVXexFG6NcmZfzVe-lIzY1FxnS7AqSC_l7f3eQ0x3ujyAoyULz13vMyk-oeIT92K7BC9smY6kB8KuWKDJzyjOHew6qn79w1iljiFOHhYV7ixGrTd6bl0pexcUuutSSb-5nYvRkHHYoY1WKgKbRvbg_UhdW_GB3R5X4XTmLAwmQFWShv22hCms6Rm5IK9QZtpMxynCfdpuKEoBYFVIZcyCVVwSEdqFnMceDCyPs9lpRuhYNoJvfnFgcLo-58UQFAc6ek3KOnSGkf4pbp9CxAM_jizBi-ZJ_NNBJILLgSvVajADmovGhGxyxh_Pgg8lrqxBfRwewU4z1jZP5oQ3aQ_Dyyu_TrjeHHWtC5rfwjjr0mrO6ryBqQ0ap_2JaQ_lO7dpYsuFowG0S4GBG7UWtJGTcs7lklTxhqGyM4sXh4POUoXAmjEP5Z0F0wPaBN0oGsZjDdWE1pJyJ0SumGQ43o0FVD_DRgep0sWmgiyTFP3mXQDf3Y9qCXVzG7RIx6Q8HRwVvq_nQKjKy6Pg3HFgUBiN-cRIqq9-8PNMrLtA9Mlo9jxQ9JOsUzPoB3S71B8zWxBEAE7apq12a3wYryFDSzgMxJ0QwISR4t-oiOlMgIez2W7p9q-G5xaTtno1E33PCAIkqvvehAEr3VRMnTwgdyvr_j1PICbwf-Llip7erFawdaNUiUrKlqLTsxL-LXI_gCL1tBGhsjxBsp9AJNhM9e4h5UU-7e_7v-q6V2OyR0Tv9jXzuKxm_Hv0y_b9f3TdKAtWiVxwfqIZmPqxvKzCS8NuYsUCNEbec9NVEt67C_CabTg5mjxr_csxSnJ1Rb4dmnJqHdqkEPJwj2gX7D9yESJYfm7mcXfsW6ggkJ36ICkV4BX4TlHYItVG6kJQgxo23GdXXo6NI2Ffq4by8jIhLsUY-vdwxmQLdfk0dIKiwe821IaXT59UmzYBj6gl8TZYptwmvfb5y6MC3CgJ6PjTJmWSoG1RXCYlJx23OCVcDeOcxvCitFtanOTGyb9g6BIRamNdJYmu1RqwWzX8q0jskn33JkdM3hBipe4CHqFJvmXH5mPW6IeBPJktCcpS6bz1KwAEB19y73RGzngtD-pC_MDqFyq72NBIZeOne7T-gshJOrYZJPM-IywEPW6KQSxtCkjjRhpSOLNJhiqwlMSkX3_ipebOgq66T4Xk2WIqFx9TlKmC_DmkFIN-bFl06SDjrnSwumHH0yMPSG7bD2K39MPI2h2x4HY9gvVG9cZSYgLMuYNK6H5utq3YbgnaZslY2yEispqCD15TnfT4zyccFlycauXc-u-DkA_RHZoNbNeBSYhRarZdJuuMCdbQKS6pz4DUNqtcsD7tVaffOAxlj9H6YeTrv7PXSBlWGWDO8Ebw_LcDyftkGqmKa6X9_dGgbmD4CCHLtcDX0aVCMScpvO_sm-Nqs639EVT3C6OgJhS6OXs1To3EmPRs3GgdXNmTnTEZSUCtOW_jl5vUh8-PccWy3UUMfS2nB9FVMq01th9Ce383zoDmPFHVDkeugBSMgfPW10Ebga5yxbvzqe37jJKxu-owhT8ORK7b4dTFL8LOu93vRRob2FRgnOUFhK1Jwly3ClmIR-R1jZMLoeP-fA2hhzc4xzjyXCKOxzQl5LaL5LXBq6wO1NrZqxSHjC_l9bfqg8ix0D8LTkyQA2_88Yg78cs9Ei5OEHW1vMgHzmmCOyb1AMrjzx7l4WpSY42NHIVD3NaV3XuhFoygY_mQ0pJw4AfgOKCa2YZFLDmbORNg12LRSqHfgWajLLScZPqAJAf_hrC5AxRDDI4Tfd7bnKKqWTkH7xr2sIob6UCg-XKWKFXk0Wy0gDhk5A_A8Ps0aQHgr6IOYdSrkn_iRO4Xw3VmY2GZOXSesMRcIq9N91YNK9z3b1bfvzVkxUn_F5l36oXvJ9H2bEMRh468RNA8Ynoh_1cRKELChgMxBmBBsyjcxyPAkutGscGB121YZiR-4Ts0wEsEKGE0R93Z0iNjjl3E8szddbHILbLxPak0pB98ZmRDWKbOodhopDzp0iTnS8xj4WV_xVYmocXAei2PnQlJT7gSdVCDJT9ibKmeXl-spLg1u-orjyrAN_hg6H7NlgDkRQZoBFSKcL18fexWSrDVybB4rUD-dhe1UqD_RBxMGjLDeAC7pv7gjPQ4Lv2KwuhBV3XoND80oWr-xPnfMa1c9WiDFWwBhKxov3x78dawzOwmVfB27UE_5t8drOhSss9ybpno76sL3eNeWJhDKfb0auv5mkAEUj1bLEwmizovWxC229fqoshpkBnZ0-mHh3ilO0R0Z5lVbzLcMwmtMZxohFfCuCjkiY9yEdeRSXnQ_LKIt8Pz2fINnEBzhoZNxNY2I_6KmltFBjzau1usV0iPv_WODBjacPnCrXBMpaPcJmbki30QBUd2h_LSh0McawYbwjkWd35zv3I7ezmPLKkOletQGeN6KMKgMtpKzivtVBvdFCaD2-atLki-EzdmxnidSGr-OLx9ubwszwFaYeembPV2r-Rh8n5ZqPbgocobnE-KXeK69OOnmbFaa7yZ-gQKFUWjxmZWcGGh73iWReAzSVXf0s3DTHwMIyDPWAHroMvSaSIaOpKiucamYP_2PRPcEUMseJbXHovc3pCdRZ-OJEjHNXLk6nVpCyRsKY_dePS7Oc_K_su3S2Ndp4MKf3TSMzarLLd9wi4CqyBk5bmfsXDeTSlxwO-9-6LNXx01RB7I3yJUxtWqzFdys0b8Qrpd0BziIeyQRZHPZcXf0cSCAK3oFQBM6knCW8dHmbemqaC5KRfu2zF3Ih5AEVB1Zzvu37tMUAJPsEWTv8lT8IF0B7pxY14c-_NX1-sO40NLrI243seT3eUbDmgSQVIjr4f5KwsiS5VY2iMjxwHXBkcoZtq04VuPNXsdafwqR_LudIiRcWrnLnCKixRnFnsZO4uFXjKUpGnrquDwz2z43o2ZOtE-XfBigFDBMzIa-J3UqjN9ZmH4n6d9FuVkVYp_0qx8mOkSX2w7oxPHVGvet4MktL0sf0SXjwH1YO4jLDRvIUkvVOYhECsNG04WTjne8gZlaw_J9nBx2MT5-3PQPnQIAIGxUq40OTwVqvm1cv8P1ULYdumX0pUd-5zmM7vkNK8zkYdseN7IuntMrD2kDf-akReKf6gzrlFKxzHPjgd7sRlZER0x-n4wB31GfQMR6uhgEVG3HG0auCVjj6tw3fwgDmpIThk9leFLdmHy8sl-SGEQlafMiFuWA_1G4tkhiL0CMohhuuqZioYF2eyZdV94F2-FQiJFf_Np81_lo-AXgj3XCX1jufo16AMLZYI0aQQgEEjsAcoEIg_zp32-t3su9BSNntnsymcjsRUZ6Kd0s6F1_4oKgNXONu1Xh79aGhuLJlsVuvTGjOTyD_aWYnBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-7983651257838282&ias_chanId=1&ias_placementId=18513634021&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iyqquP0DVazRHO4Pp9QncJ&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:d604d47b-b5b4-9944-fcef-13e23fdf4371,c:epWLpi,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-597464b965-gbk5b,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:5,mot:0,app:0,maw:0,fm:tG3NenF+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C116231%7C11624%7C1171%7C1172%7C1173%7C1174%7C1181%7C1182%7C1191%7C11a1%7C11a2%7C11b1%7C11c*.1352960-70224255%7C11c1,idMap:11c*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:rjss,et:66,oid:78232ddf-018a-11ee-a1a5-8af868d1f5cc,v:19.8.416,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DWwPfUgMeWgpUm80xJfeqCuqUhdyjwPrxnDlbhslAc76FEeWGhIqorI4IPMdkp0rbt2cze9HdZTi1IbJ_WJ4MtNcNbzPMC-HLk3FSYlEXWmO1XDt2HMKEOGdOebBZ1DkpvjKfYeEH2oqkInYWqK10uKrSeGyrwuMecOkr9udNOwAxjWKoS2RQAoCZ_4G5SClNukvCP3FOcxiTD5wi4RL7Nm2enXWJJme7ESZCJP9FM0B1SU4V8zM78HgPKipsLtqbBlLuB3w3nv5vYZcZkhrGNvZYMEaeEuWYzs9gz4_nVKwUlc4tvDJZGAiA3KxRfhSDUA8CeST9khdwxPQNwMXDUy3dojIQJmTTs2GXVCx3OCiXMiI4AyMEE8S1K2YlcQNwteldVXexFG6NcmZfzVe-lIzY1FxnS7AqSC_l7f3eQ0x3ujyAoyULz13vMyk-oeIT92K7BC9smY6kB8KuWKDJzyjOHew6qn79w1iljiFOHhYV7ixGrTd6bl0pexcUuutSSb-5nYvRkHHYoY1WKgKbRvbg_UhdW_GB3R5X4XTmLAwmQFWShv22hCms6Rm5IK9QZtpMxynCfdpuKEoBYFVIZcyCVVwSEdqFnMceDCyPs9lpRuhYNoJvfnFgcLo-58UQFAc6ek3KOnSGkf4pbp9CxAM_jizBi-ZJ_NNBJILLgSvVajADmovGhGxyxh_Pgg8lrqxBfRwewU4z1jZP5oQ3aQ_Dyyu_TrjeHHWtC5rfwjjr0mrO6ryBqQ0ap_2JaQ_lO7dpYsuFowG0S4GBG7UWtJGTcs7lklTxhqGyM4sXh4POUoXAmjEP5Z0F0wPaBN0oGsZjDdWE1pJyJ0SumGQ43o0FVD_DRgep0sWmgiyTFP3mXQDf3Y9qCXVzG7RIx6Q8HRwVvq_nQKjKy6Pg3HFgUBiN-cRIqq9-8PNMrLtA9Mlo9jxQ9JOsUzPoB3S71B8zWxBEAE7apq12a3wYryFDSzgMxJ0QwISR4t-oiOlMgIez2W7p9q-G5xaTtno1E33PCAIkqvvehAEr3VRMnTwgdyvr_j1PICbwf-Llip7erFawdaNUiUrKlqLTsxL-LXI_gCL1tBGhsjxBsp9AJNhM9e4h5UU-7e_7v-q6V2OyR0Tv9jXzuKxm_Hv0y_b9f3TdKAtWiVxwfqIZmPqxvKzCS8NuYsUCNEbec9NVEt67C_CabTg5mjxr_csxSnJ1Rb4dmnJqHdqkEPJwj2gX7D9yESJYfm7mcXfsW6ggkJ36ICkV4BX4TlHYItVG6kJQgxo23GdXXo6NI2Ffq4by8jIhLsUY-vdwxmQLdfk0dIKiwe821IaXT59UmzYBj6gl8TZYptwmvfb5y6MC3CgJ6PjTJmWSoG1RXCYlJx23OCVcDeOcxvCitFtanOTGyb9g6BIRamNdJYmu1RqwWzX8q0jskn33JkdM3hBipe4CHqFJvmXH5mPW6IeBPJktCcpS6bz1KwAEB19y73RGzngtD-pC_MDqFyq72NBIZeOne7T-gshJOrYZJPM-IywEPW6KQSxtCkjjRhpSOLNJhiqwlMSkX3_ipebOgq66T4Xk2WIqFx9TlKmC_DmkFIN-bFl06SDjrnSwumHH0yMPSG7bD2K39MPI2h2x4HY9gvVG9cZSYgLMuYNK6H5utq3YbgnaZslY2yEispqCD15TnfT4zyccFlycauXc-u-DkA_RHZoNbNeBSYhRarZdJuuMCdbQKS6pz4DUNqtcsD7tVaffOAxlj9H6YeTrv7PXSBlWGWDO8Ebw_LcDyftkGqmKa6X9_dGgbmD4CCHLtcDX0aVCMScpvO_sm-Nqs639EVT3C6OgJhS6OXs1To3EmPRs3GgdXNmTnTEZSUCtOW_jl5vUh8-PccWy3UUMfS2nB9FVMq01th9Ce383zoDmPFHVDkeugBSMgfPW10Ebga5yxbvzqe37jJKxu-owhT8ORK7b4dTFL8LOu93vRRob2FRgnOUFhK1Jwly3ClmIR-R1jZMLoeP-fA2hhzc4xzjyXCKOxzQl5LaL5LXBq6wO1NrZqxSHjC_l9bfqg8ix0D8LTkyQA2_88Yg78cs9Ei5OEHW1vMgHzmmCOyb1AMrjzx7l4WpSY42NHIVD3NaV3XuhFoygY_mQ0pJw4AfgOKCa2YZFLDmbORNg12LRSqHfgWajLLScZPqAJAf_hrC5AxRDDI4Tfd7bnKKqWTkH7xr2sIob6UCg-XKWKFXk0Wy0gDhk5A_A8Ps0aQHgr6IOYdSrkn_iRO4Xw3VmY2GZOXSesMRcIq9N91YNK9z3b1bfvzVkxUn_F5l36oXvJ9H2bEMRh468RNA8Ynoh_1cRKELChgMxBmBBsyjcxyPAkutGscGB121YZiR-4Ts0wEsEKGE0R93Z0iNjjl3E8szddbHILbLxPak0pB98ZmRDWKbOodhopDzp0iTnS8xj4WV_xVYmocXAei2PnQlJT7gSdVCDJT9ibKmeXl-spLg1u-orjyrAN_hg6H7NlgDkRQZoBFSKcL18fexWSrDVybB4rUD-dhe1UqD_RBxMGjLDeAC7pv7gjPQ4Lv2KwuhBV3XoND80oWr-xPnfMa1c9WiDFWwBhKxov3x78dawzOwmVfB27UE_5t8drOhSss9ybpno76sL3eNeWJhDKfb0auv5mkAEUj1bLEwmizovWxC229fqoshpkBnZ0-mHh3ilO0R0Z5lVbzLcMwmtMZxohFfCuCjkiY9yEdeRSXnQ_LKIt8Pz2fINnEBzhoZNxNY2I_6KmltFBjzau1usV0iPv_WODBjacPnCrXBMpaPcJmbki30QBUd2h_LSh0McawYbwjkWd35zv3I7ezmPLKkOletQGeN6KMKgMtpKzivtVBvdFCaD2-atLki-EzdmxnidSGr-OLx9ubwszwFaYeembPV2r-Rh8n5ZqPbgocobnE-KXeK69OOnmbFaa7yZ-gQKFUWjxmZWcGGh73iWReAzSVXf0s3DTHwMIyDPWAHroMvSaSIaOpKiucamYP_2PRPcEUMseJbXHovc3pCdRZ-OJEjHNXLk6nVpCyRsKY_dePS7Oc_K_su3S2Ndp4MKf3TSMzarLLd9wi4CqyBk5bmfsXDeTSlxwO-9-6LNXx01RB7I3yJUxtWqzFdys0b8Qrpd0BziIeyQRZHPZcXf0cSCAK3oFQBM6knCW8dHmbemqaC5KRfu2zF3Ih5AEVB1Zzvu37tMUAJPsEWTv8lT8IF0B7pxY14c-_NX1-sO40NLrI243seT3eUbDmgSQVIjr4f5KwsiS5VY2iMjxwHXBkcoZtq04VuPNXsdafwqR_LudIiRcWrnLnCKixRnFnsZO4uFXjKUpGnrquDwz2z43o2ZOtE-XfBigFDBMzIa-J3UqjN9ZmH4n6d9FuVkVYp_0qx8mOkSX2w7oxPHVGvet4MktL0sf0SXjwH1YO4jLDRvIUkvVOYhECsNG04WTjne8gZlaw_J9nBx2MT5-3PQPnQIAIGxUq40OTwVqvm1cv8P1ULYdumX0pUd-5zmM7vkNK8zkYdseN7IuntMrD2kDf-akReKf6gzrlFKxzHPjgd7sRlZER0x-n4wB31GfQMR6uhgEVG3HG0auCVjj6tw3fwgDmpIThk9leFLdmHy8sl-SGEQlafMiFuWA_1G4tkhiL0CMohhuuqZioYF2eyZdV94F2-FQiJFf_Np81_lo-AXgj3XCX1jufo16AMLZYI0aQQgEEjsAcoEIg_zp32-t3su9BSNntnsymcjsRUZ6Kd0s6F1_4oKgNXONu1Xh79aGhuLJlsVuvTGjOTyD_aWYnBgBYAE&cry=1&bundleId=

Request Chain 297

https://a.tribalfusion.com/i.match?p=b6&u=CAESED5w6B117jHCGvNxMGgWcxE&google_cver=1&google_push=ATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4V&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4V%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESED5w6B117jHCGvNxMGgWcxE&google_cver=1&google_push=ATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4V&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4V%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 298

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGOrvYQ1wlvWn_-9lNcERx1Uo0k__RicSjUdRntezRJhEOQChPF0SJ36Mz9EBs0Yxa8BVejM_JcRDR3lMChuKkUjiS7lWmvN HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGOrvYQ1wlvWn_-9lNcERx1Uo0k__RicSjUdRntezRJhEOQChPF0SJ36Mz9EBs0Yxa8BVejM_JcRDR3lMChuKkUjiS7lWmvN HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjAxNTIxMjQ1NzA4NTQwNDM0OA&google_push=ATf1kGOrvYQ1wlvWn_-9lNcERx1Uo0k__RicSjUdRntezRJhEOQChPF0SJ36Mz9EBs0Yxa8BVejM_JcRDR3lMChuKkUjiS7lWmvN

Request Chain 299

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKpxRCF61XE1xALtlhfZEwQ&google_cver=1&google_push=ATf1kGNapX10xp9uGkIzt53EK6zPma3ywZ72eOq00amBEdmRQqXkKrmenjRZvHYzceNwr4ukjkkQ5bC_hCtDoLBCZmoZvI60jqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNapX10xp9uGkIzt53EK6zPma3ywZ72eOq00amBEdmRQqXkKrmenjRZvHYzceNwr4ukjkkQ5bC_hCtDoLBCZmoZvI60jqw

Request Chain 300

https://match.360yield.com/match/ebda?google_gid=CAESEF-_qX3iSw2fQLyQ1X5v6gw&google_cver=1&google_push=ATf1kGNWoFecpW9ZHIObqXcodyzA4-TSirN8JhSF8L1kelTu6XUNXOGAUh_wDM-KM1BqkwkJsvtClgu_QlJTEQ6UDdg3EoY14QPk HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEF-_qX3iSw2fQLyQ1X5v6gw&google_cver=1&google_push=ATf1kGNWoFecpW9ZHIObqXcodyzA4-TSirN8JhSF8L1kelTu6XUNXOGAUh_wDM-KM1BqkwkJsvtClgu_QlJTEQ6UDdg3EoY14QPk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=mQeaxo66QUOw3uUqw9YuOw&google_push=ATf1kGNWoFecpW9ZHIObqXcodyzA4-TSirN8JhSF8L1kelTu6XUNXOGAUh_wDM-KM1BqkwkJsvtClgu_QlJTEQ6UDdg3EoY14QPk

Request Chain 302

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPom6HHYWLd4K-3RYI6fTaQlLhr7sHT4KsLJ1DZQsSKo4f0MRYTEHSiYg_0g_oL7lC-VywMemyjpn9NDHESzJzMDxUj32btIA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPom6HHYWLd4K-3RYI6fTaQlLhr7sHT4KsLJ1DZQsSKo4f0MRYTEHSiYg_0g_oL7lC-VywMemyjpn9NDHESzJzMDxUj32btIA

Request Chain 303

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESECsyeX6EBJgds_7RMFlwlZc&google_cver=1&google_push=ATf1kGPN-GkSMaPg06zcdFO7QhqmzUCrJt02zERgJhfbPjxAWFLo5mF2iz7aGXFEWYOUs9liYlxK6ygJXWIWUX-TF6LWGRXIQcvZpQ HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESECsyeX6EBJgds_7RMFlwlZc&google_cver=1&google_push=ATf1kGPN-GkSMaPg06zcdFO7QhqmzUCrJt02zERgJhfbPjxAWFLo5mF2iz7aGXFEWYOUs9liYlxK6ygJXWIWUX-TF6LWGRXIQcvZpQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=99ccb4b7-b8cf-40e8-9384-5dd37440ba80&%%GOOGLE_PUSH_PAIR%%

Request Chain 306

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGPKf3M8ZOt5UhGkvOLGK_VpCdxT2QoL5TbuMr7_nSxNCqKinYJMU7Wtw1t2H8cS-WnzsditD6R-PmMfslz9M2M3g89WCEY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aWl6dlZZVGQxUTVjNnM1&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGPKf3M8ZOt5UhGkvOLGK_VpCdxT2QoL5TbuMr7_nSxNCqKinYJMU7Wtw1t2H8cS-WnzsditD6R-PmMfslz9M2M3g89WCEY

Request Chain 307

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGPFg03vCPbqX2PMZCb9MAF5TD_gfoSDODnhvMqW2GDYQeMCmiwpCTHC8cGLDCq3p30V3tVKVbPyb1ss7yGH8JhPk0nAxiE HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGPFg03vCPbqX2PMZCb9MAF5TD_gfoSDODnhvMqW2GDYQeMCmiwpCTHC8cGLDCq3p30V3tVKVbPyb1ss7yGH8JhPk0nAxiE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDk1MDEyODg4MTA4NjE1MTIzMg&google_push=ATf1kGPFg03vCPbqX2PMZCb9MAF5TD_gfoSDODnhvMqW2GDYQeMCmiwpCTHC8cGLDCq3p30V3tVKVbPyb1ss7yGH8JhPk0nAxiE

Request Chain 308

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIffFBUT8NeXgnIjBNAWE6w&google_cver=1&google_push=ATf1kGO2Whn1ft1C9SR2_0dqfT3yIFzcJjXWm0dUfCVof2gccma1TJkQAWMY_SqPDY5CVAKgPEXjk39gRiiWC2jpeJzU9b6AFo4 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIffFBUT8NeXgnIjBNAWE6w&google_cver=1&google_push=ATf1kGO2Whn1ft1C9SR2_0dqfT3yIFzcJjXWm0dUfCVof2gccma1TJkQAWMY_SqPDY5CVAKgPEXjk39gRiiWC2jpeJzU9b6AFo4&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vO3xXynvRA2O7rHqzTPeHw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGO2Whn1ft1C9SR2_0dqfT3yIFzcJjXWm0dUfCVof2gccma1TJkQAWMY_SqPDY5CVAKgPEXjk39gRiiWC2jpeJzU9b6AFo4

Request Chain 309

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJ8Mi-kTzaOj3ahXAOzDLoE&google_cver=1&google_push=ATf1kGNtqwfJeKoCUJy0wUCvY4YAb8KQTAnwtP1RfDjektCjnWvNfqibdjrZseigUjJF4xy3M_xEcJ95fmCh1Vmj7wpesVq2pg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElGMkNPNk0tMjgtNFQ4NQ==&google_push=ATf1kGNtqwfJeKoCUJy0wUCvY4YAb8KQTAnwtP1RfDjektCjnWvNfqibdjrZseigUjJF4xy3M_xEcJ95fmCh1Vmj7wpesVq2pg

Request Chain 310

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_cver=1&google_push=ATf1kGPF2Zf8uuIJmLvrVf-w88TK2aG9MDxCNPKEg8ucfkDL8E4i-jGswaMKtpyMFCouKw7b-mo2yDkCp1b8YSa6zlmC8dsLbIU HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAAFKMAAAAB&google_nid=index&google_push=ATf1kGPF2Zf8uuIJmLvrVf-w88TK2aG9MDxCNPKEg8ucfkDL8E4i-jGswaMKtpyMFCouKw7b-mo2yDkCp1b8YSa6zlmC8dsLbIU

Request Chain 311

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENp_adFgDZ20uK7uAqWJuY4&google_cver=1&google_push=ATf1kGMNt0riUtQEZOq9u9zzGKIdSJRc42zWg_cjBzWn1kAPE03cwF-xG3jMeH7oy82I_zGX5VtwdzNXEKPA3gts9MZdFreToxc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGMNt0riUtQEZOq9u9zzGKIdSJRc42zWg_cjBzWn1kAPE03cwF-xG3jMeH7oy82I_zGX5VtwdzNXEKPA3gts9MZdFreToxc HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 312

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGOxzMEEXeaqnn7OW6mhw9gIP6Zo99kW4Y9mFh6-JJ9mPxftZbmnMWmwUlr3Fn7ob4HrQnbCYyQzPZZF-na_kzN5GbXHQDPt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGOxzMEEXeaqnn7OW6mhw9gIP6Zo99kW4Y9mFh6-JJ9mPxftZbmnMWmwUlr3Fn7ob4HrQnbCYyQzPZZF-na_kzN5GbXHQDPt

Request Chain 316

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_cver=1&google_push=ATf1kGM1XSeee6eZoVUdH3p40fgZG1d52HmVy4tAU_DAt4STnoLxJipzgOYKkOh9fmYCT7X_qqFl1foQlrPH3xLt47E-EDer6KA HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAAFKMAAAAB&google_nid=index&google_push=ATf1kGM1XSeee6eZoVUdH3p40fgZG1d52HmVy4tAU_DAt4STnoLxJipzgOYKkOh9fmYCT7X_qqFl1foQlrPH3xLt47E-EDer6KA

Request Chain 317

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEAh7LQE7x8skzH6-0NkAB9k&google_cver=1&google_push=ATf1kGPhub388YLXKSzIvYlt91uHth66PMYL-0JW-DD-ZktySLSYbnU5SzwNx0o2-8nWLD8vUJfDbNPTmTSFksHhxSFiOrJUW-Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPhub388YLXKSzIvYlt91uHth66PMYL-0JW-DD-ZktySLSYbnU5SzwNx0o2-8nWLD8vUJfDbNPTmTSFksHhxSFiOrJUW-Y

Request Chain 318

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKpxRCF61XE1xALtlhfZEwQ&google_cver=1&google_push=ATf1kGPaaIp1AWLiS_hhy0Fo05_h0wXTCVQkCS9A0dlbzZVcOpPNsTAg6erDxfNNUe0PVVMpKFUoznJxhJDglbdPboRpSM9lsok HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPaaIp1AWLiS_hhy0Fo05_h0wXTCVQkCS9A0dlbzZVcOpPNsTAg6erDxfNNUe0PVVMpKFUoznJxhJDglbdPboRpSM9lsok

Request Chain 319

https://match.360yield.com/match/ebda?google_gid=CAESEF-_qX3iSw2fQLyQ1X5v6gw&google_cver=1&google_push=ATf1kGMJWKiW7j-IOi3ZUWNPp3uHPup1SPAsR8LiZD2Lmxd_mfBLX9zVv7jmaQ2tgH2LXduU71R98Ri_fwdUuj88rAEfwI3J8fGh HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEF-_qX3iSw2fQLyQ1X5v6gw&google_cver=1&google_push=ATf1kGMJWKiW7j-IOi3ZUWNPp3uHPup1SPAsR8LiZD2Lmxd_mfBLX9zVv7jmaQ2tgH2LXduU71R98Ri_fwdUuj88rAEfwI3J8fGh HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=mQeaxo66QUOw3uUqw9YuOw&google_push=ATf1kGMJWKiW7j-IOi3ZUWNPp3uHPup1SPAsR8LiZD2Lmxd_mfBLX9zVv7jmaQ2tgH2LXduU71R98Ri_fwdUuj88rAEfwI3J8fGh

Request Chain 320

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESENHi5nEiaeniP0uzXAuWnkk&google_cver=1&google_push=ATf1kGNRfc0y7C7qSwqCAwN7EtJEaUdKDraGSb3CTNdQj1ExNvjenU6KHq6DzhUb0YYw-LNWJxB4ZUMalU9gLtnUQ2PgF1cqsrWo HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGNRfc0y7C7qSwqCAwN7EtJEaUdKDraGSb3CTNdQj1ExNvjenU6KHq6DzhUb0YYw-LNWJxB4ZUMalU9gLtnUQ2PgF1cqsrWo&google_gid=CAESENHi5nEiaeniP0uzXAuWnkk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY5NDI1MjE2NDE4NzcxNDc2NTEwMQ%3D%3D&google_push=ATf1kGNRfc0y7C7qSwqCAwN7EtJEaUdKDraGSb3CTNdQj1ExNvjenU6KHq6DzhUb0YYw-LNWJxB4ZUMalU9gLtnUQ2PgF1cqsrWo

Request Chain 328

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 374

https://um.simpli.fi/gp_match?google_gid=CAESECrjoq9OxshxHB2dufZXPpc&google_cver=1&google_push=ATf1kGOu_FsTj_SZ-SwpMmi3jF1r0Ae3SK3k7VufxOJtDz4QyZ6h5AOPU03iJmazej_8IoQtfLaqRMJuz38h0mBBsYC13UEXCw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E19FCC0AED154058BE4BB5C1C5FDC9DA&google_push=ATf1kGOu_FsTj_SZ-SwpMmi3jF1r0Ae3SK3k7VufxOJtDz4QyZ6h5AOPU03iJmazej_8IoQtfLaqRMJuz38h0mBBsYC13UEXCw

Request Chain 375

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHPn87xOORv7DWnj2l2k41w&google_cver=1&google_push=ATf1kGNGjaITyGvWib4D8bjAxXjAKwcYiorQCX2Q6n1NYj_nhouNm4T52-SLbrp7xIm3LEcGW_GcjT0CFN_qGV25XwGWp5Zfu_0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGNGjaITyGvWib4D8bjAxXjAKwcYiorQCX2Q6n1NYj_nhouNm4T52-SLbrp7xIm3LEcGW_GcjT0CFN_qGV25XwGWp5Zfu_0&google_hm=OHYtUjrMSOetfIM4pORGigc

Request Chain 376

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEEtzvU6EpdL4wQPD5vRcwI8&google_cver=1&google_push=ATf1kGM-A0Nmh60ungUQzWrX7GLgGZf-tZsDNvlSN9dt68WgIpdUHMGvVdAPslQMJS-LIJnuT3iUts0Bdo9mzZzOS4rpP9TmghI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0MDIwMDIwNTM3Nzc5NjI0MQ%3D%3D&google_push=ATf1kGM-A0Nmh60ungUQzWrX7GLgGZf-tZsDNvlSN9dt68WgIpdUHMGvVdAPslQMJS-LIJnuT3iUts0Bdo9mzZzOS4rpP9TmghI

Request Chain 377

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGO-ns2vipcNeDM2VCr160zdtxGdrAX1hDG9rsQtMs7yaPne3pXSBPHJo03BFMDjjn-mS5zq8u21V4cVW44FtWJZYQrPiw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDk1MDEyODg4MTA4NjE1MTIzMg&google_push=ATf1kGO-ns2vipcNeDM2VCr160zdtxGdrAX1hDG9rsQtMs7yaPne3pXSBPHJo03BFMDjjn-mS5zq8u21V4cVW44FtWJZYQrPiw

Request Chain 392

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEEtzvU6EpdL4wQPD5vRcwI8&google_cver=1&google_push=ATf1kGPzjzO5JjdrYXgR-pSM-uboPeMMS-xZGFsHOYLA2lBIa2cmOxD6AZr0i1tAwGhZi2S5HB4lL53Y5cniaMhAe6OxRFyGIDY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0MDIwMDIwNTM3Nzc5NjI0MQ%3D%3D&google_push=ATf1kGPzjzO5JjdrYXgR-pSM-uboPeMMS-xZGFsHOYLA2lBIa2cmOxD6AZr0i1tAwGhZi2S5HB4lL53Y5cniaMhAe6OxRFyGIDY

Request Chain 393

https://ads.travelaudience.com/google_pixel?google_gid=CAESEDrxNVLNywf5-zqYSI0D1F0&google_cver=1&google_push=ATf1kGOz8I8xcCd5IBjIv1yz1_g4wDFh_l8SPT8c30pDIGJUI01oa-HwJu8s_ZZoEOBI55nnx3ec7pFJH_MScJDi4PbIcJbk3rla HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RdO6a_k3SQe4bZzp0GgZzA2&google_push=ATf1kGOz8I8xcCd5IBjIv1yz1_g4wDFh_l8SPT8c30pDIGJUI01oa-HwJu8s_ZZoEOBI55nnx3ec7pFJH_MScJDi4PbIcJbk3rla

Request Chain 395

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIffFBUT8NeXgnIjBNAWE6w&google_cver=1&google_push=ATf1kGMRMdtYbVYxpGYHbM67z__5msnS22Kl-z5e7CldbZli_gi9IlMVYCv4FLTWwvVxBHGv5h8DUBgz11UT44YcEf-EUYOOtgtc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vO3xXynvRA2O7rHqzTPeHw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGMRMdtYbVYxpGYHbM67z__5msnS22Kl-z5e7CldbZli_gi9IlMVYCv4FLTWwvVxBHGv5h8DUBgz11UT44YcEf-EUYOOtgtc

Request Chain 396

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPj3xhejLVFT84dozMJueNxmzMB7pWLBKxsnPBgs9HIgP5VtahDNRPaembKYMSqXdCCsfUCUx3Ar5oFuqON8WJK2-K2mf1K1A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPj3xhejLVFT84dozMJueNxmzMB7pWLBKxsnPBgs9HIgP5VtahDNRPaembKYMSqXdCCsfUCUx3Ar5oFuqON8WJK2-K2mf1K1A

Request Chain 421

https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=fmx HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=4950128881086151232&ssp=fmx HTTP 302
https://ce.lijit.com/merge?pid=26&3pid=99ccb4b7-b8cf-40e8-9384-5dd37440ba80&gdpr=&gdpr_consent=

Request Chain 422

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=R3dCNnBCWkhYWVFfV29USVNrLWJHZml4&gdpr=0

Request Chain 426

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=R3dCNnBCWkhYWVFfV29USVNrLWJHZml4&gdpr=0

Request Chain 430

https://um.simpli.fi/lj_match?r=1685740475079&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=E19FCC0AED154058BE4BB5C1C5FDC9DA

443 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x6uf5z9e3262.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 418ms
107ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1324
Content-MD5: XPHdOVCmWyxrVVstkB9xGw==
Content-Type: text/html
Date: Fri, 02 Jun 2023 21:14:28 GMT
ETag: 0x8DB5ED08476F0C5
Last-Modified: Sat, 27 May 2023 16:36:27 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9a100b42-101e-0022-0a97-958712000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 95ms
94ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-ms-request-id: 9a100be6-101e-0022-1f97-958712000000
Date: Fri, 02 Jun 2023 21:14:28 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 285ms
94ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 02 Jun 2023 21:14:28 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 9a100d3e-101e-0022-5b97-958712000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 189ms
94ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 02 Jun 2023 21:14:28 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 9a100cab-101e-0022-5897-958712000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 262ms
127ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x6uf5z9e3262
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:26 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 251ms
132ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:27 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 48AF 77 KB
77 KB 191ms
52ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 8c911e08d44dd204ab6b8d9d9d1f74658176977075a7bf651e6b42a963c1a98d

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 78689
content-type: text/html; charset=utf-8
date: Fri, 02 Jun 2023 21:14:29 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 48AF 90 KB
91 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 18:18:28 GMT
x-content-type-options: nosniff
age: 10562
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92629
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Jun 2024 18:18:28 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 48AF 10 KB
2 KB 80ms
79ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 02 Jun 2023 21:14:29 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 48AF 40 KB
12 KB 143ms
16ms Stylesheet
text/css 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 3931028
x-accel-date: 1681809442
x-77-nzt: AcO1rycakyT/lPs7AA
x-accel-expires: @1713345442
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 25b02131e939aa96b65b7a6415a6260e
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 48AF 119 KB
47 KB 40ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

79a573f6e9799da462e038441c92df0b7e259a6356440c376bd8be2a79290a8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 47389
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 02 Jun 2023 21:14:30 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame 48AF 23 KB
23 KB 43ms
43ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 02 Jun 2023 21:14:29 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Sat, 04 May 2024 23:14:43 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 48AF 542 B
894 B 13ms
12ms Image
image/png 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3931070
x-accel-date: 1681809400
content-length: 542
x-77-nzt: AcO1rydJJQf/vvs7AA
x-accel-expires: @1713345400
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 25b02131e939aa96b65b7a641dbce20e
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 48AF 2 KB
2 KB 14ms
13ms Image
image/png 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3931029
x-accel-date: 1681809441
content-length: 1651
x-77-nzt: AcO1ryfe8Ij/lfs7AA
x-accel-expires: @1713345441
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 25b02131e939aa96b65b7a64f3874f0f
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 48AF 15 KB
16 KB 17ms
17ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 84345
x-accel-date: 1685656125
content-length: 15552
x-77-nzt: AcO1rycDhVD/eUkBAA
x-accel-expires: @1717192125
last-modified: Thu, 01 Jun 2023 21:24:53 GMT
server: CDN77-Turbo
etag: "64790ca5-3cc0"
x-77-nzt-ray: 25b02131e939aa96b65b7a645fdae60f
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lor-peyniri-salatasi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 48AF 19 KB
20 KB 23ms
15ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/lor-peyniri-salatasi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d2d887515bbff324e166602e4a4f70f620adc7da103204fc31d8fd3d0253ac62

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 169920
x-accel-date: 1685570550
content-length: 19754
x-77-nzt: AcO1ryeGa/P/wJcCAA
x-accel-expires: @1717106550
last-modified: Wed, 31 May 2023 21:52:11 GMT
server: CDN77-Turbo
etag: "6477c18b-4d2a"
x-77-nzt-ray: 25b02131e939aa96b65b7a649b6a5f10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-baklali-bulgur-pilavi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 48AF 18 KB
18 KB 30ms
19ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ic-baklali-bulgur-pilavi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a1755361ebea5c38443a4e30f7c334868e54ed383f2ea73dc412c665d0dc6f4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 258134
x-accel-date: 1685482336
content-length: 18151
x-77-nzt: AcO1ryc8dPX/VvADAA
x-accel-expires: @1717018336
last-modified: Tue, 30 May 2023 13:33:43 GMT
server: CDN77-Turbo
etag: "6475fb37-46e7"
x-77-nzt-ray: 25b02131e939aa96b65b7a64668a9d10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sut-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 48AF 11 KB
11 KB 34ms
23ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/sut-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f8851656c76b34d0b68710739e01ccf4592fcbf41a901b9f75709abf6b117151

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 341087
x-accel-date: 1685399383
content-length: 10814
x-77-nzt: AcO1ryc3Ozn/XzQFAA
x-accel-expires: @1716935383
last-modified: Mon, 29 May 2023 22:06:16 GMT
server: CDN77-Turbo
etag: "647521d8-2a3e"
x-77-nzt-ray: 25b02131e939aa96b65b7a640a36a210
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-pilavli-tavuk-dolmasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/08/ Frame 48AF 15 KB
15 KB 38ms
27ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/08/ic-pilavli-tavuk-dolmasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bbed5424f2f97c210ccba4c2050a216711a997c49a8cef4051db16386e7a1b4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930410
x-accel-date: 1681810060
content-length: 15494
x-77-nzt: AcO1ryfq3wT/Kvk7AA
x-accel-expires: @1713346060
last-modified: Wed, 01 May 2019 22:46:18 GMT
server: CDN77-Turbo
etag: "5cca21ba-3c86"
x-77-nzt-ray: 25b02131e939aa96b65b7a649e3aa610
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-pirasa-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/12/ Frame 48AF 11 KB
11 KB 38ms
28ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/12/firinda-pirasa-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 46f0e1ce5f1bc9e08e3dc864c6d65fb7bde761cdde2e8ca86780c539991badf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930084
x-accel-date: 1681810386
content-length: 11396
x-77-nzt: AcO1ryfY+d7/5Pc7AA
x-accel-expires: @1713346386
last-modified: Wed, 01 May 2019 23:10:04 GMT
server: CDN77-Turbo
etag: "5cca274c-2c84"
x-77-nzt-ray: 25b02131e939aa96b65b7a642a54ab10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 acem-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/03/ Frame 48AF 14 KB
14 KB 40ms
30ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/03/acem-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b0a9edd9406b9e846d2613b16def49dca3d2307816622cb274acc4d0d2314245

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930956
x-accel-date: 1681809514
content-length: 14065
x-77-nzt: AcO1rycqfmn/TPs7AA
x-accel-expires: @1713345514
last-modified: Sun, 15 Mar 2020 20:02:10 GMT
server: CDN77-Turbo
etag: "5e6e89c2-36f1"
x-77-nzt-ray: 25b02131e939aa96b65b7a64a648ad10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tencerede-etli-patlican-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/08/ Frame 48AF 13 KB
13 KB 40ms
30ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/08/tencerede-etli-patlican-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8e2b2033aae5f2ebbc9b92291c3cdfa7a084429d21d85b382e39dfbd875b5f55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3926070
x-accel-date: 1681814400
content-length: 13086
x-77-nzt: AcO1ryenzBn/Nug7AA
x-accel-expires: @1713350400
last-modified: Wed, 01 May 2019 23:03:11 GMT
server: CDN77-Turbo
etag: "5cca25af-331e"
x-77-nzt-ray: 25b02131e939aa96b65b7a64a779af10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mahluta-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/11/ Frame 48AF 12 KB
13 KB 41ms
31ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/11/mahluta-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 837d63620657b055c980948022e01ba5c63c986d3d08ca7db80558411eab45d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3928743
x-accel-date: 1681811727
content-length: 12542
x-77-nzt: AcO1rydlH6X/p/I7AA
x-accel-expires: @1713347727
last-modified: Wed, 01 May 2019 23:07:46 GMT
server: CDN77-Turbo
etag: "5cca26c2-30fe"
x-77-nzt-ray: 25b02131e939aa96b65b7a64c227b110
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 dalyan-kofte-rosto-kofte-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/02/ Frame 48AF 11 KB
11 KB 41ms
31ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/02/dalyan-kofte-rosto-kofte-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 22c974ca84d1beebef37b4c95335f8ae6f597563bbb9246eed2f4f647a176128

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930960
x-accel-date: 1681809510
content-length: 11371
x-77-nzt: AcO1ryek20j/UPs7AA
x-accel-expires: @1713345510
last-modified: Wed, 01 May 2019 22:37:27 GMT
server: CDN77-Turbo
etag: "5cca1fa7-2c6b"
x-77-nzt-ray: 25b02131e939aa96b65b7a645792b210
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 patlican-cigirtma-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/12/ Frame 48AF 12 KB
12 KB 41ms
31ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/12/patlican-cigirtma-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9ca119586f3ba8e6a4a1dacf83852d3275071d2501de033ba04673b4efde1ac3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930562
x-accel-date: 1681809908
content-length: 12336
x-77-nzt: AcO1rydKbOT/wvk7AA
x-accel-expires: @1713345908
last-modified: Sat, 07 Dec 2019 20:51:53 GMT
server: CDN77-Turbo
etag: "5dec10e9-3030"
x-77-nzt-ray: 25b02131e939aa96b65b7a64213eb510
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tas-kebabi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/10/ Frame 48AF 11 KB
11 KB 41ms
31ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/10/tas-kebabi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8c47b44c2eb52f803ff7faa3cc7043d75a2814f83cf9c1dd66a1c669184e68f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3929551
x-accel-date: 1681810919
content-length: 10807
x-77-nzt: AcO1rycphhv/z/U7AA
x-accel-expires: @1713346919
last-modified: Wed, 01 May 2019 23:24:41 GMT
server: CDN77-Turbo
etag: "5cca2ab9-2a37"
x-77-nzt-ray: 25b02131e939aa96b65b7a648d36b710
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tencerede-patlican-oturtma-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/05/ Frame 48AF 13 KB
14 KB 41ms
31ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/05/tencerede-patlican-oturtma-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 42c600c9293359a7e6a9506e5dc30ca74845321a0849e8aa0cc5d2d52a7b5a94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3928519
x-accel-date: 1681811951
content-length: 13490
x-77-nzt: AcO1ryepfaT/x/E7AA
x-accel-expires: @1713347951
last-modified: Fri, 17 May 2019 22:50:00 GMT
server: CDN77-Turbo
etag: "5cdf3a98-34b2"
x-77-nzt-ray: 25b02131e939aa96b65b7a6409d4b810
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kofteli-patates-dizmesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 48AF 16 KB
16 KB 40ms
32ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/kofteli-patates-dizmesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 089371c2d0c637c172d5af2ba670a229c49df18790fa29a8c9a3d4af7796f2c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930704
x-accel-date: 1681809766
content-length: 16315
x-77-nzt: AcO1ryd7nbH/UPo7AA
x-accel-expires: @1713345766
last-modified: Fri, 22 May 2020 22:51:08 GMT
server: CDN77-Turbo
etag: "5ec8575c-3fbb"
x-77-nzt-ray: 25b02131e939aa96b65b7a64f749ba10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tepsi-kebabi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/06/ Frame 48AF 15 KB
16 KB 40ms
32ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/06/tepsi-kebabi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 565b56a04b0c14fbb67f85831742be7801516ffc8d4f8737eb702caf6abc64c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930278
x-accel-date: 1681810192
content-length: 15566
x-77-nzt: AcO1ryce3Nr/pvg7AA
x-accel-expires: @1713346192
last-modified: Wed, 01 May 2019 22:25:10 GMT
server: CDN77-Turbo
etag: "5cca1cc6-3cce"
x-77-nzt-ray: 25b02131e939aa96b65b7a64d18cbc10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hamburger-koftesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 48AF 10 KB
11 KB 41ms
32ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/hamburger-koftesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: db725e2f455d418fe503bf105ae1f43045035eb576fa2f667e21a8c290e06d17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930703
x-accel-date: 1681809767
content-length: 10591
x-77-nzt: AcO1rycZwxb/T/o7AA
x-accel-expires: @1713345767
last-modified: Tue, 26 May 2020 22:36:22 GMT
server: CDN77-Turbo
etag: "5ecd99e6-295f"
x-77-nzt-ray: 25b02131e939aa96b65b7a641144be10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yogurt-soslu-tavuk-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/06/ Frame 48AF 16 KB
17 KB 41ms
32ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/06/yogurt-soslu-tavuk-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 772de1eb224033fdc2d4f895698a95d01249b3e95be8f99991e8f9099c985df0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3922098
x-accel-date: 1681818372
content-length: 16582
x-77-nzt: AcO1ryew6oX/stg7AA
x-accel-expires: @1713354372
last-modified: Thu, 09 Jun 2022 23:02:22 GMT
server: CDN77-Turbo
etag: "62a27bfe-40c6"
x-77-nzt-ray: 25b02131e939aa96b65b7a64c0e2bf10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame 48AF 16 KB
16 KB 41ms
33ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930421
x-accel-date: 1681810049
content-length: 16490
x-77-nzt: AcO1ryf1bgz/Nfk7AA
x-accel-expires: @1713346049
last-modified: Thu, 29 Apr 2021 23:52:25 GMT
server: CDN77-Turbo
etag: "608b46b9-406a"
x-77-nzt-ray: 25b02131e939aa96b65b7a64c86ac110
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-pirzola-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/06/ Frame 48AF 12 KB
13 KB 41ms
33ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/06/firinda-tavuk-pirzola-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 09d46eb1397a55833670832dcac4edf7f7e1d2b170b3eb7c11557cadcfe0a784

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3928975
x-accel-date: 1681811495
content-length: 12609
x-77-nzt: AcO1rydmRfX/j/M7AA
x-accel-expires: @1713347495
last-modified: Wed, 01 May 2019 23:19:17 GMT
server: CDN77-Turbo
etag: "5cca2975-3141"
x-77-nzt-ray: 25b02131e939aa96b65b7a6499d8c210
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pilic-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/12/ Frame 48AF 15 KB
15 KB 41ms
33ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/12/pilic-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2c481ccdb6e10e0136132ac25c732c873df15b1cf23a063a714f63606159551e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 1592417
x-accel-date: 1684148053
content-length: 15498
x-77-nzt: AcO1ryeNOvz/YUwYAA
x-accel-expires: @1715684053
last-modified: Fri, 30 Dec 2022 22:50:02 GMT
server: CDN77-Turbo
etag: "63af6b1a-3c8a"
x-77-nzt-ray: 25b02131e939aa96b65b7a64a653c410
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantarli-ispanak-kavurmasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame 48AF 16 KB
16 KB 41ms
33ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/mantarli-ispanak-kavurmasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e685a897e3b552fe45551a3223b135ce7cb62521f32759e30f657e1028edd94e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3929955
x-accel-date: 1681810515
content-length: 15886
x-77-nzt: AcO1ryffpAn/Y/c7AA
x-accel-expires: @1713346515
last-modified: Sat, 27 Mar 2021 22:13:41 GMT
server: CDN77-Turbo
etag: "605fae15-3e0e"
x-77-nzt-ray: 25b02131e939aa96b65b7a64513bc610
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bakla-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 48AF 16 KB
17 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/bakla-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 63e2084cf59c4f68f8346a17541d1cf44755745ec160e6bc3cfd9d1651424640

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3928782
x-accel-date: 1681811688
content-length: 16621
x-77-nzt: AcO1ryf+QYr/zvI7AA
x-accel-expires: @1713347688
last-modified: Wed, 18 May 2022 23:46:24 GMT
server: CDN77-Turbo
etag: "62858550-40ed"
x-77-nzt-ray: 25b02131e939aa96b65b7a64a040c810
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 brokoli-mucver-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/02/ Frame 48AF 13 KB
13 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/02/brokoli-mucver-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a9f2bdacd4951b5e28dcd417c660d0e84dd2d82c09b81d4ff3f22e0bd3b20cb0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3927437
x-accel-date: 1681813033
content-length: 13059
x-77-nzt: AcO1rydvCOf/je07AA
x-accel-expires: @1713349033
last-modified: Wed, 01 May 2019 23:31:01 GMT
server: CDN77-Turbo
etag: "5cca2c35-3303"
x-77-nzt-ray: 25b02131e939aa96b65b7a646bafc910
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-karnabahar-koftesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/04/ Frame 48AF 14 KB
14 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/04/firinda-karnabahar-koftesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8d61d212045611c2b5a7956db31bf8ccf7f53515c48f85d6851be4c66a1cd9f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930449
x-accel-date: 1681810021
content-length: 14263
x-77-nzt: AcO1rycqOQ//Ufk7AA
x-accel-expires: @1713346021
last-modified: Wed, 01 May 2019 22:57:43 GMT
server: CDN77-Turbo
etag: "5cca2467-37b7"
x-77-nzt-ray: 25b02131e939aa96b65b7a64c34bcc10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yogurtlu-topalak-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/08/ Frame 48AF 11 KB
11 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/08/yogurtlu-topalak-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c2398f7cd250e7f74a174468329a3f1cb829032998f0ed4c0034672aa5f3ffeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3928954
x-accel-date: 1681811516
content-length: 11010
x-77-nzt: AcO1ryf9mQX/evM7AA
x-accel-expires: @1713347516
last-modified: Mon, 03 Aug 2020 22:25:24 GMT
server: CDN77-Turbo
etag: "5f288ed4-2b02"
x-77-nzt-ray: 25b02131e939aa96b65b7a64df16ce10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-kereviz-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/01/ Frame 48AF 11 KB
11 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/01/terbiyeli-kereviz-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4e4809916d0077b67c97480fbf143ebdd652c583f4158a97505547db40bed655

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930333
x-accel-date: 1681810137
content-length: 11038
x-77-nzt: AcO1rycqarL/3fg7AA
x-accel-expires: @1713346137
last-modified: Sat, 22 Jan 2022 21:04:29 GMT
server: CDN77-Turbo
etag: "61ec715d-2b1e"
x-77-nzt-ray: 25b02131e939aa96b65b7a648cd7cf10
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 para-para-corbasi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/02/ Frame 48AF 12 KB
13 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/02/para-para-corbasi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b358220e5b27c2715f2afcdc4c02c448766bb9d81b959f877a0026aaf60c6f86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3927746
x-accel-date: 1681812724
content-length: 12508
x-77-nzt: AcO1rydfZPz/wu47AA
x-accel-expires: @1713348724
last-modified: Wed, 01 May 2019 22:36:35 GMT
server: CDN77-Turbo
etag: "5cca1f73-30dc"
x-77-nzt-ray: 25b02131e939aa96b65b7a64c5c2d110
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yogurtlu-tarhana-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/09/ Frame 48AF 10 KB
10 KB 41ms
35ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/09/yogurtlu-tarhana-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8b9df28f59076afb3f8ebca8d01cf67f27a2172705e582d8824af82e4a293494

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3930379
x-accel-date: 1681810091
content-length: 9741
x-77-nzt: AcO1ryfz2PH/C/k7AA
x-accel-expires: @1713346091
last-modified: Tue, 07 Sep 2021 22:07:23 GMT
server: CDN77-Turbo
etag: "6137e29b-260d"
x-77-nzt-ray: 25b02131e939aa96b65b7a64e47ed310
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cilekli-pasta-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/05/ Frame 48AF 11 KB
11 KB 42ms
35ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/05/cilekli-pasta-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 881557cf62ae6459da90e17bdb7c608c646010d308e4c0feb9cda80cca82d59b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3928967
x-accel-date: 1681811503
content-length: 11337
x-77-nzt: AcO1ryd3gvD/h/M7AA
x-accel-expires: @1713347503
last-modified: Wed, 01 May 2019 23:34:55 GMT
server: CDN77-Turbo
etag: "5cca2d1f-2c49"
x-77-nzt-ray: 25b02131e939aa96b65b7a6446e6d410
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cikolata-soslu-pudingli-mozaik-pasta-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/11/ Frame 48AF 16 KB
17 KB 42ms
35ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/11/cikolata-soslu-pudingli-mozaik-pasta-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0bb6011ca0dbc5ca0ec9f0cf68f65fb93b324b359d0aa3c1986bc5c60b04b875

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3927603
x-accel-date: 1681812867
content-length: 16545
x-77-nzt: AcO1rydGgfv/M+47AA
x-accel-expires: @1713348867
last-modified: Wed, 27 Nov 2019 22:39:06 GMT
server: CDN77-Turbo
etag: "5ddefb0a-40a1"
x-77-nzt-ray: 25b02131e939aa96b65b7a643330d610
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kokostar-cocostar-pasta-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/07/ Frame 48AF 13 KB
14 KB 42ms
35ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/07/kokostar-cocostar-pasta-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a6cc789aba8ac76bed3b32f93c97b5848d1e04c2866c15a0cbe39d9c25783af9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3926819
x-accel-date: 1681813651
content-length: 13783
x-77-nzt: AcO1ryd0d5j/I+s7AA
x-accel-expires: @1713349651
last-modified: Wed, 01 May 2019 23:02:27 GMT
server: CDN77-Turbo
etag: "5cca2583-35d7"
x-77-nzt-ray: 25b02131e939aa96b65b7a6436b9d710
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mozaik-pasta-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2013/04/ Frame 48AF 14 KB
14 KB 42ms
35ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2013/04/mozaik-pasta-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f35fb700ba1c9f6aa2b682cbc9307da3918e9e7281fe35caff1d4a298b8bf046

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3928409
x-accel-date: 1681812061
content-length: 14119
x-77-nzt: AcO1ryf2KPf/WfE7AA
x-accel-expires: @1713348061
last-modified: Wed, 01 May 2019 22:13:35 GMT
server: CDN77-Turbo
etag: "5cca1a0f-3727"
x-77-nzt-ray: 25b02131e939aa96b65b7a649448d910
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kirma-zeytin-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/09/ Frame 48AF 13 KB
14 KB 42ms
35ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/09/kirma-zeytin-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9c1d5eead33fb63bd3a19b2444461953449797f909ef408e9aef9bf572546736

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3929167
x-accel-date: 1681811303
content-length: 13694
x-77-nzt: AcO1ryc+3bD/T/Q7AA
x-accel-expires: @1713347303
last-modified: Sun, 18 Sep 2022 23:21:14 GMT
server: CDN77-Turbo
etag: "6327a7ea-357e"
x-77-nzt-ray: 25b02131e939aa96b65b7a64a64e1b11
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 dilim-pogaca-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/04/ Frame 48AF 12 KB
13 KB 42ms
36ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/04/dilim-pogaca-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c2af72a404720105529c263fd93cd0193b920a7098a0e8c068c7fa9e6c35754c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3927626
x-accel-date: 1681812844
content-length: 12721
x-77-nzt: AcO1ryen4Mn/Su47AA
x-accel-expires: @1713348844
last-modified: Wed, 01 May 2019 23:16:19 GMT
server: CDN77-Turbo
etag: "5cca28c3-31b1"
x-77-nzt-ray: 25b02131e939aa96b65b7a64e5731e11
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 az-malzemeli-pogaca-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/07/ Frame 48AF 11 KB
11 KB 42ms
36ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/07/az-malzemeli-pogaca-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: af27ff8e0ffae533f2ae54cf3d9372c0979b4d1691a2573af76d426a9488a545

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3922431
x-accel-date: 1681818039
content-length: 11383
x-77-nzt: AcO1ryfGic///9k7AA
x-accel-expires: @1713354039
last-modified: Wed, 01 May 2019 23:21:25 GMT
server: CDN77-Turbo
etag: "5cca29f5-2c77"
x-77-nzt-ray: 25b02131e939aa96b65b7a6498772011
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 koy-ekmegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/03/ Frame 48AF 12 KB
12 KB 42ms
36ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/03/koy-ekmegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9fe178b3a246dfa8391758b6964ea91fa324fc0942c9d3fb8e7c652a47ab23da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 81836
x-accel-date: 1685658634
content-length: 12085
x-77-nzt: AcO1ryeEdSL/rD8BAA
x-accel-expires: @1717194634
last-modified: Sat, 21 Mar 2020 22:47:47 GMT
server: CDN77-Turbo
etag: "5e769993-2f35"
x-77-nzt-ray: 25b02131e939aa96b65b7a6410dc2311
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 48AF 5 KB
6 KB 85ms
25ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1685740470.cds319.lo4.hn,1685740470.cds041.lo4.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 48AF 0
0 90ms
11ms Script
text/plain 2.19.224.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s7.addthis.com/js/300/addthis_widget.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.224.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-224-115.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 48AF 465 B
672 B 84ms
24ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1685740470.cds319.lo4.hn,1685740470.cds281.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 48AF 51 KB
21 KB 34ms
8ms Script
text/javascript 2a00:1450:4001:82b::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Jun 2023 21:04:52 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 578
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Fri, 02 Jun 2023 23:04:52 GMT

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 48AF 74 KB
26 KB 309ms
45ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e83a6e6d3b514c443964ced040878fe12d03f326240804355adc29084ed7ca8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
last-modified: Thu, 01 Jun 2023 17:43:14 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 48AF 3 KB
3 KB 26ms
7ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0116639f142917a190651b0397189783d114b077fc3454a35a91b5fac14e7d09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Jun 2023 21:14:30 GMT
content-md5: kAt1T0MZMQzNXFvnG2F6lg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: RnyRxUu3NPbtHZSYrHKcv8T3+lqetkqhCxDyLVasshJhuf0Aa1uZoqvc2O6W7vG2ovLvbquV6A1we1WMDBueSw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
x-fb-content-md5: 014740176abccf3d4f495d7ad8fcf6b4
cross-origin-opener-policy: same-origin-allow-popups
etag: "6c69140d5e51c01ba98a26c6abd347bb"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=(), usb=()
x-frame-options: DENY
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:21:43 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 48AF 21 KB
21 KB 39ms
36ms Image
image/png 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 02 Jun 2023 21:14:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3931028
x-accel-date: 1681809442
content-length: 21525
x-77-nzt: AcO1rydKeKX/lPs7AA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 25b02131e939aa96b65b7a64adf82511
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 48AF 307 KB
87 KB 25ms
11ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=9ee6bbd8468cf25f45b79e158d36be2f

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d9ce125286da505381ed19d3047abb4bdfce2b9732c843e4804e06eeb4d7a577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Jun 2023 21:14:30 GMT
content-md5: TXVKqL1ehyqroXaBKBvp8Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88757
x-fb-rlafr: 0
x-fb-debug: 6jIDusjMvjrVNz0avl1ZEOMxqsBFrHcMx7/odK3M+oFJ3krZenLMMS5enxLypub8Xcr3YanlKzhVHOl6he5Y8A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: adb907584e1c1da4ab1d5ca7a51e729b
cross-origin-opener-policy: same-origin-allow-popups
etag: "9ce707e171c44cb947abe20cf9cd57fb"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jun 2024 20:06:23 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 48AF 76 KB
25 KB 103ms
44ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e5823650e0400d50a5dd5369c975651dad5cfcbab9e2629658c63bad7bc9fa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25289
x-xss-protection: 0
server: cafe
etag: 251 / 19510 / m202305300101 / config-hash: 16708260870520306698
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:30 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 48AF 120 B
306 B 43ms
42ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame EE70 891 B
1 KB 47ms
46ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Fri, 02 Jun 2023 21:14:30 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 48AF 137 KB
47 KB 64ms
29ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

f3a2f2ff619f65704ccefd549c7f2263e12111be789d50e398aafc0ee53b5f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47514
x-xss-protection: 0
server: cafe
etag: 974202424477306341
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:30 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 48AF 489 KB
182 KB 49ms
49ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 48AF 228 KB
56 KB 44ms
8ms Script
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 33566729393f70e95f9e326dbc67dedbb3bdc4d6a743ef40141fa1d126f079ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:17:21 GMT
content-encoding: gzip
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront), 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
last-modified: Mon, 22 May 2023 19:17:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1, FRA56-P3
age: 3430
x-amz-server-side-encryption: AES256
etag: W/"d18b57a80b57082ffb531a2e077b3016"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: s_dtOptxrP0H6jBg2W7tCqhKM6inaolwXdQV0Knim1yp330RHvTo0g==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 48AF 37 KB
7 KB 152ms
139ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1685740470631&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.632983235517055
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a287c900da4f4cef8e6d67349bd8b78697ad934c0684abfd28d66eb4a2a25c60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 48AF 12 KB
2 KB 46ms
45ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19510
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
last-modified: Wed, 31 May 2023 14:14:23 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 48AF 49 KB
5 KB 92ms
84ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468261
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: b417c070673174aa724c999366f652e5ab1971aeeccd7a4ad40e4e4c063d7b9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 48AF 0
304 B 28ms
27ms XHR
text/plain 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:56:51 GMT
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 1059
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: hKtWEF9M4MkssdxSuFigAiGS6Pzg3kOw9EL_upRylGyaoiormw9oyQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 48AF 6 KB
3 KB 54ms
6ms XHR
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-amz-version-id: Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding: gzip
via: 1.1 3092bdd288d2a449c56d11f2cf4a9b88.cloudfront.net (CloudFront)
date: Fri, 02 Jun 2023 01:39:15 GMT
x-amz-cf-pop: FRA56-P3
age: 70516
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 26 May 2023 01:35:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: dDf6XNjvDv1OGbTuQ3_N5rCuIDOCQKQquIWO86VtCys0_UcvvSguyA==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305300101/ Frame 48AF 351 KB
118 KB 75ms
57ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ec9c1369b44606c44b3ec76cd8aad114ccb1f370b75d9ddd9e2d57c4b8ced6f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120658
x-xss-protection: 0
server: cafe
etag: 11259294681660935942
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:30 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230531/r20190131/ Frame 7B7D 10 KB
5 KB 40ms
11ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230531/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15015
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 17:04:15 GMT
etag: 15057649708203361565
expires: Fri, 16 Jun 2023 17:04:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/ Frame 48AF 408 KB
126 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

325be98d467be29fd7b3d1c36f2e137806b171ca7d73ef3b535e198ec0bd1dc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 12:28:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31545
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128806
x-xss-protection: 0
server: cafe
etag: 8074574313080668351
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 01 Jun 2024 12:28:45 GMT

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 48AF 9 KB
3 KB 46ms
45ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=19
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 6463a8285a9c7d54fde4f62d247208584a061d3a0028a516ec3b902164256306

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
last-modified: Mon, 17 Apr 2023 09:38:48 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 48AF 11 KB
5 KB 45ms
44ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468261
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 48AF 17 KB
5 KB 54ms
7ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19510
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 09244740f4a5bf8ab1aa815df2f809d370c932e5c5e977221091acbee7b66570

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:07:34 GMT
content-encoding: gzip
age: 416
x-guploader-uploadid: ADPycdtE8wa6kbCCUHS1lZtQWaEqrJ7BPLcwTpFg8zCENyDJCJBBGynDz3Bxr0kKkBmB92BBggDMliFHJKrs6pHV45AAHrjiAHyZ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
last-modified: Fri, 20 Jan 2023 18:31:19 GMT
server: UploadServer
etag: "b3517e216253857ea8c4209cb84004df"
vary: Accept-Encoding
x-goog-generation: 1674239479122517
x-goog-hash: crc32c=rClt4g==, md5=s1F+IWJThX6oxCCcuEAE3w==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 4955
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 48AF 0
209 B 45ms
45ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1685740470822&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.43094216082388725
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:30 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 48AF 483 B
1022 B 55ms
13ms Script
application/javascript 2606:4700:20::681a:8a9

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Fri, 02 Jun 2023 21:14:30 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 182719
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x39DGtnOXNaIKBZ1zklHoM%2FuVD61sY52h5I3mgcCx4Vp9g038kV2YXupZnMiY%2Bcb2%2FR6Pe2fWoJy61s7dwA9pripOSyqoBHhiKOE%2FbFSds1Sgtlv4GJzT7WR%2Fqehe0YMgwIbyboBl5bnxPr2"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 7d12b4d74b92912b-FRA

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 48AF 23 B
459 B 147ms
46ms XHR
text/javascript 18.155.122.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=p5RQZTOTnP1OJ&cb=0&ws=1600x1200&v=23.517.1921&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15336621728129623web_yemeknet_masthead%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_masthead%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.155.122.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-155-122-7.cdg52.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 4a03c73f3dcfcfd37ea6a992da6dce06.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: CDG52-P4
x-amz-rid: GSGMRTH6BRDXJKJHJMWV
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: InB2Ey_NigfMgObkVv2IcoC2gflGRXxKEHiV7k4fOEGiVhtog_dfng==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 48AF 107 B
531 B 75ms
15ms Script
application/javascript 2a00:1450:4001:827::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 48AF 107 B
456 B 40ms
15ms Script
application/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48AF 27 KB
11 KB 400ms
399ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2150670595636049&correlator=1237792254732782&eid=21065724&output=ldjh&gdfp_req=1&vrg=202305300101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685740470631%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetf7faab32-01ce-4b83-8272-10080bac7dde%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetf7faab3201ce4b83827210080bac7dde&sc=1&cdm=ye-mek.net&abxe=1&dt=1685740470915&lmt=1685740470&dlt=1685740470101&idt=742&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=63ymny4sttmc&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a36e85a53eed0a72e8568d4151832e914e5a82f7e1116fb68cc327fce7abf90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11328
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583957
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3DE8 6 KB
3 KB 83ms
20ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:31 GMT
expires: Sat, 01 Jun 2024 21:14:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 prebid Show response
mp.4dex.io/ Frame 48AF 0
281 B 76ms
37ms XHR
text/plain 2606:4700::6812:372

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
x-err: Parsing the Prebid Request. adrequest and manager domains do not match
x-version: 3.0.0-gcp-ams
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7d12b4d7bafc2c23-FRA
expires: 0

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame 48AF 2 KB
2 KB 229ms
119ms XHR
application/json 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

2c85c5e8866a5be17210bdb8b331d82fcf9d771c40bf698a416b675731a5a27f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: https://ye-mek.net
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 48AF 0
112 B 149ms
74ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:30 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 48AF 0
527 B 269ms
165ms XHR
text/plain 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 48AF 94 B
620 B 216ms
169ms XHR
application/json 216.52.2.91
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.38.0
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.91 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: eb3fefb9f04d4170c71910ecec0141261510af6e9e1597d165b9de39f2e10d73

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 02 Jun 2023 21:14:31 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://ye-mek.net
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

POST /
hb.emxdgt.com/ Frame 48AF 0
0

POST
H2 204 hb Show response
cpm.programattik.com/ Frame 48AF 0
142 B 204ms
53ms XHR
text/plain 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=43&v=1.6
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
cache-control: no-store
access-control-allow-credentials: true
server: nginx
age: 0

POST
H2 204 hb Show response
cpm.programattik.com/ Frame 48AF 0
141 B 205ms
55ms XHR
text/plain 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=45&v=1.6
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
cache-control: no-store
access-control-allow-credentials: true
server: nginx
age: 0

POST
H2 204 hb Show response
cpm.programattik.com/ Frame 48AF 0
141 B 204ms
54ms XHR
text/plain 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=44&v=1.6
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
cache-control: no-store
access-control-allow-credentials: true
server: nginx
age: 0

POST
H2 204 hb Show response
cpm.programattik.com/ Frame 48AF 0
141 B 204ms
54ms XHR
text/plain 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=80&v=1.6
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
cache-control: no-store
access-control-allow-credentials: true
server: nginx
age: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 48AF 28 KB
16 KB 192ms
152ms XHR
application/json 37.252.171.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.2 /

Resource Hash

05ab85031a66d915981070514ecba360106d3670a17a34e3bbda713cd39c7269

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 02 Jun 2023 21:14:31 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9aac852f-7f7a-45ac-ab12-2fa583293b73
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://ye-mek.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 48AF 28 KB
11 KB 838ms
800ms XHR
application/json 37.252.171.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.2 /

Resource Hash

317f3f734c2c1b5b80469bc5a3e78cc9dd0658ebcd5a40abbe1799f3dd6075a6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 02 Jun 2023 21:14:31 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: c8554caf-b622-471d-804f-2a8cc1799824
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://ye-mek.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 bid-request Show response
a.teads.tv/hb/ Frame 48AF 16 B
377 B 198ms
86ms XHR
application/json 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/hb/bid-request
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 42
expires: Fri, 02 Jun 2023 21:14:31 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 48AF 0
189 B 132ms
42ms XHR
text/plain 2a02:2638:d::a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.38.0&cb=59390477275&lsavail=0

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:30 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 48AF 173 B
400 B 69ms
13ms XHR
application/json 18.159.8.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.8.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-8-247.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f0a19a7e20dabd906ec6c2d9ad7e0062049858827d69ed615458123c9b2870f9

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
x-prebid: pbs-java/1.119.0
content-type: application/json
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 48AF 416 B
740 B 272ms
113ms XHR
application/json 2602:803:c003:200::41

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=2862172&size_id=2&alt_size_ids=1&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=9e4a94da-cb34-401f-b27d-b7fc032adc9e%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15337921728129623web_yemeknet_kategori_sayfalari_728x90_repeating&tk_flint=pbjs_lite_v7.38.0&x_source.tid=4ca73f0f-0ffd-4931-a2bc-02645d0f10af&l_pb_bid_id=60871b59622f99c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5952673786722833
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN (),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: aaa292c08282944329c264acf4c4955a69f56548692a13e99fc2200b16c477d1

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 416
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 48AF 410 B
958 B 254ms
95ms XHR
application/json 2602:803:c003:200::41

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=2862174&size_id=2&alt_size_ids=1&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=9e4a94da-cb34-401f-b27d-b7fc032adc9e%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15337721728129623web_yemeknet_kategori_sayfalari_ust_728x90&tk_flint=pbjs_lite_v7.38.0&x_source.tid=86c8aa35-5f69-4835-9bc9-802ac03a4d44&l_pb_bid_id=61a15bc7b6a6232&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.27000680820219247
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN (),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: d885cf09ac007648bdaa350a9c212bb445f25dd39f95c076d3b2b50e1d4450f9

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 410
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 48AF 404 B
729 B 422ms
263ms XHR
application/json 2602:803:c003:200::41

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=1746578&size_id=15&alt_size_ids=2%2C1%2C13%2C14%2C55%2C57&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=9e4a94da-cb34-401f-b27d-b7fc032adc9e%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15336621728129623web_yemeknet_masthead&tk_flint=pbjs_lite_v7.38.0&x_source.tid=e3323bf6-4a69-4232-bf1a-a8305db25c31&l_pb_bid_id=629a299f78d2254&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2211692211617342
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN (),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9ef105f7221a4f09156140c154b35b210855a2b53a0e6b21d1c5a3f49f1408ad

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 48AF 398 B
722 B 271ms
114ms XHR
application/json 2602:803:c003:200::41

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=1746730&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=9e4a94da-cb34-401f-b27d-b7fc032adc9e%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower&tk_flint=pbjs_lite_v7.38.0&x_source.tid=171db9d1-d7d5-459d-bbfb-66ed107e9715&l_pb_bid_id=63c6a361fba2495&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.08599357842868005
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN (),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: ff8c78ec4ebd4b0ef426dff1d250258c1573f343d930a59abbf39c7029b4eb97

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 398
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 48AF 397 B
722 B 272ms
115ms XHR
application/json 2602:803:c003:200::41

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=1746580&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=9e4a94da-cb34-401f-b27d-b7fc032adc9e%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower&tk_flint=pbjs_lite_v7.38.0&x_source.tid=16222e26-3aa3-4d2e-bab9-cc090001ca63&l_pb_bid_id=64c9ebf72ac24fb&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.849618788396908
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN (),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 6eb41577cebabab2a1a102e88c23d1313634417a67594a0051776a07b0cba1c9

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 397
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 48AF 451 B
776 B 269ms
111ms XHR
application/json 2602:803:c003:200::41

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=2862158&size_id=2&alt_size_ids=1&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=9e4a94da-cb34-401f-b27d-b7fc032adc9e%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15337821728129623web_yemeknet_kategori_sayfalari_728x90_2&tk_flint=pbjs_lite_v7.38.0&x_source.tid=1d53a97c-5e7c-4c84-98b0-edc23812dd6c&l_pb_bid_id=667a76a4818f872&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8438553919654543
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN (),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9ea78b1ce65a703b41383df1e1f48f700ed6380c1cea10c4d72e778979bf9afc

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:31 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 451
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 48AF 7 KB
3 KB 522ms
46ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19510
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 09 Jun 2023 21:14:31 GMT

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 82BB 603 B
218 B 141ms
140ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740470740&bpp=4&bdt=639&idt=254&shv=r20230531&mjsv=m202305300101&ptt=9&saldr=aa&nras=1&correlator=3160278201483&frm=24&ife=1&pv=2&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C44788442%2C21065724&oid=2&pvsid=2150670595636049&tmod=952913366&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.viu0ogpn687e&fsb=1&dtd=271

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zoneview
ng.virgul.com/ Frame 48AF 0
209 B 51ms
51ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1685740471056&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.43625144832302576
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:31 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame 7C8A 13 B
257 B 86ms
19ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Fri, 02 Jun 2023 21:14:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ Frame 48AF 74 KB
23 KB 67ms
16ms Fetch
application/javascript 2606:4700:20::681a:8a9

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Fri, 02 Jun 2023 21:14:31 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 569526
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 15:43:17 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Vary: Origin, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zfyn89Fz858fcUkYcijuHDv64KVt7D5V%2FRhg8eBbkKxzYs%2BOmcvpktA7hQE%2FN1J0oLuIdT9lZ%2FfgeeNesjvDkgmRBJmBW6vu9S0qXRQl5pAK2rG4%2Fy8%2FrDCd%2F2GhA3wPOYjVtZ9pBRKQcq8Q"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: public, max-age=1800
CF-RAY: 7d12b4d88f603636-FRA

POST
H/1.1 200
OK cache Show response
prebid.adnxs.com/pbc/v1/ Frame 48AF 63 B
320 B 98ms
14ms XHR
application/json 185.89.208.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.adnxs.com/pbc/v1/cache
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.89.208.11 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: prebid.ams3.adnexus.net
Software: nginx/1.21.3 /
Resource Hash: 757c0b8b121e771aa6e291796631026ffc18a7736bbd2b857dfd03b581367dd5

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 02 Jun 2023 21:14:31 GMT
Server: nginx/1.21.3
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://ye-mek.net
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 63

GET
H2 200 container.html Show response
8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 471C 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:31 GMT
expires: Sat, 01 Jun 2024 21:14:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 471C 24 KB
7 KB 36ms
8ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:11:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 185
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 01 Jun 2024 21:11:26 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 471C 136 KB
46 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

b2778d3de547e6cea0d57eb3abc515fb41a4bb7e2702cb26f207ebf297468e75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Origin: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47343
x-xss-protection: 0
server: cafe
etag: 5694809782158116876
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 471C 171 KB
54 KB 60ms
16ms Script
text/javascript 2a00:1450:4001:803::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54276
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1685532878231373"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:31 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 48AF 358 KB
120 KB 102ms
21ms Script
text/javascript 2a00:1450:4001:80b::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d1f7d57c54a2f168df796106063e89d2c6dc208ceeb2fca5257ed9297ec2bf88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122262
x-xss-protection: 0
expires: Fri, 02 Jun 2023 21:14:31 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 48AF 398 KB
128 KB 56ms
55ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/2/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19510
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 09 Jun 2023 21:14:31 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 471C 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvH-_K7YNhTun7hiHVnmVwUo9Tjf_Yt6cpkPmARV5cR4GiUa1n6tZM7EuBGKauDVM8crzYvuZ2I1h2ro9zyIRSfVdVp5Lx11bkchZky5ioIW7xaTdwuuZhLc7i1QLMHaCQ7hywPKpK_easO42rnJLKfLfEEJYHNdV_DBF0iRfPBskDqGYC4HJm7c9BgKa_Vb53GbHTzuREn0j1Jtgezse0UZeOjE5K72fiUamqMVaM8yFiGaL0_C-h0h7eixfTUgu3D6ZRklJN4-qNgjfrTEmGUSNIm1F1VCKA0xGC_V_1waasdAVYvXPcw5yzeuX82gb_31ofqGJZLCepr9dMT-g7CiavcTxchc-IUT4AxINo8R6LLeaQ&sai=AMfl-YQATDWs3j3EucDhZquO8j23deIXENeNovhKC1DvqgBaDI4zM83k06Xr5kZX6GCnYU9KUM0HBb6HeGbi-zV5b_14jLqP0CZbeeLy2EUtdBI&sig=Cg0ArKJSzHx9zUeF3mA0EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 02 Jun 2023 21:14:31 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305310101/ Frame 471C 351 KB
118 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com&bust=31075004

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3043e0fd34fabd354986783715033dade1d8ea2abc31b62ba87f26ed190bc2dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120639
x-xss-protection: 0
server: cafe
etag: 14331509666876589355
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:31 GMT

GET
DATA 200
OK truncated
/ Frame 471C 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f2ccc2b3eb10eec94ba074f7b3581f55cfef1d5ae874119843fa86d8dd550c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 471C 107 B
165 B 17ms
15ms Script
application/javascript 2a00:1450:4001:827::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com&bust=31075004

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 471C 107 B
165 B 17ms
16ms Script
application/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DDE2 0
16 B 222ms
221ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471568&bpp=15&bdt=96&idt=158&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&nras=1&correlator=8262993181040&frm=8&ife=1&pv=2&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.7rxomm3jjv1k&fsb=1&dtd=178

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0874 34 KB
14 KB 440ms
439ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471583&bpp=3&bdt=111&idt=167&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8262993181040&frm=8&ife=1&pv=1&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.y583jcix5nzd&fsb=1&dtd=177

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4731ea3c5067871516e2b6ee7cd280b42770c3cf99dcb1905999137d7a0e2f6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 14354
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5ed7638be4b07a92411bbffe
ng2.virgul.com/tck/imp/ Frame 48AF 0
209 B 57ms
43ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7638be4b07a92411bbffe?g=1&t=gb&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1685740470631&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:31 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 48AF 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 48AF 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48AF 34 KB
14 KB 530ms
529ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2150670595636049&correlator=3377198149673480&eid=21065724&output=ldjh&gdfp_req=1&vrg=202305300101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=3&adks=3203893797&sfv=1-0-40&prev_scp=hb_format%3Dbanner%26hb_size%3D160x600%26hb_pb%3D1.18%26hb_adid%3D7348192b6d02e89%26hb_bidder%3Dprojectagora%26hb_format_projectago%3Dbanner%26hb_size_projectagora%3D160x600%26hb_pb_projectagora%3D1.18%26hb_adid_projectagora%3D7348192b6d02e89%26hb_bidder_projectago%3Dprojectagora%26hg_pb%3D1.18&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685740470631%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetf7faab32-01ce-4b83-8272-10080bac7dde%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetf7faab3201ce4b83827210080bac7dde&sc=1&cdm=ye-mek.net&abxe=1&dt=1685740471849&lmt=1685740471&dlt=1685740470101&idt=742&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=71zhnhycf7sf&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&psts=ABHeCvhXxwm7gW7Xc93UNjA5wFBlifVFU7DcFURwIr618UDVltEyLTVF9wkUnG163lAn0MzdLFsqXb2K7sQMmqccbA&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e0428600e8815fb1b00f6c4b75eed554b1f6abb176d39a9ea4b137d3f3614be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13911
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48AF 23 KB
11 KB 382ms
381ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2150670595636049&correlator=2758640463404853&eid=21065724&output=ldjh&gdfp_req=1&vrg=202305300101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=4&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685740470631%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetf7faab32-01ce-4b83-8272-10080bac7dde%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetf7faab3201ce4b83827210080bac7dde&sc=1&cdm=ye-mek.net&abxe=1&dt=1685740471856&lmt=1685740471&dlt=1685740470101&idt=742&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=nrsl1xzclor7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABHeCvhXxwm7gW7Xc93UNjA5wFBlifVFU7DcFURwIr618UDVltEyLTVF9wkUnG163lAn0MzdLFsqXb2K7sQMmqccbA&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e09643b85c7d7ac0c6988abb0327a1d5d1b732eb40b01b9125c41a53f927be6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10795
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48AF 28 KB
11 KB 390ms
389ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2150670595636049&correlator=3609033063935661&eid=21065724&output=ldjh&gdfp_req=1&vrg=202305300101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=5&adks=3299242717&sfv=1-0-40&prev_scp=hb_format%3Dbanner%26hb_size%3D160x600%26hb_pb%3D3.48%26hb_adid%3D74cc4441f9079f4%26hb_bidder%3Dprojectagora%26hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x600%26hb_pb_appnexus%3D0.42%26hb_adid_appnexus%3D68bc7aea3d53f83%26hb_bidder_appnexus%3Dappnexus%26hb_format_projectago%3Dbanner%26hb_size_projectagora%3D160x600%26hb_pb_projectagora%3D3.48%26hb_adid_projectagora%3D74cc4441f9079f4%26hb_bidder_projectago%3Dprojectagora%26hg_pb%3D3.48&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685740470631%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetf7faab32-01ce-4b83-8272-10080bac7dde%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetf7faab3201ce4b83827210080bac7dde&sc=1&cdm=ye-mek.net&abxe=1&dt=1685740471863&lmt=1685740471&dlt=1685740470101&idt=742&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=aont9fgbmzum&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&psts=ABHeCvhXxwm7gW7Xc93UNjA5wFBlifVFU7DcFURwIr618UDVltEyLTVF9wkUnG163lAn0MzdLFsqXb2K7sQMmqccbA&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7c41caa53b84b95c232a75bc6e1266e8db92ee57f50a5670075c4bd7baf423e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11722
x-xss-protection: 0
google-lineitem-id: 5615618577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138339352911
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48AF 33 KB
14 KB 471ms
470ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2150670595636049&correlator=913100589093994&eid=21065724&output=ldjh&gdfp_req=1&vrg=202305300101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%7C300x250%7C468x60%7C250x250%7C200x200%7C160x160%7C640x205&fluid=height&ifi=6&adks=3050045420&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685740470631%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetf7faab32-01ce-4b83-8272-10080bac7dde%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetf7faab3201ce4b83827210080bac7dde&sc=1&cdm=ye-mek.net&abxe=1&dt=1685740471869&lmt=1685740471&dlt=1685740470101&idt=742&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=7jrd9x2zvbzc&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=996x0&msz=996x0&fws=388&ohw=1600&psts=ABHeCvhXxwm7gW7Xc93UNjA5wFBlifVFU7DcFURwIr618UDVltEyLTVF9wkUnG163lAn0MzdLFsqXb2K7sQMmqccbA&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0eecbcf21b9acc777514bffbc18edd561d281bd98dcc00a4d7960fcbc975982

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14274
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48AF 111 KB
40 KB 425ms
424ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2150670595636049&correlator=2688534850978839&eid=21065724&output=ldjh&gdfp_req=1&vrg=202305300101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=456810305&sfv=1-0-40&prev_scp=hb_format%3Dbanner%26hb_size%3D468x60%26hb_pb%3D2.76%26hb_adid%3D720e75e15dd4a6f%26hb_bidder%3Dadf%26hb_format_adf%3Dbanner%26hb_size_adf%3D468x60%26hb_pb_adf%3D2.76%26hb_adid_adf%3D720e75e15dd4a6f%26hb_bidder_adf%3Dadf%26hg_pb%3D2.76&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685740470631%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetf7faab32-01ce-4b83-8272-10080bac7dde%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetf7faab3201ce4b83827210080bac7dde&sc=1&cdm=ye-mek.net&abxe=1&dt=1685740471875&lmt=1685740471&dlt=1685740470101&idt=742&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=lusw91ohxd30&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABHeCvhXxwm7gW7Xc93UNjA5wFBlifVFU7DcFURwIr618UDVltEyLTVF9wkUnG163lAn0MzdLFsqXb2K7sQMmqccbA&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

739e835d23ac0a35c5cf90e123d2b0b2367db61b0727852730f6abc8d57287d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41071
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 48AF 24 KB
11 KB 372ms
370ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2150670595636049&correlator=1363160825665679&eid=21065724&output=ldjh&gdfp_req=1&vrg=202305300101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=8&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685740470631%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetf7faab32-01ce-4b83-8272-10080bac7dde%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetf7faab3201ce4b83827210080bac7dde&sc=1&cdm=ye-mek.net&abxe=1&dt=1685740471882&lmt=1685740471&dlt=1685740470101&idt=742&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=tl6ps3e0rknf&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABHeCvhXxwm7gW7Xc93UNjA5wFBlifVFU7DcFURwIr618UDVltEyLTVF9wkUnG163lAn0MzdLFsqXb2K7sQMmqccbA&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c68cb6bc118e5b02cad9e6c2f51391bc1c7318d8e200e111b92e5f339fdffe1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11243
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 XassetrGVaWW53.png
ads.w55c.net/t/d/ Frame 0874 43 KB
44 KB 109ms
20ms Image
image/png 2600:9000:248c:b800:1b:f040:3600:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.w55c.net/t/d/XassetrGVaWW53.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=NERFQjk1RDRGQUE1RDhGN0E5MTI1RDVGNjc4NjdGMDN8R0ZQQlVUNjMyaHwxNjg1NzQwNDcyMDE0fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xMjQ0NDg1NDM2X0VYfDUwMDcwfHx8fC4wUHxVU0Q&ei=GOOGLE_CONTENTNETWORK&ac=WFMwUE56aXZTMTpYU1pHTkNKTWpzfDB8MHxFVVI7&js=0&ob=0&ccw=SUFCOCMwLjczMTA5NjQ1fElBQjgtOCMwLjU3MjA0MDZ8SUFCOC03IzAuMDUwNzcxNTc1fElBQjgtOSMwLjA1&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fye-mek.net&ts=1685740472016&c=DE&r=G-HE&epid=R0N5ZS1tZWsubmV0&mi=d2Vi&wp_exchange=NWP

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471583&bpp=3&bdt=111&idt=167&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8262993181040&frm=8&ife=1&pv=1&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.y583jcix5nzd&fsb=1&dtd=177

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:248c:b800:1b:f040:3600:93a1 , United States, ASN (),

Reverse DNS

Software

AmazonS3 /

Resource Hash

96e22a33f827f042ac4b239c21f468a17c87545df3f6b90e100d3a91b253a1e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-amz-version-id: 77muH8mujF9NEC9ipS.55iMMWqUaEtvK
date: Fri, 02 Jun 2023 21:12:49 GMT
via: 1.1 861c9a33ccdd7a6a61b188ea139dd8fa.cloudfront.net (CloudFront)
strict-transport-security: max-age=2592000; includeSubDomains
x-amz-cf-pop: MXP64-P1
age: 181
x-amz-server-side-encryption: AES256
x-amz-meta-width: 728
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 44534
x-amz-meta-height: 90
content-length: 44534
last-modified: Wed, 03 May 2023 17:26:36 GMT
server: AmazonS3
etag: "ccf751b21647e448aa5dadd8c05f5ac6"
vary: Accept-Encoding
content-type: image/png
cache-control: must-revalidate
accept-ranges: bytes
x-amz-cf-id: Wdp7uy058FDmibwQFolNRylOFhjZ_2MG-Za6tpkXAqWui65jF-xb3A==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame 0874 95 B
916 B 192ms
45ms Image
image/png 154.58.197.185
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=9832753204614065
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471583&bpp=3&bdt=111&idt=167&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8262993181040&frm=8&ife=1&pv=1&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.y583jcix5nzd&fsb=1&dtd=177
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 , United States, ASN174 (COGENT-174, US),
Reverse DNS: staticip-hv4m185.hispavista.com
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Fri, 02 Jun 2023 21:14:30 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=1000
Expires: Mon, 30 May 2033 21:14:30 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame 0874 5 KB
3 KB 94ms
13ms Script
text/javascript 192.229.233.53
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=728&h=90&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE_CONTENTNETWORK&ob=0&ai=0DaDXCcU00&epid=R0N5ZS1tZWsubmV0&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XRzobPsLhV&btid=NERFQjk1RDRGQUE1RDhGN0E5MTI1RDVGNjc4NjdGMDN8R0ZQQlVUNjMyaHwxNjg1NzQwNDcyMDE0fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xMjQ0NDg1NDM2X0VYfDUwMDcwfHx8fC4wUHxVU0Q&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESEM704ECpB3-yhFAcpajjktA&spidu=GOOGLE_CONTENTNETWORK&pidu=ye-mek.net&hmpvu=e28a648a-64d3-47d4-bdb2-044182c8c8ea&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.53 Granada Hills, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B7B) /

Resource Hash

6a88e0d82ba2998038cc86adc47bfb48d21e6114e18d97f0ecd05f5df519a95f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
strict-transport-security: max-age=2592000; includeSubDomains
last-modified: Wed, 23 Feb 2022 16:57:18 GMT
server: ECS (amb/6B7B)
age: 188067
etag: "3321997696"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
cache-control: no-cache, must-revalidate
accept-ranges: bytes
content-length: 2391
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 0874 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 10:09:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39875
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 10:09:57 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 0874 19 KB
8 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3735e94afb2539b14515fdd10d7cc066cffa99d4b52762959e342295e08a770e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:26:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7991
x-xss-protection: 0
server: cafe
etag: 2412543371950383451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:26:50 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0874 0
0 46ms
19ms Image
text/html 2a00:1450:4001:827::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTafZkQy4apBNMS6cfmlRU6R-p4N7vKX70gkNO3fu2cWtklHcKWgg8vNGJQMWjBqT6Q7LVZiSfoSvWfwkIM2crDnm879Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471583&bpp=3&bdt=111&idt=167&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8262993181040&frm=8&ife=1&pv=1&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.y583jcix5nzd&fsb=1&dtd=177
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0874 171 KB
53 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:803::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54276
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1685532878231373"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0874 0
0 53ms
50ms Fetch
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C26U1t1t6ZPfYNOWC_tMP3K-bqAy6iLSPXJzX7u6pCMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqAMBqgSuAU_QZs6d0tqRLfd3NLgijRAjnxkHt-WqwQ0hOmxEROF91hNkVC_TGCMP6gl6HzbM442OfFpRwipKyOB5F5eLPNEEDBiPUy1ie-otRiVma2H45B8SPJxahIxrg5QDJmToBnpHpDGUThhOkQgyQ73GJSWMBMeZl3aLN-flUjx2_qT7RqZfyXKGHH5XgHJJqVJrc_eC25KeJf0dr3I2k_ITH9Swq_2trtoSWWqTpKiLlIAG0cmll-ullpXrAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNjU5MzUyMzIxMDAxMDE1NBgA&sigh=kOhtLaHujUU&uach_m=[UACH]&cid=CAQSKQBygQiDfn8mGVpau5p_SKgz6m7b2upXEbqGPHfosMfJ7y9FNM4iY8-XGAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471583&bpp=3&bdt=111&idt=167&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8262993181040&frm=8&ife=1&pv=1&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.y583jcix5nzd&fsb=1&dtd=177
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200 a.gif Show response
i.w55c.net/ Frame 0874 42 B
576 B 779ms
181ms Fetch
image/gif 44.235.132.190

General

Check archive.org

Show headers Download Go to

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=NERFQjk1RDRGQUE1RDhGN0E5MTI1RDVGNjc4NjdGMDN8R0ZQQlVUNjMyaHwxNjg1NzQwNDcyMDE0fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xMjQ0NDg1NDM2X0VYfDUwMDcwfHx8fC4wUHxVU0Q&ei=GOOGLE_CONTENTNETWORK&wp_exchange=ZHpbtwANLHcEf4FlAAbX3GAm6ejo77dpN0kzgQ&ac=WFMwUE56aXZTMTpYU1pHTkNKTWpzfDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCOCMwLjczMTA5NjQ1fElBQjgtOCMwLjU3MjA0MDZ8SUFCOC03IzAuMDUwNzcxNTc1fElBQjgtOSMwLjA1&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=ye-mek.net&s=https%3A%2F%2Fye-mek.net&ts=1685740472016&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=G-HE&rnd=9832753204614065&epid=R0N5ZS1tZWsubmV0&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=2&euid=Q0FFU0VNNzA0RUNwQjMteWhGQWNwYWpqa3RB&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=myGvJEdz_egVamQn9QDFeA&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESEM704ECpB3-yhFAcpajjktA&spidu=GOOGLE_CONTENTNETWORK&pidu=ye-mek.net&hmpvu=e28a648a-64d3-47d4-bdb2-044182c8c8ea&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.235.132.190 -, , ASN (),

Reverse DNS

Software

PixelTracking/v2.0.30-777-g304ac51#rel-ec2-master i-07b2d1b8aa7e063e9@us-west-2c@dxedge-app-us-west-2-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:32 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-777-g304ac51#rel-ec2-master i-07b2d1b8aa7e063e9@us-west-2c@dxedge-app-us-west-2-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7B5C 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:31 GMT
expires: Sat, 01 Jun 2024 21:14:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9F36 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:31 GMT
expires: Sat, 01 Jun 2024 21:14:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F8D9 0
0 48ms
47ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssewCzeOgkfjW1W52dXJzCU5488CdOAG4pKyRiqwPL6Vyl8TqvAzcwTbX8Z0tpsVmy6-bjuR_YEL-YWI2PQWq-4VS2_pIByruuyczF-SkJk-i00ShKRnd9lVmurdqcilBD4NtgCOgoNjbMzaK5yr7iWuSzvW0awGH-clIw1HGNPC72ezFVe0ZwtxyFg8aDljbJfxURjhF_-WOolu0QDt0zBQCG_tLDiyfocpExJGWvJ1RGVdn8vvRXDwwL0DG6CRA6y5rbBGUPMZ4mAU0b5yOyRCmv_90NtXwjUQqDLn6pyW04oJtpCmAZ9kIzJDWno-gEl1W2GoDxZy25U0A0&sai=AMfl-YTaukcm2RrF8lzhGtKH9IjO_-W34Cm25wYUO4mzrvmZLKcUCL25UWc_XK4WNuH3a1De7v5FpuEE1pjFctxQX8A08ou2DsACbwdtlN4oyvXitn0mpzZ0TMbDJXEHvQ&sig=Cg0ArKJSzBNhdP6LB3KGEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame F8D9 26 KB
26 KB 34ms
8ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
age: 29571
x-jsd-version: 1.15.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26200
x-served-by: cache-fra-eddf8230106-FRA
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F8D9 171 KB
53 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:803::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54276
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1685532878231373"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H3 200 container.html Show response
8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 568D 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:31 GMT
expires: Sat, 01 Jun 2024 21:14:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7041 624 B
242 B 30ms
25ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNVfVYr27azoeRjGoNS84eXQEzEquFngWQnb7kRtKVYaIjgC37KH6iVQIfVyf9K-DUJNcea2iUJcOuhxvYN7JVTRUJrXbo1J_rvaGlMHMmpsSBp1lgsooLSzHVZ5BgPTPTE3gBHuty6dxiE2vuIEznVy79g-zD0XHMYijxinkHhLPntqDD8

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7B5C 78 KB
27 KB 29ms
25ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5C 42 B
63 B 44ms
40ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DHGFJ11xc23m6W_UBSzp7xrpGrhCgpwpshI3oiUOh4Xu6XrDnAYupOpvusVB-7bhgYtGpnU28tfBuPMLfw9Ln2OCZGYUu4rmpxMLQ7LvvkyN2HzFc

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5C 0
20 B 45ms
41ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3822053559052326141&x=1&ct=76

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 7B5C 3 KB
1 KB 24ms
20ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 10:09:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39875
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 10:09:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 7B5C 19 KB
8 KB 25ms
21ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3735e94afb2539b14515fdd10d7cc066cffa99d4b52762959e342295e08a770e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:26:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7991
x-xss-protection: 0
server: cafe
etag: 2412543371950383451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:26:50 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7B5C 0
0 22ms
18ms Image
text/html 2a00:1450:4001:827::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR8bFYo4dyIJSJIJFdtQs8LzP8AuE2LR2HSGvaYUMhiRN0QicRd-CuX0uxUUS9jJk9FjRQ6_tWpqFaOPdgMDzkIoqNhiA
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7B5C 171 KB
53 KB 31ms
27ms Script
text/javascript 2a00:1450:4001:803::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54276
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1685532878231373"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 73B7 640 B
262 B 33ms
22ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNUqP5bKbuIGdlAivAey6Xfzj6sIxlkKtDa7XBJivWxRW0xq5GIYkK84ZkjxtS8UOsjxxbg-VZ4mdd4yx4laFKffphj0LV8GoMSvIrHmWJR8jk4teXoDQv2JEZ1jg9aPcWG_PjoqSQM2_NV-rmDmGNoeSgMB2mR3uQtAODnn4JvIA453f_U

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9F36 78 KB
27 KB 29ms
20ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F36 42 B
63 B 50ms
40ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CZ4FI-XsxdyLeur_RoaOigmrm-apKHobB9zGcdDXhaYKC3Hh2XlTfCmAFXn80vAGLLfRZLeuIt4xOOlN3HftlYp_Lc9B-YL9jV3dRTjOtIoeodl5w

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F36 0
20 B 53ms
44ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16255311636137270860&x=1&ct=76

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 9F36 3 KB
1 KB 15ms
6ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 10:09:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39875
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 10:09:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 9F36 19 KB
8 KB 16ms
6ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3735e94afb2539b14515fdd10d7cc066cffa99d4b52762959e342295e08a770e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:26:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7991
x-xss-protection: 0
server: cafe
etag: 2412543371950383451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:26:50 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9F36 171 KB
53 KB 30ms
20ms Script
text/javascript 2a00:1450:4001:803::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54276
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1685532878231373"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H3 200 container.html Show response
8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9F87 6 KB
3 KB 9ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:31 GMT
expires: Sat, 01 Jun 2024 21:14:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK analytics.js Show response
s.h.w55c.net/2/948461/ Frame 0874 6 KB
3 KB 153ms
33ms Script
text/javascript 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.h.w55c.net/2/948461/analytics.js?dt=9484611597092707615000&pd=avt&di=https%3A%2F%2Fye-mek.net&ui=&ap=&sr=GOOGLE_CONTENTNETWORK&pp=ye-mek.net&ti=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&to=3&de=2&md=1&si=&dm=728x90&pi=XRzobPsLhV&gt=DE&ac=Xmwo1n97Q8

Requested by

Host: cti.w55c.net
URL: https://cti.w55c.net/ct/creative_add_on.js?w=728&h=90&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE_CONTENTNETWORK&ob=0&ai=0DaDXCcU00&epid=R0N5ZS1tZWsubmV0&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XRzobPsLhV&btid=NERFQjk1RDRGQUE1RDhGN0E5MTI1RDVGNjc4NjdGMDN8R0ZQQlVUNjMyaHwxNjg1NzQwNDcyMDE0fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xMjQ0NDg1NDM2X0VYfDUwMDcwfHx8fC4wUHxVU0Q&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESEM704ECpB3-yhFAcpajjktA&spidu=GOOGLE_CONTENTNETWORK&pidu=ye-mek.net&hmpvu=e28a648a-64d3-47d4-bdb2-044182c8c8ea&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-131-238.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e2c418a303944d1c31548aaf08331c05ab08d7de8320a14fdcdcff6414fc267f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Timing-Allow-Origin: *
Content-Length: 2883
Expires: 0

GET
H3 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame 2C1A 13 KB
5 KB 10ms
9ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 4767
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 20:32:20 GMT
etag: 12223946614886178233
expires: Sat, 03 Jun 2023 20:32:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame F8D9 7 KB
3 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3d252ef715596a18ae31690327a2a05170d235165c134e7e19e7d38ab1db18ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 696
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3332
x-xss-protection: 0
server: cafe
etag: 17978550389519879348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 22:02:56 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F8D9 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-DOjCGxX3YcMtOPeRC1lsDkPfFXgPA7rZFSmpusWFdN_wAqkplid1AoF7-YXyN_hdaSKctUy0LFkw6xoNnSPWv0z45wtw

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/233/ Frame F8D9 80 KB
28 KB 47ms
7ms Script
application/x-javascript 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/233/trk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 096ef6644ebed2ac191e5a20c7c5bf31a24d8739912e2142003fdaa469a13aa5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires: Wed, 22 May 2024 13:37:49 GMT
Date: Fri, 02 Jun 2023 21:14:32 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 891403
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27646
X-Served-By: cache-lga21923-LGA, cache-fra-eddf8230029-FRA
Last-Modified: Tue, 23 May 2023 13:36:07 GMT
Server: AkamaiNetStorage
X-Timer: S1685740472.491524,VS0,VE0
ETag: "9016354863c2896e70daab6e27775aa5:1684848967.582788"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 11, 984190

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame F8D9 0
930 B 47ms
7ms Image
text/html 37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fye-mek.net%252F&e=wqT_3QLzBcjzAgAAAwDWAAUBCLe36aMGEMme4NKIscLiFRgAKjYJFOgTeZJ00T8RVdehmpKszT8ZAAABAgzwPyFVDRIAKREk9AICMQAAAEAzM8M_MKSE2wo4pRVA5R5IZVCposslWLqcjgFgAGiztyt4qIgGgAEBigEDVVNEkgEDRVVSmAGgAaAB2ASoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAuoQ4AKTnFvqAhNodHRwczovL3llLW1lay5uZXQvgAMAiAMBkAMAmAMXoAMBqgPnAQq_AWh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2dlbl8yMDQ_aWQ9YXdiaWQmYXdiaWRfYj1BS0FtZi1DWU9JcWlyeFhJbzJfMXZIOTUzbW5fRkd4QVMxMWdyMHh3SndXTFlBX2F5eTZ6UXhOX3licGtFd3lEQTAwdDJGSjlnS1FCbkFzUExRV3JwcXh2WHRJV1psZnFKUSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMxNTY4NjcwNTI3MjQ5NzE1MDE3Igg3ODgyNzgxNyoEMzk0McADrALIAwDYA_LZOOADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAwyMTcuNjQuMTUxLjeoBACyBBAIABABGKABINgEKAAwADgCuAQAwASPpqUiyAQA2gQCCAHgBAHwBKmiyyWIBQGYBQCgBaGdrsWc1YCZGcAFAMkFAAAAAAAA8D_SBQkJAABBG3gAANgFAeAFAfAF_MtS-gUECAAQAJAGAJgGALgGAMEGCSMs8D_QBu6PAdoGFgoQCRIZAcAQABgA4AYB8gYCCACABwGIBwCYBwGgBwGqBwwxNTExMTQ1MzU5MTPIB6iIBtIHDQkADTsBOAjaBwYBcHAYAOAHAOoHAggA8AeH4wKKCAIQAJUIAACAP5gIAQ..&s=2443fecc21636838c051ed08bc1d1bb889d2818d

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:32 GMT
AN-X-Request-Uuid: a732238a-f682-4326-b363-ef2f43af20e7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7041
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJffxKbjiWZ54xKyssYlY4U&google_cver=1

43 B
766 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJffxKbjiWZ54xKyssYlY4U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNVfVYr27azoeRjGoNS84eXQEzEquFngWQnb7kRtKVYaIjgC37KH6iVQIfVyf9K-DUJNcea2iUJcOuhxvYN7JVTRUJrXbo1J_rvaGlMHMmpsSBp1lgsooLSzHVZ5BgPTPTE3gBHuty6dxiE2vuIEznVy79g-zD0XHMYijxinkHhLPntqDD8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJffxKbjiWZ54xKyssYlY4U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7041
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJffxKbjiWZ54xKyssYlY4U&google_cver=1

43 B
766 B

9ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJffxKbjiWZ54xKyssYlY4U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNVfVYr27azoeRjGoNS84eXQEzEquFngWQnb7kRtKVYaIjgC37KH6iVQIfVyf9K-DUJNcea2iUJcOuhxvYN7JVTRUJrXbo1J_rvaGlMHMmpsSBp1lgsooLSzHVZ5BgPTPTE3gBHuty6dxiE2vuIEznVy79g-zD0XHMYijxinkHhLPntqDD8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJffxKbjiWZ54xKyssYlY4U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7041
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECP6HMRx4jL--LrggKsUuMY&google_cver=1

43 B
1 KB

14ms
13ms

Image
image/gif

37.252.171.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECP6HMRx4jL--LrggKsUuMY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNVfVYr27azoeRjGoNS84eXQEzEquFngWQnb7kRtKVYaIjgC37KH6iVQIfVyf9K-DUJNcea2iUJcOuhxvYN7JVTRUJrXbo1J_rvaGlMHMmpsSBp1lgsooLSzHVZ5BgPTPTE3gBHuty6dxiE2vuIEznVy79g-zD0XHMYijxinkHhLPntqDD8

Protocol

HTTP/1.1

Server

37.252.171.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.2 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:32 GMT
AN-X-Request-Uuid: e394f408-6737-4992-bc4d-add5897d7f77
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECP6HMRx4jL--LrggKsUuMY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7041
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D

170 B
188 B

26ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 02 Jun 2023 21:14:32 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e9c8f0b8-755f-42a3-b0ad-c98a6609a494
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 container.html Show response
8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6606 6 KB
3 KB 10ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:31 GMT
expires: Sat, 01 Jun 2024 21:14:31 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2924 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4050
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 20:07:02 GMT
etag: 48472445140208031
expires: Sat, 03 Jun 2023 20:07:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0874 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd259f8309cb2c4513eb680231e65a0a350b0f8fa8eb4a025911004a4422105e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 568D 34 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

787ed1e9f233b4252d8ed16a2ffe349ae6d520261f22eac2d2d543740878db1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:10:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 269
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13388
x-xss-protection: 0
server: cafe
etag: 12354464270641361980
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 21:10:03 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 568D 24 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:11:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 186
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 01 Jun 2024 21:11:26 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 568D 171 KB
53 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:803::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54276
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1685532878231373"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/ Frame 568D 22 KB
9 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/abg_lite_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

551debe8c4f0db7b25699af72a204caf099af55413f90eb34b5f546330d6187c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:25:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2914
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8798
x-xss-protection: 0
server: cafe
etag: 11317101923912129037
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:25:58 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 568D 3 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 10:09:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39875
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 10:09:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 568D 19 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3735e94afb2539b14515fdd10d7cc066cffa99d4b52762959e342295e08a770e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:26:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7991
x-xss-protection: 0
server: cafe
etag: 2412543371950383451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:26:50 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 568D 0
0 22ms
20ms Image
text/html 2a00:1450:4001:827::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTiO5c9_HecIXIVZQYZELjQzW51Cv6PevA0fmuJ1N1bNkLK2afgL05R3PKFkU6YRMeUKrfTsZc7fhnScNEVeMqMBR6J4A
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 73B7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC56DiABxWBBT_ZauSulKrg&google_cver=1

43 B
114 B

21ms
20ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC56DiABxWBBT_ZauSulKrg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNUqP5bKbuIGdlAivAey6Xfzj6sIxlkKtDa7XBJivWxRW0xq5GIYkK84ZkjxtS8UOsjxxbg-VZ4mdd4yx4laFKffphj0LV8GoMSvIrHmWJR8jk4teXoDQv2JEZ1jg9aPcWG_PjoqSQM2_NV-rmDmGNoeSgMB2mR3uQtAODnn4JvIA453f_U
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC56DiABxWBBT_ZauSulKrg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 73B7 43 B
304 B 38ms
15ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNUqP5bKbuIGdlAivAey6Xfzj6sIxlkKtDa7XBJivWxRW0xq5GIYkK84ZkjxtS8UOsjxxbg-VZ4mdd4yx4laFKffphj0LV8GoMSvIrHmWJR8jk4teXoDQv2JEZ1jg9aPcWG_PjoqSQM2_NV-rmDmGNoeSgMB2mR3uQtAODnn4JvIA453f_U
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 73B7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEFq4r7xCd-Y5jHB2Zpc6738&google_cver=1

23 B
163 B

113ms
57ms

Image
image/gif

104.111.217.42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEFq4r7xCd-Y5jHB2Zpc6738&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNUqP5bKbuIGdlAivAey6Xfzj6sIxlkKtDa7XBJivWxRW0xq5GIYkK84ZkjxtS8UOsjxxbg-VZ4mdd4yx4laFKffphj0LV8GoMSvIrHmWJR8jk4teXoDQv2JEZ1jg9aPcWG_PjoqSQM2_NV-rmDmGNoeSgMB2mR3uQtAODnn4JvIA453f_U
Protocol: H2
Server: 104.111.217.42 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

expires: Fri, 02 Jun 2023 21:14:32 GMT
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEFq4r7xCd-Y5jHB2Zpc6738&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 73B7 23 B
163 B 156ms
52ms Image
image/gif 104.111.217.42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj1me68ATAB&v=APEucNUqP5bKbuIGdlAivAey6Xfzj6sIxlkKtDa7XBJivWxRW0xq5GIYkK84ZkjxtS8UOsjxxbg-VZ4mdd4yx4laFKffphj0LV8GoMSvIrHmWJR8jk4teXoDQv2JEZ1jg9aPcWG_PjoqSQM2_NV-rmDmGNoeSgMB2mR3uQtAODnn4JvIA453f_U
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

expires: Fri, 02 Jun 2023 21:14:32 GMT
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5C 0
20 B 47ms
46ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4508566629722&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5C 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4508566629722&version=m202301230201&ct=76&x=1&cor=3822053559052326000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7B5C 87 KB
36 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeY00rEvFJ7ApLU4DrqMc6gc7URvsxPAIj9RywpnFcv_70yLr0ZT55H31dAS6qxQOZeBTZllWPC_uQH92UVayzzT7XBPx1ACTsbFgUlzOraC5KzoY&cry=1&dbm_d=AKAmf-BWbzDPHGP33GL_rP3nhPs-7vY8BoA2b_mWE_vAm7tiBABv9IvPPtePtLuJD41eLE3QIYVEpULzj5P21CLb4dRQFoZQyJ7cLu4qWrjHJVMoD_RCtaH6MmJOouZm8wyl9MCJTaGhUpdl4QLpqN3eS1D1lT33s5EpnehXXpAaQjaQkyIed11M5evop4nlsIA4g2ad6mcLfw13JeV3WeuRnR0r74Ae7uuIMfHSkdc_lTzMgF0dyEWAAGFwlmFjHyykAhEzdhaHw4ZwsGRuBXpCTcJuqtW4WVc4WEh4pSxdaMhANm-R59F65TuNeDT_8SLqLlhbHFPfwRl5Rwn55FiOGGEBmQ4qOJXosTLxbuxP2KaPzrHyRuRSceI_VSdCHMvhjTNbFp4xDSIBsqXa07K4tpvbW7b_PCaekodqAmtpL_Y1gGX0CH2PK6xOrH01hDkqVD2rao_vE_EjfjUz4f8--hFlNGRODYk-yj0JBv-PKX4j4blaold8Cpwyt3a_XpxBV1nH0EW9mZSeCGKKkpxfe7EH3_4cDfwgBSVW7lLlBAQk5X43Ycih8WHjNmte6MU3Z1e4ePozJ-6DvgV6eBkmzmNUR69LsER_-wSLHfYxlbdHrFaGZEoJSTqVK0B2lvQojferg4m8nMA52-6tOuViqs-8NRMuPY5W2GOAfxii5r9F1Mg_6AGEugsG9YGSrZFjhmsfBBf9vWj4pOwrEkK2a_kPS2Uvz7CORrULZoEJ-PpvB2aTHxZURErBikXxE7uYCu38aCQkIH6fDHFtvzDrqfPyhIKmFLNE6WEiHZO_SIk7sOlQuvbOJ3yamortikuNLVXeCYDstLJpGgV6jZ7499Nn6oqnma5vYO6cqh_GwuJxNylvXrWazc7nYJYYQOwb3-M16XKhPZvcGj6ig5V3l_C2t4dVLpiqAYLk9aI88S6SJBi6wVFIgX7rRWjuSric-2LyqnNvOgi9McWCbgcl35e5Z62Voo16Vlhqrr_htfPzdYTrV0SEqKsKP9iKcj3LwIYM71TtGIjiT-ydjDRK7vPLYQQcTQ6a3Y63Ceyrr9trstkvunCv5oF8OeHS6z-Wh3Pb3m0jm5YqWWVBJG_wn3C7Yn4rmQ_WRh1oyXet9jozC9i1GRJzohvCgdJseNL4VwBP2EBssCsznbENcSwedu1Bz0N_9MjD7U-b5xWd1a-PU_g_T9yIaGhnAJOmw9fh1v7UgvriUA530shI81mVJp_Uo4fjHi-CcD7iQBdiUiF46R19EggNOTClM-gNrYnWjgy5UBRIbz-xKbAalTlHV1wZH3VSpamZlarfh9j5BnZM3xHl_MY7GwdbKfafD1KQ8rMJ3Xsm4IdTynBZE-tIL70o7uLauijE0myrIuv2olKsSK5qtsbAnLOBV2LMDlEVG8MfRe3pIPCim8X71XJJSmkfe_4oZAceorEVGk-Ex90inCfXqa0NqZJZvdtOsKp1vRf1aGZd1tV67dTKOkWDcpkeMzIbjSMNiDrszfO8tF3zevWGdAEKo9HT_ki5D-eWjJECT9IfqJBzD4oGmV7icqSEFz50iWoyjICK-f3SVCoKWiwoTF-fe5aiEn5spR377mqnEPMzDhNBb2oZYu4MPMHXOd06NGbf-0Usm8aMkLmvp4UW5Xy1J5_Weg-EVv1lwHGR2uVygBmNQDDoIYcLgCoYz8mEE_yV9fzOjL4YhCg2ki0HcmZiULib9mKlLsKKn5imoYx2TyYLwW9KRVuH1WGhM9J7gUNcbIb1hvS4PaBUjXlwiibrFffD_lw9zJ-3H80cI6yIsJSWp9Q-KzxtU9qkIvWVmOYoAzGVqc9TGv05bRcKoD4VBTQZi3qX0hW0FUsaiYonDR8eXcLwDZJwoa4VY7ZHAR6Qz7kKt157YoK5fRWnP8vVHk_rjHR7PueAJRKOWLSyrvtpaPCXm0sPtw-y7ZLSlnwmoHCNIsWRBt1yeUxsbWqg_sDLA-f7Bq9Qn6K4NYeQ3x4CYVttHTGGD6eC0ahiRsWThuCzd_uPSxB5mQa_Q_oJJO424QYsj39vn-bl_bambWIAh4Zv6YsmcHWSRhkcYCUKxxKkb1FUKMZC0vXi53nX5-BMsXDHqZ2wXywcl8mDHR21h3j7lccAL_MCn6TtoO5IOH3Hafz4BLNt432P17hCCme02abQYnDDt0vbbK-dU3STM9b4VL6z3_LD9s1T5NNZ9Zur5uzquO8SHUxBxZLHVlnjc7VpncGv9gdyuqj7JGdAUze7Me3IFQ3CI64v0IWdWXzfduvLd11ZebCGqW6LWrTnjs5NxVHOZE3kazOzRbNuR3KD1RG-p0cyIrBpkrU_WuZqkEDAfygvr50wOqvUkFAEZ-2P9G7v6HMcEls27xAjKla4b2jKSyiXKBBew-twPXSeSWABGMIkIXQaoIe8X1WpNuKLljvXlhRNOBX-Elc1ASFtTAc6oTPDtyyEoafbGdu364jIsIyPfaB3XdLvVZVwDDMFWzsEPyK_EHQfo201Eo3tEtQib3V_Ldkoq5-hPe3WSJoBdJR-2CzS_dK9H_0K4uO0RdcWf1APHDXB8NLmuA8CEo-YrfkAVX1FhfuGYHjDzn5XhLWPfBDrJ2VyI7vEOXnfqAHuhE7geZ33qi43rrngquVOTyJM_URlwJP3SSvFTuGjZ0gSXzrZioix9cCy4fssaabP5FuMnDToWeyZXS3kRBHw6yWt-m86h_MVqp8e4jgkcVtKLKv-AJMJMWY-tpszj8X9C5g1_1n-y_fqql1k_95thlz4rHmsthRnwQf1xIyhNjEIe5cKR_rv6o9Nw4kHWaVyN5uwO82XTIMt5bXA5qj6cJmChSfQZuVU2PDKSMr6qxR-2XjJHvY6oX_x6L3DknXOnNIN4ZGV8BBYfs3z0XLCmvf_YAExrft-gtIJwAfJhHkRNqJP6ynaHJCkK3XlFvPPVqwAey-TNyotE00K0B3zWol0Xu492sNMXB57axRJb_fGOPVL_gScZX4ERUwWR8qWh5A46_vM5ZxtClN51h5MUyZAZAGsleFL7BslP-218qwlWpYBUnnVufBQpRHGApoPD2E-I37GPVY_hxGoZJMlMwfwD__RP2oZnvhK0qXX2p_pvTmZEULYSLXjClEw1emUpUoI-6RaZCB-AbKBluKuHEDvENkrOf1v8kSb5V2hxBf-tJDF6XnALd7b5007RULCF0fL89jsVzTWpxjYrH19ZPnmIKdPKKtKs4kJ59OfyPd5tODb7zQlX10PgeqJgy_tg0BNjMOWFFJjbfMHZUdFjzTRARJ8O-mAvdXwgh3g0x_jlf72IIgQKkVrKJTHQl-MppOxXpkCV5c_N93ttGlIPZ4Y3tNVdFXLOCmrx8AMWdBw6Yqw7ijbKx3GHYKYHjOlAqZj_x71WWPnhFu6-nojegPqm_pTWwCbLYWV846LTJSfmY4gdpC1z2ltRQaCKlinY1NTFiUdMXxRXCKiLzXRgUVYgtxSNStROElDOdZRA_3SomEaIPgTtcKDkDvlOC3WeQ7RxRGfVrMg0NbxGqNqIa_Mwi62FflcXiqlaGV7KFijiQ9_SPhiNX-_w4k3V4jpCrYZ5VqrRWoDSss5ABUVo8ooO7BpnKP4q2okj3Qc-rTBRgKcMLjJrA7cq5hbYAbbRSdh72go01q-UbOZGwbs_IrbMbd7VA&cid=CAQSOwBygQiD5lOT7iF7pkBy0Yo6kNHwXSRm2RSQdlvKwX_vdon9Kkep3YwHNF5bw_6gBYv-BxZvtjFUcL3hGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=3822053559052326000&adk=3887872403&idt=40&cac=0&dtd=52

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

634d9d666f3f12d0d76460cfa724afd5e192b41e47479d22ccad14c7b0e1f47a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36993
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.135.js Show response
static.criteo.net/js/ld/ Frame 48AF 89 KB
29 KB 66ms
31ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.135.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-16386"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 03 Jun 2023 21:14:32 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 28ED 466 B
235 B 30ms
28ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJDi1MQCENjdsOICGPmPnOYBMAE&v=APEucNU6s73lUCcABnrEniq_jrNyyYN4z9wpyv8ERNDfvU3c1DUn38PXlVjr3CP_mX0_a6pJTz0ZpOJQO1xfV9V7Z3pwUTkk7L3At4vEsQMLF6qtfHgKxM8auHUzINd4rLUQ632WUveaZOY9f8gNtL9zzhtCXdd2MBlul8nQIvYDkkS2D9VTNeI

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9F87 78 KB
27 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F87 42 B
63 B 44ms
42ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BhJ5TCynY7oehuUjcMzqmEGHD4t-z-9VJyIz3koQaGYww-iiyUApk7YdvKWU_a_JpgieqfgvZ2p8Nm2NO_SCEinvnT8abMvyIQxeI-YujXs2tbXH8

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F87 0
20 B 43ms
41ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17483446497696620101&x=1&ct=77

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 9F87 2 KB
1 KB 136ms
30ms Script
application/javascript 2a02:26f0:6c00::210:ba29

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=15911784&cmp=203336&plc=7322077&sid=18330&dvregion=0&unit=970x250
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba29 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Fri, 02 Jun 2023 21:14:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:02:09 GMT
Server: UploadServer
ETag: "87b6182d03ee779aa68e37632f67656e"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 913
Expires: Thu, 01 Jun 2023 12:16:11 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 9F87 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 10:09:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39875
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 10:09:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 9F87 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3735e94afb2539b14515fdd10d7cc066cffa99d4b52762959e342295e08a770e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:26:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7991
x-xss-protection: 0
server: cafe
etag: 2412543371950383451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:26:50 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9F87 0
0 17ms
15ms Image
text/html 2a00:1450:4001:827::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQtvKw1vE5sS5f870BwbWq3eoEwyq0whJJciSCzS3gtcsdqC4KPbUY1nK0uGrKPeLKXZqNaz0XFJn_2WSadKmQzSiP8Rg
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9F87 171 KB
53 KB 32ms
30ms Script
text/javascript 2a00:1450:4001:803::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54276
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1685532878231373"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F36 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4937179272012&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F36 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4937179272012&version=m202301230201&ct=76&x=1&cor=16255311636137271000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9F36 87 KB
36 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C-NDtkFBEUdcRzYiSXhbuWowwZumKnq-Pn8K_K9456WlH-F87qw11mttT3KU9KrzOhrKNgjySrUI2PKKALOuT4Yv32-f-IE7liGYU_kqewPT35AJQ&cry=1&dbm_d=AKAmf-DfZMsxeB_CJZMv8RbIV1tta75rL-fikOEY0wjOO1pq8vMCobHod4a9lX9hkwdDH7aguxiuQLkUKsEF9OhhwOgVYGIzDjODqDL0_eHzXiGmxjHu4Ufcp_oLR1d_THqFL-coauJVhFtdYW2nD5A6iUiLzX_dG9bnNmL_HbTqab3ncKa9JulHkqaS3uCOrMcLmDv0JVeLTrmWpEk98A8EXbUEhpjRO-b2IM9ZJRDP6kjNW0o4dof2DZblBPbQlK7bNsMNFHhQggenXfYv4hen7gYAmwN2oy5QftzlA6AgA8uoWMJxkkvPZ4ml_w4TJ6azZIb-CVi8mYi471xYvxIvp5CWI7JxbOmH5J7_e1hLJuqDEP2L_mjFiStgDL32v3l-q_aJF0x0slwiCz4zA5LaBAkp6EvvItjH38i2x2fyzJQ8iYU2LRkcRDI2punnIQTYdkyzwCI8f-Oq49IEi_XUX6po3-17odmtdKp4Zbr26uMIynUPFg6GdXg0FpAqi1JVq_s4mdcTXg4RiYyRUBih1etQCWkoXllbppxOuxKUfXlb-rYBoWVrc-EiWluufO0Mj5jzxxdcs_y8ATVq3ZQTWYmR4WHzKXrwi4im2kVSxVaYtXz-j76NK5u5zCICVeAQEXuqIhRkWG3hMIoYKNfapLMiPMSOAkLAmFDADuZyyNcyUYDJEnsktFLw3CgSdEWAz8Hlf0QlFhLU8GD7GqfOs01YZE78jUN2mIzsZRU4vBaSsyuf-bi98K_JeDpIapfgB4ilHjkDFfkCKBHDwPmWTEF4loY8w6fRB0ID3SePD22D36Jk0WUXEdf-doYxxzQVTswmJAknE0dpmJlJidoh-211Q326EPBIYfW1mIxOHaqAmIrclEJ3RCXsTTuO_GRy7Dg-d5s9a1Ens6knuKxk5_dNUXkH3Z9w9h0UD-eTrQWCk6FAFUsZqiIKt_2QYVeBiGCHacytB8_oD4XwsWML37tYI3rmvhd690PTEVLRBjQZ22OLE0j4rkVCXXSxjtAx_IEVETzcfN1FJWTshoDa6yXLKDCnoBgODk5BARI8z-wuuUfcIVuHRTxUTJLGNvxV16FxXckb0dvbozoI171qMQp5VkkaOB8vlDA5HNm9-6wTCerAtAaljnJpENmvaCAVXOmG0n-BWcHv71iqhe8AW3XJBqq7MCX0orO3vkXWGM5rdNdpRaK6aZpN1TTq8g8BIfe1_NGCdQASTxeVYTrtgVUOf8mGr4MOb1ddJlUaao0aJFHT1FpSDlZimvn2gvWfl8yrfpMk7FGCkTcFOcoPLtRbGg6EIVCTYqO-CbF8aNanEI25fB2laF3uP7ZxvrhKXC_1RXgG8yt4DDiTuhRtvz67zeitDUDfU3CumRoqxH0sH26vtVn8zUjCF7I-5Aurx8T-QbrVWPAPDD8P676xvlKlLoV0SHZGjNb2RAgc-6f6N0BPhSLLk-TWURPwTURmtiAmNoXE4iCa053VdpmspegLRndvOeq723P-X6fu0Aw11QQ_YVftDauMaLKNfp4dnbkVhDeY9X1gWH0P0Kd4s4fI7eObRq-b_HrgZc7l5BtbJYWvKA1lOIt2b74GBmEtzxGq7FgpSrmLKSaDbePJLJ-zuze9EVjzzdcJ-ZZ4t_bwwi7_jRyA-sIi-GO3AccHnMekcXYsKP2ULO05g0dlW8h5fMsM3j9mNx9BG2hnznwrdX2mHEBmH_hJOr7SATEoQI6YxtoQ-Eaq1acIrAanpwNBmA8ld7JddnF3ePWaiSaX0DTM_iJoMb5S_97xyk9rctnyVjIJUBLfmOAzRrmf9eMq8GJmwHSqf3OZF8du9ghyH_MCXOXd6cWRUq_YMWIsLytrk2Rpco6fl9S8O6xgqn2ZOxCeRk9qM6Slh9_S2nRlvUoxaiKoZDYQWjEWinZ8XQLR5yTUxp6Q2F9YBkdVTMuJHnfHVpzdAfdWwirqK3nhbSo7YYz_kL5oX_PUjLWgOYxZ3mSy5AD6Qznnl2Tgqn-A3CTKWzXDz0s0WUEv6VPt_Y7fre95eanjFYtUSggcvpW_jEA2BrzYnicc50e0ivsgelXk0lBYa3YMf-HAkgrwDNjybHqZq600vrZ-WbH0iGf1Wqt9nrs0-g-w-U9IxoMigRceaUzjcv_gTeU2FwJbhQlMYp3syjQOlg9vBXNIbioKbVusKbhlY4YltrdG6IWpFZUqZ_2YPAbklLF8odX4A_i-Wvi29W_Cnp_7Y3kM_FejLDUwYa125cNPTKM4wYoPYCQCQ9-Px36-C1M5TF0g6pYOa36WmykTllsYq9m40Fsig8TLM-uHeDrpnEkfShlNi7H3wuNp0dA112nwVp5AhH_7S9XbxDJ7UDVdiWIt0kDlx03FHKpiqD6qDDlAyzqrLu9MuzJ3GrG1NdBw-VrK1D6qeWLj79o-9N-pHQ1tdeVVeIVB7QfJp_xaPq0JZi2gX-QJjTaouJsxxlzjhjGIzYVq9chGU_46es7qZlxU2Z_NI1GlHvtUcE2gUOvgUJrD2RlTOF3_lmXVpZ3FSVBNrxU2WhAbd4GftVdfCGlU136pAiD12mpfpnTMXSYsJ-vuK9404apq7AQtgOKDbzqTY6Vdsvm1Zt2blpYTglZ4MtQkY5buSnx86FjyZ0wexC_NgcVSexgboijYGWG8VvPtyl4F1IJs1qTW8psS0ygOQsZq_bP30gj6exUoaNAjO8zSrRCO1_duh3mBpZbvRMwFNUI0CW4qShDBsIuC579nV5Vg_aR068WZbptlJj0WUm6-9kZGgMOm7GkYdSCWCxBCvF9iJG-ZJzRszNqnqof0oYHHZznYNG36_RO2QvzzKRtmmNCpb8apG4KrDvK98Xg6Gz-MMu4w0JAERXUw5GDqZ-L6J0X-gYB5AfuJVMx8oFDt1hunUOvOWoA4XH9LWubIE7Y2mqGTYF0fgQ2_0GuJD_370eD5pRVU_raH4Mkh7JvS5o_CQWBYYm6Kbq2-93rkSEKlwU2Z61Iu7rccd8TgAcsxn7tk8yNRSeJzjj7uoVE5IImRLtozOm2gN9arEZ5quYAve_vM0lzdQzfNUwsE9W0YMh2h5x01IIhhQoxQdp8sTMW_jZXFEY2xEWw_jCASv5DHhzjCb8kCwBC9yWZ6dYF9w-8quJEYWbJQC90D7BPvfMBsWOBsQs8Dx5ucPJFG__wCgqG3a8bqwvV0v5gVryxfQthQ2Pvl6EpvCiel4BG435iB0PVRHTchpk84B56qvCs5aoeQW5_SIYxtp7QZ4C3zraHnOjT_8OB8t8QL_Z2I4AEuqf3GW82_Auuz2_42yXIHYHU0guJE3QMe_A68qUy8DmuJ49-phcGvz21MEqIJ2i3WkAmBfBSmDwmn4OwvKrarm5trQ3dqdrQUst3VDhu2lkbTqLqfGv8ZjDL9IPQDLCRHgrT4ZcLzh_BCBPpprL95CNkLpjyq0N52MIrhHrp5QILP0m2PCUvzED87SVKxiETA5sHVr9nn1pwafMbWb8CExgca1pEEou5Uw1UwJV8y7U-oswB-3F9Y9Ej6sgKT_6-oqqGmzvnhxeFP1aI7LTrKihn43gcW2Tl7kAxPc_NxOlaoQF8NN4EeAroVlVysbU5iNhjiNoPNNr-EJeCmsv2DhEVMKZZkykdxIEM-RTHMrf7UycfKGEQ6ADcpB9HVc9kw4GLV1PtYqFt0f9-JfdLw1Ww&cid=CAQSOwBygQiDJbBrjETz4hyZotY5JDdkaBOl9gWNtGHZNhwoaLYRAF_MB3XqkDHOIT6Q2w0KIdRiEMzmF7yMGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16255311636137271000&adk=1599433117&idt=37&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

fa70d5fb34f4a2dff7aae3c3b1eee28c078dd981bed43daf4d04b748595343a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36974
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame F8D9 0
930 B 9ms
7ms Script
text/html 37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fye-mek.net%2F&e=wqT_3QLhA3zhAQAAAwDWAAUBCLe36aMGEKDZ9K74vOCMPRgAKjYJAA0BABENCCgAGQAAAEDhevg_IRESACkRCQAxCRvw_cQ_MMGB2wo4pRVApRVIAFAAWLqcjgFgAGiztyt4qIgGgAEBigEAkgEDRVVSmAHKB6AB-gGoAQGwAQC4AQDAAQDIAQDQAQDYAQDgAQDwAQDYAuoQ4AKTnFvqAhNodHRwczovL3llLW1lay5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD8tk44AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDIxNy42NC4xNTEuN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAOAEAPAEAIgFAZgFAKAFAMAFAMkFAAAAAAAA8D_SBQkJMQ1o2AUB4AUA8AUA-gUECAAQAJAGAJgGALgGAMEGESMQ2gYWChARDREBfBAAGADgBgDyBgIIAIAHAYgHAJgHAaAHAMgHqIgG0gcNNZIBKQjaBwYBXHAYAOAHAOoHAggA8AeH4wKKCAIQAJUIAACAP5gIAQ..&s=dd6fd9320bd19c72a88b9d1bff0ee86262eae9d9&bdref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fpcloak.blob.core.windows.net%2F,https%3A%2F%2Fye-mek.net%2F,https%3A%2F%2Fye-mek.net%2F&

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:32 GMT
AN-X-Request-Uuid: 217241db-6432-4c3f-858a-e3e7c5f53aaa
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9EC0 398 B
222 B 32ms
26ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNW4ZzOUlQaIPiUca1uR7_vVss9RBNcGSvwIBAk9MtULvtw7Jdx7TS43YtecLxh5j8-JUY5SGmu6UNvAwuU0a0wH0H3GiVgkw34Cvc2BLxc4ifaIUQ-GnoR05Rd1IBomRZa2oExlXqLrt6l8cn119OF84Cfti1nBy19Hhyr00UUh9pyaeYU

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 202
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6606 78 KB
27 KB 28ms
23ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6606 42 B
63 B 46ms
40ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B34HJrpkZUNoYOXAZ3EA3f_t4IL4WYrRdruqirmz4p-OR2kq3AingJgJZQzmaD2nJ1WjwvSILbtaSIe39xB5QW9_etL1h29LZCtQ8-qD3gFwLr4dA

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6606 0
20 B 45ms
40ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6173311438854367936&x=1&ct=76

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1352960/70224255/xbbe/creative/ Frame 6606 253 KB
77 KB 144ms
42ms Script
application/javascript 52.212.231.135

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1352960/70224255/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DWwPfUgMeWgpUm80xJfeqCuqUhdyjwPrxnDlbhslAc76FEeWGhIqorI4IPMdkp0rbt2cze9HdZTi1IbJ_WJ4MtNcNbzPMC-HLk3FSYlEXWmO1XDt2HMKEOGdOebBZ1DkpvjKfYeEH2oqkInYWqK10uKrSeGyrwuMecOkr9udNOwAxjWKoS2RQAoCZ_4G5SClNukvCP3FOcxiTD5wi4RL7Nm2enXWJJme7ESZCJP9FM0B1SU4V8zM78HgPKipsLtqbBlLuB3w3nv5vYZcZkhrGNvZYMEaeEuWYzs9gz4_nVKwUlc4tvDJZGAiA3KxRfhSDUA8CeST9khdwxPQNwMXDUy3dojIQJmTTs2GXVCx3OCiXMiI4AyMEE8S1K2YlcQNwteldVXexFG6NcmZfzVe-lIzY1FxnS7AqSC_l7f3eQ0x3ujyAoyULz13vMyk-oeIT92K7BC9smY6kB8KuWKDJzyjOHew6qn79w1iljiFOHhYV7ixGrTd6bl0pexcUuutSSb-5nYvRkHHYoY1WKgKbRvbg_UhdW_GB3R5X4XTmLAwmQFWShv22hCms6Rm5IK9QZtpMxynCfdpuKEoBYFVIZcyCVVwSEdqFnMceDCyPs9lpRuhYNoJvfnFgcLo-58UQFAc6ek3KOnSGkf4pbp9CxAM_jizBi-ZJ_NNBJILLgSvVajADmovGhGxyxh_Pgg8lrqxBfRwewU4z1jZP5oQ3aQ_Dyyu_TrjeHHWtC5rfwjjr0mrO6ryBqQ0ap_2JaQ_lO7dpYsuFowG0S4GBG7UWtJGTcs7lklTxhqGyM4sXh4POUoXAmjEP5Z0F0wPaBN0oGsZjDdWE1pJyJ0SumGQ43o0FVD_DRgep0sWmgiyTFP3mXQDf3Y9qCXVzG7RIx6Q8HRwVvq_nQKjKy6Pg3HFgUBiN-cRIqq9-8PNMrLtA9Mlo9jxQ9JOsUzPoB3S71B8zWxBEAE7apq12a3wYryFDSzgMxJ0QwISR4t-oiOlMgIez2W7p9q-G5xaTtno1E33PCAIkqvvehAEr3VRMnTwgdyvr_j1PICbwf-Llip7erFawdaNUiUrKlqLTsxL-LXI_gCL1tBGhsjxBsp9AJNhM9e4h5UU-7e_7v-q6V2OyR0Tv9jXzuKxm_Hv0y_b9f3TdKAtWiVxwfqIZmPqxvKzCS8NuYsUCNEbec9NVEt67C_CabTg5mjxr_csxSnJ1Rb4dmnJqHdqkEPJwj2gX7D9yESJYfm7mcXfsW6ggkJ36ICkV4BX4TlHYItVG6kJQgxo23GdXXo6NI2Ffq4by8jIhLsUY-vdwxmQLdfk0dIKiwe821IaXT59UmzYBj6gl8TZYptwmvfb5y6MC3CgJ6PjTJmWSoG1RXCYlJx23OCVcDeOcxvCitFtanOTGyb9g6BIRamNdJYmu1RqwWzX8q0jskn33JkdM3hBipe4CHqFJvmXH5mPW6IeBPJktCcpS6bz1KwAEB19y73RGzngtD-pC_MDqFyq72NBIZeOne7T-gshJOrYZJPM-IywEPW6KQSxtCkjjRhpSOLNJhiqwlMSkX3_ipebOgq66T4Xk2WIqFx9TlKmC_DmkFIN-bFl06SDjrnSwumHH0yMPSG7bD2K39MPI2h2x4HY9gvVG9cZSYgLMuYNK6H5utq3YbgnaZslY2yEispqCD15TnfT4zyccFlycauXc-u-DkA_RHZoNbNeBSYhRarZdJuuMCdbQKS6pz4DUNqtcsD7tVaffOAxlj9H6YeTrv7PXSBlWGWDO8Ebw_LcDyftkGqmKa6X9_dGgbmD4CCHLtcDX0aVCMScpvO_sm-Nqs639EVT3C6OgJhS6OXs1To3EmPRs3GgdXNmTnTEZSUCtOW_jl5vUh8-PccWy3UUMfS2nB9FVMq01th9Ce383zoDmPFHVDkeugBSMgfPW10Ebga5yxbvzqe37jJKxu-owhT8ORK7b4dTFL8LOu93vRRob2FRgnOUFhK1Jwly3ClmIR-R1jZMLoeP-fA2hhzc4xzjyXCKOxzQl5LaL5LXBq6wO1NrZqxSHjC_l9bfqg8ix0D8LTkyQA2_88Yg78cs9Ei5OEHW1vMgHzmmCOyb1AMrjzx7l4WpSY42NHIVD3NaV3XuhFoygY_mQ0pJw4AfgOKCa2YZFLDmbORNg12LRSqHfgWajLLScZPqAJAf_hrC5AxRDDI4Tfd7bnKKqWTkH7xr2sIob6UCg-XKWKFXk0Wy0gDhk5A_A8Ps0aQHgr6IOYdSrkn_iRO4Xw3VmY2GZOXSesMRcIq9N91YNK9z3b1bfvzVkxUn_F5l36oXvJ9H2bEMRh468RNA8Ynoh_1cRKELChgMxBmBBsyjcxyPAkutGscGB121YZiR-4Ts0wEsEKGE0R93Z0iNjjl3E8szddbHILbLxPak0pB98ZmRDWKbOodhopDzp0iTnS8xj4WV_xVYmocXAei2PnQlJT7gSdVCDJT9ibKmeXl-spLg1u-orjyrAN_hg6H7NlgDkRQZoBFSKcL18fexWSrDVybB4rUD-dhe1UqD_RBxMGjLDeAC7pv7gjPQ4Lv2KwuhBV3XoND80oWr-xPnfMa1c9WiDFWwBhKxov3x78dawzOwmVfB27UE_5t8drOhSss9ybpno76sL3eNeWJhDKfb0auv5mkAEUj1bLEwmizovWxC229fqoshpkBnZ0-mHh3ilO0R0Z5lVbzLcMwmtMZxohFfCuCjkiY9yEdeRSXnQ_LKIt8Pz2fINnEBzhoZNxNY2I_6KmltFBjzau1usV0iPv_WODBjacPnCrXBMpaPcJmbki30QBUd2h_LSh0McawYbwjkWd35zv3I7ezmPLKkOletQGeN6KMKgMtpKzivtVBvdFCaD2-atLki-EzdmxnidSGr-OLx9ubwszwFaYeembPV2r-Rh8n5ZqPbgocobnE-KXeK69OOnmbFaa7yZ-gQKFUWjxmZWcGGh73iWReAzSVXf0s3DTHwMIyDPWAHroMvSaSIaOpKiucamYP_2PRPcEUMseJbXHovc3pCdRZ-OJEjHNXLk6nVpCyRsKY_dePS7Oc_K_su3S2Ndp4MKf3TSMzarLLd9wi4CqyBk5bmfsXDeTSlxwO-9-6LNXx01RB7I3yJUxtWqzFdys0b8Qrpd0BziIeyQRZHPZcXf0cSCAK3oFQBM6knCW8dHmbemqaC5KRfu2zF3Ih5AEVB1Zzvu37tMUAJPsEWTv8lT8IF0B7pxY14c-_NX1-sO40NLrI243seT3eUbDmgSQVIjr4f5KwsiS5VY2iMjxwHXBkcoZtq04VuPNXsdafwqR_LudIiRcWrnLnCKixRnFnsZO4uFXjKUpGnrquDwz2z43o2ZOtE-XfBigFDBMzIa-J3UqjN9ZmH4n6d9FuVkVYp_0qx8mOkSX2w7oxPHVGvet4MktL0sf0SXjwH1YO4jLDRvIUkvVOYhECsNG04WTjne8gZlaw_J9nBx2MT5-3PQPnQIAIGxUq40OTwVqvm1cv8P1ULYdumX0pUd-5zmM7vkNK8zkYdseN7IuntMrD2kDf-akReKf6gzrlFKxzHPjgd7sRlZER0x-n4wB31GfQMR6uhgEVG3HG0auCVjj6tw3fwgDmpIThk9leFLdmHy8sl-SGEQlafMiFuWA_1G4tkhiL0CMohhuuqZioYF2eyZdV94F2-FQiJFf_Np81_lo-AXgj3XCX1jufo16AMLZYI0aQQgEEjsAcoEIg_zp32-t3su9BSNntnsymcjsRUZ6Kd0s6F1_4oKgNXONu1Xh79aGhuLJlsVuvTGjOTyD_aWYnBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-7983651257838282&ias_chanId=1&ias_placementId=18513634021&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iyqquP0DVazRHO4Pp9QncJ
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.231.135 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3f3d5ba7baa0ebfca86fbfaebccda25b2e2720318f80280cd90e10a437ff3d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 6606 3 KB
1 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 10:09:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39875
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 10:09:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 6606 19 KB
8 KB 13ms
7ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3735e94afb2539b14515fdd10d7cc066cffa99d4b52762959e342295e08a770e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:26:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7991
x-xss-protection: 0
server: cafe
etag: 2412543371950383451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:26:50 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6606 171 KB
53 KB 29ms
23ms Script
text/javascript 2a00:1450:4001:803::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54276
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1685532878231373"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 48AF 0
209 B 46ms
43ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1685740470631&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 28ED
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEK25q0VPlhDq_m5laEcU_NY&google_cver=1

43 B
548 B

42ms
15ms

Image
image/gif

185.94.180.126

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEK25q0VPlhDq_m5laEcU_NY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJDi1MQCENjdsOICGPmPnOYBMAE&v=APEucNU6s73lUCcABnrEniq_jrNyyYN4z9wpyv8ERNDfvU3c1DUn38PXlVjr3CP_mX0_a6pJTz0ZpOJQO1xfV9V7Z3pwUTkk7L3At4vEsQMLF6qtfHgKxM8auHUzINd4rLUQ632WUveaZOY9f8gNtL9zzhtCXdd2MBlul8nQIvYDkkS2D9VTNeI
Protocol: HTTP/1.1
Server: 185.94.180.126 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Fri, 02 Jun 2023 21:14:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 62
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEK25q0VPlhDq_m5laEcU_NY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 28ED
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzgxZWQ3ZTctMDE4YS0xMWVlLTk1ODMtMTI5MjEwZmUwMjA2

170 B
188 B

21ms
20ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzgxZWQ3ZTctMDE4YS0xMWVlLTk1ODMtMTI5MjEwZmUwMjA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJDi1MQCENjdsOICGPmPnOYBMAE&v=APEucNU6s73lUCcABnrEniq_jrNyyYN4z9wpyv8ERNDfvU3c1DUn38PXlVjr3CP_mX0_a6pJTz0ZpOJQO1xfV9V7Z3pwUTkk7L3At4vEsQMLF6qtfHgKxM8auHUzINd4rLUQ632WUveaZOY9f8gNtL9zzhtCXdd2MBlul8nQIvYDkkS2D9VTNeI

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 02 Jun 2023 21:14:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzgxZWQ3ZTctMDE4YS0xMWVlLTk1ODMtMTI5MjEwZmUwMjA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 120
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 28ED
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS02N0xVZ25aRTJ1RktGeWxoLmtOQ25La21Melh1NmYyZH5B

170 B
188 B

22ms
20ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS02N0xVZ25aRTJ1RktGeWxoLmtOQ25La21Melh1NmYyZH5B

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS02N0xVZ25aRTJ1RktGeWxoLmtOQ25La21Melh1NmYyZH5B
date: Fri, 02 Jun 2023 21:14:33 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 2924 0
104 B 544ms
25ms Image
text/plain 2a02:fa8:8806:12::1400

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEKJ6J-wZm3-ZJAQJdCjWpuM&google_cver=1&google_push=ATf1kGNt9ddtgLuuqVUk_RRyD4bOyOSuYpdFbxN4dlYjB31JiYvt9ujRY5Fs-441td_PCEeYcwyq8rFwpiKGOTlCEpJhuK5Fnr4eNCmpcfBX1i3AUZMyW-ggy0jvUsw1ukeDoO3VSg-TqnuVVflOo8Ni4ZusA6U
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471583&bpp=3&bdt=111&idt=167&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8262993181040&frm=8&ife=1&pv=1&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.y583jcix5nzd&fsb=1&dtd=177
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2924
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM704ECpB3-yhFAcpajjktA&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dkxxYnRpQUQxUTVjNnM1&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGMnzqYMy1h2o5sC4td8HDFazGdrlFxcvq0PuW-y0az...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dkxxYnRpQUQxUTVjNnM1&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGMnzqYMy1h2o5sC4td8HDFazGdrlFxcvq0PuW-y0azJAKlJkYBTuOgWPnxEV7nNa9YVgtqac1WbE1G4Osuux9lrOnGBn4-PynhJT7AqjZJSOkGLDjVt9v8Gdo7I0pF4Ba_YT0gAeQH6Zay7i8iwlSFboQg

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:32 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-777-g304ac51#rel-ec2-master i-03b3f67f69a828fdc@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dkxxYnRpQUQxUTVjNnM1&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGMnzqYMy1h2o5sC4td8HDFazGdrlFxcvq0PuW-y0azJAKlJkYBTuOgWPnxEV7nNa9YVgtqac1WbE1G4Osuux9lrOnGBn4-PynhJT7AqjZJSOkGLDjVt9v8Gdo7I0pF4Ba_YT0gAeQH6Zay7i8iwlSFboQg
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2924
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAlXgJRN8dAY8tMfEKz6iQk&google_cver=1&google_push=ATf1kGN6yc7BlCfNKhZSUX-k1DvQPY_eJWpeLNSDwnVxnnCjO5QeXYWmnNo9W4FrZGx7npfQd5pRJtZM8jhIbDop...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGN6yc7BlCfNKhZSUX-k1DvQPY_eJWpeLNSDwnVxnnCjO5QeXYWmnNo9W4FrZGx7npfQd5pRJtZM8jhIbDopWccN2qvdA8n-P-eJ4Aaiemnmydwk2G...

170 B
188 B

30ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGN6yc7BlCfNKhZSUX-k1DvQPY_eJWpeLNSDwnVxnnCjO5QeXYWmnNo9W4FrZGx7npfQd5pRJtZM8jhIbDopWccN2qvdA8n-P-eJ4Aaiemnmydwk2GLoTyAsmbXkCKVqp3wZ3Dib2A-x3m0DqlSk_-113A

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 02 Jun 2023 21:14:32 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x26 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGN6yc7BlCfNKhZSUX-k1DvQPY_eJWpeLNSDwnVxnnCjO5QeXYWmnNo9W4FrZGx7npfQd5pRJtZM8jhIbDopWccN2qvdA8n-P-eJ4Aaiemnmydwk2GLoTyAsmbXkCKVqp3wZ3Dib2A-x3m0DqlSk_-113A
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 02 Jun 2023 21:14:31 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 2924 70 B
265 B 114ms
37ms Image
image/gif 3.33.220.150

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFDperUaU-4k-kn0dEFgkSo&google_cver=1&google_push=ATf1kGNM-4BGq6MYuswHZWRnXAPUlgdhtmFJ9Ho8sOYMx7QFmP-J32W42KdDk5Trn593b9a1_6siHq3ZIRcMnA_nEIg8Akd-iLeTy9d7wtxbCHwjtIdfyLqTDP74dztEN4mvWIv3dQwOM_Rly88mQ3xDH5ANIys
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471583&bpp=3&bdt=111&idt=167&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8262993181040&frm=8&ife=1&pv=1&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.y583jcix5nzd&fsb=1&dtd=177
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2924
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEFR5Gb04EXmXaiEMZfZhX2w&google_cver=1&google_push=ATf1kGNU3Y31sveH0wch84-yVUmaU8NYECHnkytDsGMh1kUrp0vzbcLLaRI-UiWcUrG7EDvnuYAYQFBT5_rRLDk-VmG1SVp...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGNU3Y31sveH0wch84-yVUmaU8NYECHnkytDsGMh1kUrp0vzbcLLaRI-UiWcUrG7EDvnuYAYQFBT5_rRLDk-VmG1SVpAmu8wv6WQZnjCmDfb_4H4d02_tOvpTyoD_whyu...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGNU3Y31sveH0wch84-yVUmaU8NYECHnkytDsGMh1kUrp0vzbcLLaRI-UiWcUrG7EDvnuYAYQFBT5_rRLDk-VmG1SVpAmu8wv6WQZnjCmDfb_4H4d02_tOvpTyoD_whyujKDradw2xB5TlkEtMizBNF4HSo&google_hm=eS1HLnBuMEJkRTJwRVBUY1RQRm5lLmg4Q3hYLi5FSFVlTX5B

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 02 Jun 2023 21:14:32 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGNU3Y31sveH0wch84-yVUmaU8NYECHnkytDsGMh1kUrp0vzbcLLaRI-UiWcUrG7EDvnuYAYQFBT5_rRLDk-VmG1SVpAmu8wv6WQZnjCmDfb_4H4d02_tOvpTyoD_whyujKDradw2xB5TlkEtMizBNF4HSo&google_hm=eS1HLnBuMEJkRTJwRVBUY1RQRm5lLmg4Q3hYLi5FSFVlTX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2924
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEOovkkdY1eZBecR-FnijYe8&google_cver=1&google_push=ATf1kGMUJdXNDKXuv-nR0tPMKaBsYcFYKknM3WIkYj85_YMleLgBjlLaf7zTmRYHw1...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=ATf1kGMUJdXNDKXuv-nR0tPMKaBsYcFYKknM3WIkYj85_YMleLgBjlLaf7zTmRYHw1f5TB_e1TvhPWEdNeWxXYG5ZqJf4oM8pH8KAEeJwnFLvWf5qD...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=ATf1kGMUJdXNDKXuv-nR0tPMKaBsYcFYKknM3WIkYj85_YMleLgBjlLaf7zTmRYHw1f5TB_e1TvhPWEdNeWxXYG5ZqJf4oM8pH8KAEeJwnFLvWf5qDR04OoEukPPuV0Lh5exafSpjjf-E6NY_-st2fkOuyP0_DmR&google_hm=OHYtUjrMSOetfIM4pORGigc

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=ATf1kGMUJdXNDKXuv-nR0tPMKaBsYcFYKknM3WIkYj85_YMleLgBjlLaf7zTmRYHw1f5TB_e1TvhPWEdNeWxXYG5ZqJf4oM8pH8KAEeJwnFLvWf5qDR04OoEukPPuV0Lh5exafSpjjf-E6NY_-st2fkOuyP0_DmR&google_hm=OHYtUjrMSOetfIM4pORGigc
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame 2924
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENp_adFgDZ20uK7uAqWJuY4&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGOKPr8o17-zEQIS08VkQoU_QqKE8kG6m3rDx_i5rsNdU_8fRojzJV_qJkan9d_dLzMGA9-HkXe3uc3WLPcvmT69z1-Wy-OyFsveWBwSnWm7_ufWa...
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

126ms
125ms

Image
image/gif

104.111.217.42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740471583&bpp=3&bdt=111&idt=167&shv=r20230531&mjsv=m202305310101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8262993181040&frm=8&ife=1&pv=1&ga_vid=558801241.1685740472&ga_sid=1685740472&ga_hid=316891548&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3198654702&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31071259%2C31075004%2C44788441&oid=2&pvsid=1539967078957678&tmod=70279687&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.y583jcix5nzd&fsb=1&dtd=177
Protocol: H2
Server: 104.111.217.42 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

expires: Fri, 02 Jun 2023 21:14:33 GMT
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2924 0
12 B 22ms
16ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IBz5WWm9ZSlfey2sLEf2honYlx_LFrFfOVPL7WUXH88U0eyLaQKOFOGtMWL0u835uSze9H3xo

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 11262302460425599708
s0.2mdn.net/simgad/ Frame 568D 261 KB
261 KB 74ms
9ms Image
image/jpeg 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/11262302460425599708

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f0e2f6c277ff5d8359dec23dff73f2e1ea64f512f3cf966ba7432e76e90846fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Mon, 29 May 2023 16:37:27 GMT
x-content-type-options: nosniff
age: 362225
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 267179
x-xss-protection: 0
last-modified: Tue, 04 Apr 2023 12:40:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 May 2024 16:37:27 GMT

GET
H2 200 8682746528586002864
s0.2mdn.net/simgad/ Frame 568D 10 KB
10 KB 73ms
8ms Image
image/png 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/8682746528586002864

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Sat, 27 May 2023 09:29:23 GMT
x-content-type-options: nosniff
age: 560709
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Tue, 04 Apr 2023 12:40:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 May 2024 09:29:23 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 568D 42 B
63 B 36ms
32ms Fetch
image/gif 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ANBnXXSX7MgThNIfI787uagycgivUnotbeYPPlEGhf6nLMUPksM4F0FCjFHhZR9jajGDnsrHEUholEyl2namrDysezZMGrTWmTVtrCpx5eCJJhS_TU4yfExG_NK3QX010n9vK3O8naUZK_QVz12yEVS67zGQ&dbm_d=AKAmf-D_qU2RxC_XzD5_UVGEUxZvWcRwRYp94Mt3zwOBuuGoLsKa4mcYhNk0tbBu9NvyHbFgTeqDMImzK281n6kHuyt6NlBm0sxFv7cduiWFt7MacYHODJo21QgmKgGAghNlssHgVoBqitLKmavbDjqjQZ3ZkxZb6KcBpzlGudJA6f_37CBa87fsMkWSM2kYMo3MSpC0vgVl2FfeF8VaH8cr0PcPv71lMoxYnU8Qt0HaHPl61cqm9TivonIpg6RbDkj9eix18_jRSr1YUb_aG283gqals6KHVE3D5G7iPYhIAjL5I2s20zUupWSowsRcyX06FhLyJ4VZK8-JRBMkmnJPVLdLiX-wRyiX3s0_43444q1JdOX0MVsD7inA84tllnHPIBBEshOT1410Y05_ylJ4MIuvLOIzQs4bIwmbmoV0szxXyYWxmH_JjwGeOsUP28lz8H2rRtD5YunA0ObGIlWik2NBJG7-Ie6_sYI5CuWzY5o3JxH5zE_8F7mu9K6Qr3y-zFY2cIR-Qr6FrbAYACbW18fPRvaEXl6zSoVxrqIh3uTFtpzjL2yvdLlibb5IifeGQqPx81S0xZLofzQZZu0pzI0F1iX0XEm_wnsVpf1OwOiH_eZBqEO5i-RofqmEh7P57UrUOqOc5kFQMbTSsLLeKuk0i4sS3_QZlmfJ4QqoW76MhTMgi_9mR5yG40LPpZQUNUeYBulZtpkt2T-oBI94osJ-4Gtv2DEPhwB5JXsDcmNG5maAZUK-uIc06s7rJskeP96fi50mbTx7D0tsxAKXgKeoZzBKJ1tSMTQJo0nexHI424ImMh80b6IknI820N_e1CuxolQI5wmcg40aLwMvKx26Uuz-HENF6UF_IR_IvtA3YPMyN6uGefE1Y-0ji5AuPtZCxOoOACiw2R71Nt_m-L-zxGC52_rLdXZR6IQASILDpJm-beQe-YsTdbOnhDsD70PgZYbbHwxccDT0FPYSotfVUm-RQYMNeoYHX2u0sto1LL_O1PcxK10TGZlOX41n4_j8v5hT2LZ93KzS66YkGMxk99VeeuJFxsti0MMfyNwwsUpS494rPQh1xu3RnAPCkhqBX7WLjJQIQ3Ci7FzFKvuNCnKxCRZTCmab65nMBZzFOnkatiwiwEh5lriyiq3YdyZ9kyhL8TV558MHIzVpf9SxIamQJS0KnSOmr0vyhGzYBMtbsuEkrbCr7Nj62_SXzyXDCpTKhzZkG8C25gao-WhdCEmWscqUmJelh8g7YZsxaUM6wuVFnWZ-U4KwcoNPapCQd4Jzs8uRxtDHQJoVJJEQWXA74HUXi06B7l64vpYNs1fZb2TC6OBSKhIm1x4DrjV3c4NoN3tuerHJuq07msUKcayte9e4Oe7ACY0iJ_4gpOdJyD91LxdXZHQL5lv7RmqulUnMJTRSh_S7o8u8RAPwaOThCjgIGAylyQlRzA2LiTUnkje6VfpyueWv-pgoNlcoNsh8mL0LXIGUQ-cOLsj_LHu17yoW9hFV92F3KJ74qGvv6jTFAjbVSSnhXUWCmLizIJ6sOAAruElGEO7-T4Cxf25yAZsBcpRb7L5CY7fT3IaHsC3t7d7sn0MoA-Ev_U9jbAnjyPi6ii41w5mjSDc49TKJ7xWt9d_Ou-z6aXaq8m-1FTbr8Mqpzcd_uafoTdltYFi_0WJZ9WWVPSO9muGY_oW1Ls0cnmBDyrNzIvb3bNm3iFgLsjs_bUhdT6_Q8Cwf9umS3SnmMqQETo2kS2fwVNInKCmKjMFTT22AOTo4SggW8njCCLnJcjulUHMAwVpKlR19aXIL64xFoiMEXToU73bYFWNjLoZL4fLoJqloQP_CBM230Ny6HzGCAG0XIiapRPzuFEdduypug8LGGJXQdht0DrnMpaktvPofyK_yFfL6Mjcp4MA4ABh7voIZ_dWmJdwuEva2rjyfYRs5i7rzLs1R9z0-yUihi3WPGpvUtsbeId9dhIU8FI609kMYTm5IqJ9QZO96jnB2odP_-8sR1oUilX8H5VL8udWFE9D4fi_gwHoK4k89XyJObKs4JBG1px515sK5mpeKoWJ03FgVSg1TANmkk2-Q-r6qrfNsHHN8uH6f4-0V6XpTlC2GIWbHaa5NFKe-ayD58EPREj9JqPxxhEtzzKiP3GI-AEYLaR3nW2IfgEKkEX1erDCnrOM3e4QfDXGV_hjPZXV_mTqaB32owAi_gs26DICqHW2IfQSaWOyuN4YyPk6BsNONK-DYAxB3irx-hqVf8WGd5oeKo7NtJjhPxxY8BxbD-ntdv6q_0jeecLyVjGdZNkrbor4-T7cqtX2xT5LV_QG_6vQGsiyCzKv0k0MJzFD3Uw4kkSam4QETpeHSfR-F4b7geRRQme6XI246H64c0pRxwDAJIMWoNlJiGo_qhrRf8_WwDa6CYVBu2Q6i22hThG8uhUE-A9_wbc13gLFU1mQdmVR_zqL4upx8YL0Z-26E5CIjfiJpg4xKp9bnMAECPsIOJHw2sZdcDJ2CcXlX8D1YbY_VJ8aLofnmJRWS7STm_hqixF8St5SDeGqLzl_r3uSv_YgDG6gR9FnSQU9OVm58Mr6R6EJgVjpjg1oLGDYhOPsm86mSFgR3qjd71nTNwJd2d87b17M8Ot_2rGtbX4ILW-mluAbvrF6AJWG72XFEyIT81BYl7q9DF7ZUEEw8DbdNgTxLipMPuiGQcjRVhp7S9VR7RFvPSGt6SP3UoXDgqqU7QGnzcXsbksW5QyeKxDKGBO62iilFOiden87XZs7TRlwOJfDQFzrX8yooRxoLJxo0afeRA-zphzG-yFmb36_eJ5bKq1iLRhbLBBL_L14ZOduSPAtHqTg5LRxKo6hBee1NUMbebD86fXiBAUQDDesXyN-bL-5KLXUMUfmM1PvsksOcKr4vPNaipo4DvadkGaq-T3UebFHfDgcLnAmYBYHAWQVZgO4aBkR-3dekjjBSFk5XEwlhyodVa0TufQPSRclNQR9-p03Ljoqh315Pl3JATEF4fHbkoWeVWfOf8cSBuw6ZfK19tmKaEtmVlH7NNKsZgyiBvOMMk22voOI1ZgTu0EmmowGRFRjPK-TPdqYB3sfvHCiZ2kqFnpANuhfjgoj33d7z39Oi_OGekATCsnh8DjgnKbCmJrtJ3MZpwAO6UQJeKF_PTNnSgjlkH_e76Ndi9x2nIJgC3Kgl-_Ldk0Ix2XRZu6r3bR2lZtA0BdE2yZ78dFR3Kig0_QTNpR8x1u5vQMrf9OJqS0SferkYA_eR73nlWvjKVSj2yom-xgVaBp3KTrePc-8pUy-B1seNYlf8l-muHuVo7f8iWOYKHrrmRMF1PonlnTZs2hcAlhGkVoA-Z-whOGfWFwBOZQH_ciAZZFbWgazF64i0JYsQQtjF5BO3MqhFZzja7aURI24PpUIY9b163NpXIQkSoJq2XhkW7WDDGpidqf9j1JXWLdXlg3UJVF_MVuY_SEY6fsHQZ9uYGNozfL9qcGrzzQdm6bTJJVG5EoBgpq5Ac1DJgKy-hK0y0vcVjKOr0j_j6SYrE8ej1Xwoxw&cid=CAQSOwBygQiDB5dlzyhT66Rq2upMnc29qnNtoAjz6BD1aKjOuxI7jhHKpCm7Dz7ZxWryoTpDPc5As19v6vwlGAE&dc_exteid=31096423066823158283416253910701217&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 7B5C 170 KB
59 KB 65ms
7ms Script
text/javascript 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Origin: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50146
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 07:18:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/elements/html/ Frame 7B5C 11 KB
4 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeY00rEvFJ7ApLU4DrqMc6gc7URvsxPAIj9RywpnFcv_70yLr0ZT55H31dAS6qxQOZeBTZllWPC_uQH92UVayzzT7XBPx1ACTsbFgUlzOraC5KzoY&cry=1&dbm_d=AKAmf-BWbzDPHGP33GL_rP3nhPs-7vY8BoA2b_mWE_vAm7tiBABv9IvPPtePtLuJD41eLE3QIYVEpULzj5P21CLb4dRQFoZQyJ7cLu4qWrjHJVMoD_RCtaH6MmJOouZm8wyl9MCJTaGhUpdl4QLpqN3eS1D1lT33s5EpnehXXpAaQjaQkyIed11M5evop4nlsIA4g2ad6mcLfw13JeV3WeuRnR0r74Ae7uuIMfHSkdc_lTzMgF0dyEWAAGFwlmFjHyykAhEzdhaHw4ZwsGRuBXpCTcJuqtW4WVc4WEh4pSxdaMhANm-R59F65TuNeDT_8SLqLlhbHFPfwRl5Rwn55FiOGGEBmQ4qOJXosTLxbuxP2KaPzrHyRuRSceI_VSdCHMvhjTNbFp4xDSIBsqXa07K4tpvbW7b_PCaekodqAmtpL_Y1gGX0CH2PK6xOrH01hDkqVD2rao_vE_EjfjUz4f8--hFlNGRODYk-yj0JBv-PKX4j4blaold8Cpwyt3a_XpxBV1nH0EW9mZSeCGKKkpxfe7EH3_4cDfwgBSVW7lLlBAQk5X43Ycih8WHjNmte6MU3Z1e4ePozJ-6DvgV6eBkmzmNUR69LsER_-wSLHfYxlbdHrFaGZEoJSTqVK0B2lvQojferg4m8nMA52-6tOuViqs-8NRMuPY5W2GOAfxii5r9F1Mg_6AGEugsG9YGSrZFjhmsfBBf9vWj4pOwrEkK2a_kPS2Uvz7CORrULZoEJ-PpvB2aTHxZURErBikXxE7uYCu38aCQkIH6fDHFtvzDrqfPyhIKmFLNE6WEiHZO_SIk7sOlQuvbOJ3yamortikuNLVXeCYDstLJpGgV6jZ7499Nn6oqnma5vYO6cqh_GwuJxNylvXrWazc7nYJYYQOwb3-M16XKhPZvcGj6ig5V3l_C2t4dVLpiqAYLk9aI88S6SJBi6wVFIgX7rRWjuSric-2LyqnNvOgi9McWCbgcl35e5Z62Voo16Vlhqrr_htfPzdYTrV0SEqKsKP9iKcj3LwIYM71TtGIjiT-ydjDRK7vPLYQQcTQ6a3Y63Ceyrr9trstkvunCv5oF8OeHS6z-Wh3Pb3m0jm5YqWWVBJG_wn3C7Yn4rmQ_WRh1oyXet9jozC9i1GRJzohvCgdJseNL4VwBP2EBssCsznbENcSwedu1Bz0N_9MjD7U-b5xWd1a-PU_g_T9yIaGhnAJOmw9fh1v7UgvriUA530shI81mVJp_Uo4fjHi-CcD7iQBdiUiF46R19EggNOTClM-gNrYnWjgy5UBRIbz-xKbAalTlHV1wZH3VSpamZlarfh9j5BnZM3xHl_MY7GwdbKfafD1KQ8rMJ3Xsm4IdTynBZE-tIL70o7uLauijE0myrIuv2olKsSK5qtsbAnLOBV2LMDlEVG8MfRe3pIPCim8X71XJJSmkfe_4oZAceorEVGk-Ex90inCfXqa0NqZJZvdtOsKp1vRf1aGZd1tV67dTKOkWDcpkeMzIbjSMNiDrszfO8tF3zevWGdAEKo9HT_ki5D-eWjJECT9IfqJBzD4oGmV7icqSEFz50iWoyjICK-f3SVCoKWiwoTF-fe5aiEn5spR377mqnEPMzDhNBb2oZYu4MPMHXOd06NGbf-0Usm8aMkLmvp4UW5Xy1J5_Weg-EVv1lwHGR2uVygBmNQDDoIYcLgCoYz8mEE_yV9fzOjL4YhCg2ki0HcmZiULib9mKlLsKKn5imoYx2TyYLwW9KRVuH1WGhM9J7gUNcbIb1hvS4PaBUjXlwiibrFffD_lw9zJ-3H80cI6yIsJSWp9Q-KzxtU9qkIvWVmOYoAzGVqc9TGv05bRcKoD4VBTQZi3qX0hW0FUsaiYonDR8eXcLwDZJwoa4VY7ZHAR6Qz7kKt157YoK5fRWnP8vVHk_rjHR7PueAJRKOWLSyrvtpaPCXm0sPtw-y7ZLSlnwmoHCNIsWRBt1yeUxsbWqg_sDLA-f7Bq9Qn6K4NYeQ3x4CYVttHTGGD6eC0ahiRsWThuCzd_uPSxB5mQa_Q_oJJO424QYsj39vn-bl_bambWIAh4Zv6YsmcHWSRhkcYCUKxxKkb1FUKMZC0vXi53nX5-BMsXDHqZ2wXywcl8mDHR21h3j7lccAL_MCn6TtoO5IOH3Hafz4BLNt432P17hCCme02abQYnDDt0vbbK-dU3STM9b4VL6z3_LD9s1T5NNZ9Zur5uzquO8SHUxBxZLHVlnjc7VpncGv9gdyuqj7JGdAUze7Me3IFQ3CI64v0IWdWXzfduvLd11ZebCGqW6LWrTnjs5NxVHOZE3kazOzRbNuR3KD1RG-p0cyIrBpkrU_WuZqkEDAfygvr50wOqvUkFAEZ-2P9G7v6HMcEls27xAjKla4b2jKSyiXKBBew-twPXSeSWABGMIkIXQaoIe8X1WpNuKLljvXlhRNOBX-Elc1ASFtTAc6oTPDtyyEoafbGdu364jIsIyPfaB3XdLvVZVwDDMFWzsEPyK_EHQfo201Eo3tEtQib3V_Ldkoq5-hPe3WSJoBdJR-2CzS_dK9H_0K4uO0RdcWf1APHDXB8NLmuA8CEo-YrfkAVX1FhfuGYHjDzn5XhLWPfBDrJ2VyI7vEOXnfqAHuhE7geZ33qi43rrngquVOTyJM_URlwJP3SSvFTuGjZ0gSXzrZioix9cCy4fssaabP5FuMnDToWeyZXS3kRBHw6yWt-m86h_MVqp8e4jgkcVtKLKv-AJMJMWY-tpszj8X9C5g1_1n-y_fqql1k_95thlz4rHmsthRnwQf1xIyhNjEIe5cKR_rv6o9Nw4kHWaVyN5uwO82XTIMt5bXA5qj6cJmChSfQZuVU2PDKSMr6qxR-2XjJHvY6oX_x6L3DknXOnNIN4ZGV8BBYfs3z0XLCmvf_YAExrft-gtIJwAfJhHkRNqJP6ynaHJCkK3XlFvPPVqwAey-TNyotE00K0B3zWol0Xu492sNMXB57axRJb_fGOPVL_gScZX4ERUwWR8qWh5A46_vM5ZxtClN51h5MUyZAZAGsleFL7BslP-218qwlWpYBUnnVufBQpRHGApoPD2E-I37GPVY_hxGoZJMlMwfwD__RP2oZnvhK0qXX2p_pvTmZEULYSLXjClEw1emUpUoI-6RaZCB-AbKBluKuHEDvENkrOf1v8kSb5V2hxBf-tJDF6XnALd7b5007RULCF0fL89jsVzTWpxjYrH19ZPnmIKdPKKtKs4kJ59OfyPd5tODb7zQlX10PgeqJgy_tg0BNjMOWFFJjbfMHZUdFjzTRARJ8O-mAvdXwgh3g0x_jlf72IIgQKkVrKJTHQl-MppOxXpkCV5c_N93ttGlIPZ4Y3tNVdFXLOCmrx8AMWdBw6Yqw7ijbKx3GHYKYHjOlAqZj_x71WWPnhFu6-nojegPqm_pTWwCbLYWV846LTJSfmY4gdpC1z2ltRQaCKlinY1NTFiUdMXxRXCKiLzXRgUVYgtxSNStROElDOdZRA_3SomEaIPgTtcKDkDvlOC3WeQ7RxRGfVrMg0NbxGqNqIa_Mwi62FflcXiqlaGV7KFijiQ9_SPhiNX-_w4k3V4jpCrYZ5VqrRWoDSss5ABUVo8ooO7BpnKP4q2okj3Qc-rTBRgKcMLjJrA7cq5hbYAbbRSdh72go01q-UbOZGwbs_IrbMbd7VA&cid=CAQSOwBygQiD5lOT7iF7pkBy0Yo6kNHwXSRm2RSQdlvKwX_vdon9Kkep3YwHNF5bw_6gBYv-BxZvtjFUcL3hGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=3822053559052326000&adk=3887872403&idt=40&cac=0&dtd=52

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ae8017866a6744d35f26aa9da389e9771d40bcae3ee65df4c1b5e16e57b09fda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 14:12:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 6053914914909336730
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 14:12:27 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/ Frame 7B5C 29 KB
11 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a91fca903f7f2a3d051f657b5b25baed4e99b6c1e51bfee63737f73ff54f2b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:43:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1849
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11027
x-xss-protection: 0
server: cafe
etag: 5492578185836041520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:43:43 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7B5C 41 KB
15 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 18:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10156
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Jun 2024 18:25:16 GMT

POST
H/1.1 200
OK postback Show response
s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/ Frame 0874 0
145 B 141ms
36ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/postback?oz_pl=1&dt=9484611597092707615000&sr=GOOGLE_CONTENTNETWORK&pi=XRzobPsLhV&pd=avt&di=https%3A%2F%2Fye-mek.net&ap=&to=3&pp=ye-mek.net&ti=&md=1&dm=728x90&gt=DE&ci=948461&ui=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&de=2&si=&ac=Xmwo1n97Q8&psv=2.94.1&_x=1
Requested by: Host: s.h.w55c.net
URL: https://s.h.w55c.net/2/948461/analytics.js?dt=9484611597092707615000&pd=avt&di=https%3A%2F%2Fye-mek.net&ui=&ap=&sr=GOOGLE_CONTENTNETWORK&pp=ye-mek.net&ti=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&to=3&de=2&md=1&si=&dm=728x90&pi=XRzobPsLhV&gt=DE&ac=Xmwo1n97Q8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Jun 2023 21:14:31 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.h.w55c.net/2/2.94.1/ Frame 0874 180 KB
55 KB 38ms
35ms Script
text/javascript 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.h.w55c.net/2/2.94.1/main.js

Requested by

Host: s.h.w55c.net
URL: https://s.h.w55c.net/2/948461/analytics.js?dt=9484611597092707615000&pd=avt&di=https%3A%2F%2Fye-mek.net&ui=&ap=&sr=GOOGLE_CONTENTNETWORK&pp=ye-mek.net&ti=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&to=3&de=2&md=1&si=&dm=728x90&pi=XRzobPsLhV&gt=DE&ac=Xmwo1n97Q8

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-131-238.eu-west-1.compute.amazonaws.com

Software

Resource Hash

1e3a7651e485bbd08be45c3794ce29db6668bd23f89ef0f62d86ac8f6488378e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Fri, 02 Jun 2023 21:14:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: br
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Timing-Allow-Origin: *
Content-Length: 55459
Expires: Mon, 08 Feb 2055 17:28:22 GMT

POST
H3 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame 2C1A 139 KB
41 KB 134ms
133ms XHR
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

c0fcb71f213c1aefb6bd2002a7d44c9f1b1ab89bf5e0a8fc3315841dd5f92591

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42377
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F87 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2354496716349&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F87 0
20 B 42ms
41ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2354496716349&version=m202301230201&ct=77&x=1&cor=17483446497696620000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9F87 15 KB
11 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ByV8Y0oe9nBicE6EgQynmiA7qWn2qp7yMT-hOO1BcJWa3NUuk766-wfFCKHVFmS2Jq0TIJjy_SZEZIWJsM5itfOdPMQlBjOP7pgNgvj-_O6fctUq5L0oCp_YPLII_uHqL3RkO8miPPScfRe2N00mGgbt7b8pDFy2mZpA8_PIlMXkP0aKY&cry=1&dbm_d=AKAmf-DX3yKmCjztsUm-97WWtCTaMLPtyFwT9neCLL_pEo37jTIjayEw0UbahPqbPTDOqRCYbqsLOA7jWlrpNWFdJrqdAcK3PJUPvsSklamrp6iRhG3dXju2w4YxjAH3vtFad0AZiWYt1Sk6C1icr5EmUGgSdzKBVscpKBn4RCJoDpFfEIEb9Qm0qrhEursedRZmY1UN3hr7eVXmGJp-YDvKT66ay8smdUUOARqw5d_RA3ka5_o3TPEBKnvECeMRMLzghJwU5zrsSwcnC8mZfwvRr7EvuKubwmPnIOq5afzAYc1a4dnvfE4fw6VPnB3lDCMZcijtGcgO-gNqyRklwloWs1dvyD7-R22JZh9s1eJqnuH_oSZ0lRQt-X77xAn1g46D3gJoyp5aWJfP7Ut_6Aje9bkhIHYOE0vF3Hk66svyQQJsLqJ8vDf9OLcV_51xZPw-yJPZsFW82qVDchr7liYp-YMpm8NKIUxpaHO3tSFJDPqbSUNncvcLzoaBA4yE6Em_o34eX9nHob3T-eV2vH2nT7d6I20zErHDpm4LqNz1ErcR8xx5E0vzLLUJ4faP1iQh4MITnG0M87ZoJhWBVWiGMo-KDvNpFzcn6i7CD-7wrjLAJV6-x9aAUhwzbZ15qL8znv6qW5naW1sYWitr_kDR9chlP8uaUMu1C5EQqrHciwWhr8yBOdpRHjQukSK_34xMKKpGEdaDKhpnYoyk__UsHILeJuMDbnQP84DegwF_mnl7Poq-mSqZOpAxDRdhPuPi2sMZJlicjqwT7MTfRQaPmykN6g1TDxTYMD_4txOavQfMnun7NthLsXrprrQNXg36tBXI1JzqFQuHClIqTbmbRZHlq8ITZNwavZtjxXCaWryAmxnJ4pEE2xqgPxcKsw_7zCDYwFy_pE1lvltd9aPCb4VVZEmYeGYIxhso0l5d05MU1PS4ZPO7bVBnZK-1aEcNEzuAhDJ1oVgwnFzDUmD661ljT2mojofPEA_XsQoAfj7mVJiMtft9AvwxWibkBNzzwKDb_4GNbf23Prk8gVUDtIxzW7JaeSYyYoYYHJU48g39cF9JceFDJdT-I1mCxr1SeqUsE95K_zzAmDnbq523TTaby9PlE9ruKBEvH3Z9nK1HZXDs7YhPRUXF8R6DwZh_-8X2CA_wTEZhh08jezGnyc_pual79kUAGaFSm63q8aMBL99D0yVZY-4PF8w7MH7x65IMETeF1lO_konl8aXE8YZyYuqY1goFAJvdTfZNKZWikdEUZNsK6h40J_mC4rooR_0rMnGu-hqDPYn3pylY0670ZpZ2o31un96ULojGX6kyHS3iZXcJfGD3T1G0U3Vsh3_wj-pJQN_6bsRQloRMdbcNjtCgRd8xlpDkU-S0d-BqLHjJslfvHLaMWnY0avnPwq1276raVrhVQrrTBm-Bz7qqBK-6Wn4Vcj2928ITVhC-LTRlzKLLCEj3-mQUrfGDeQc9stdtKt2p9nLpyvWVmXp8-cXiC2mass5rvX5OEbVs88rsrfOv8_sBYPJ62BdkdTh4_2lCAMWo-1dSvCmKnVnRE6B3QljU8gTUQqMzKTm8xmJbEKdX4vtpLAB84oPobp_zPi-kwaoC2Citk4sbl8ELrIejD1Lx84wXbgqiwPRbSy7WXdvl4ak03MWj-Fdp9HpNAB1cerkImEYmz6pxks7qjOe6do-9c3ZWU2B5IoaXUeEDfuv02L4tlq-etv_SvC3h9DKywcngkEbTeHwZ_hM7azzj38Ag2t_-4pzi1cmvBySeCkmGFkylAeOQbYPWXAA12ftX9vTQxGYUa6wUhjzuWn0UQ4oDdCAlsMjzdqSpGzEVoEt6dDLC7yvrax9ck4D35NvrFa9F2ms68ghPK_ZHE_JKxGNLccHdZZ0swpsQWx6ujP-fb3L472IPg0wKUUTbuq6XyUMHCXAFx0cEnToglzwzOKKTtnfVZsptaXNxsjupn1miklvSDKKpPq6EIQ_s8GnuChenu-8nYxL8VQ8hKvEJUl5SYiIGyvdWHecjH1Em5JSIYoCyYmJmDqUJK_5bmj9P7bAOIbhdVHKbC4UmurtCPO4L1hzY9SwoRM5kecw2t-r2MWBoQ1i7jW0Uc9FH9X874wpBCG-ikyLOLCUgIqIqpkDGhnxVhpvLm4ZwPLO7dqs7Rdm-djLXIq9V-d37JL7QoFpKuOTG4xKiB34RZA0WbW-Cl7Db63ozm259TBg5ykM2uth73E7eTUYRKU0GqzAfUZE48QZBhEEiUGJJtbWGALyVbDm_2PQHfbNyPZh8qrTPFN-dQb5-fo5LKBabKaxP81ivQ0pXEHDetKQBP9PIQYbk4Ts1EIw--tmvaosmSbJ-2c-BMcNGYM95G5P_duEc83KvT-wFZE9ygAgk66oZ5HrrH59_L6sWkTefbtSGg-_3tEgDxuaVWWJLMdV7G9CNdnEqwwCEYYaeu66VtXli5FWnUO2KkR99ImptXVSdcPR8c-p7TxFtHiWXbxqmkbqtYWebKtZ3KePGSCCt3M2YvrdLGWb8o42RgBDyH7c-opqXiG2yf6ncGYxqydTc6xZoAtUk0SbgaX9b5IDwmCJv36dplWYcFco2KE2WZQe9kVRlscQP8gqEFbSkxr416rBXWcs5oMbMTUp61mzelo59583Z2Tb1rKbClbunDyt-OZUiRS2d4lBKXtshTunFD-jDuxZuuh0NpZENXTAZb1LL-YW7iDv1USCI6w7WHVKKAVX0QzmZyVhpuDfuN-9K-gjWUgtrLxaB6v-GQ46GBKqdSZe1qNTgkoOgJR3faHph1Fn34dOPZjz61UXqBHLByUFUWYDlyuPJb0je6uCYKYVrg_RqhH2GnU_WQGtiwbnwqTXHgWpThltJJcy261VjCOVTtiv0RE5VkPj-DEK_cLvk45_fY0FV1GByq5nEia8Frr9LyfTwsEO8GYyvWKrToSn3vokT4DyHU83c6aJNRGQ4TYqoHbZ80vi05TEpHX_8VBeiDSIftbGTjc2LQephRveQcSet2O9TyQDkuyQ282e7rGIYz_dhAIzqllI_2qzFsAkewYCbry8JXN0ccHNXGSCZSyubh_V-24sPU1nJwdaMBs2teHwkvgEDxHVYbImKyXX9rs79ZlMHFCpgq6w-j-_I6hEZzf1_JRyiUP2m0r-DKq0IPG4p2zYkrzio7P2XyEd51aeSKBbPAuA2lVHl-iCfuz6npc61jFs5pJ5lV6pGh_D9Wfa6cQdio2fHqBF6i63G0VmeFKw-1Fls49iiDR-sgtcGPNqiSs7ptlgt37KgPkYSiLPKrvIHQhREgOOrXrTV515AF8-VY6DV0ZGrf0-Hglt7_RTGxa4CsaYOAKmayhEs5PDTgdAmKFZBOcUTR4HeNt-Ya5rgsxDvE5rAFjmcaARachtVpcvdWpX0DZtjf-vdVDTAJlHKJGunX8xDljLQNCbvZtr6yb7BREfC03v9&cid=CAQSOwBygQiD1hMyPuGUEerF3iX0Ase6qRart9We8W08OYNH6h9rgW5Is5rykFNwK8zmUQf2pm12gghsxu99GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17483446497696620000&adk=3587751834&idt=39&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

df6e7e11a982b4d3dccfad68c43cc7fb11ee43b40932fdefadbe80ccedbc382a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11466
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F8D9 0
0 60ms
45ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv30RgruTMhL6qOlwKBr4KurZzvLCsEbFeZLjS0Yk5gesVZBJ5mFSWKx-tsnU7kuCQpCXL4QEq2HTpOqArJppsqKNnz24tqbFn_4x1xZ4WK1Uxc9DQuB-fmJ48Y-ZI5HygVaVRod5ZaNSwHRHJP9QavapcKX2RnHBw_2s9UHw1LYqj2LhsdGCysGnD-TaV0sf3NTrU2u7TOpYF_p2jQVVrR-TYYzEhJ4cWiCN8cUvIOPGbgwIEV6PQPgPHy_ieT5CJZ0_WAsPToURe5VW_UIbUNMoiMUlIVHaEqfXXP0w3f0b3RTIFqYWKq6UZMsZZOi4B3nE9L6fMXws5aMQryxA&sai=AMfl-YTqniUgIpySMBNq72-u6JAkAaJyAH3_PJ8Up9BFqXNjUuIpBIqsZyQ--Uj0UzPtQF0FakgzHVg8oW2ZfZml3kQ73TMOMjR9LbpRnv4Drbmg9OTG-GaIR9C5LNeGUw&sig=Cg0ArKJSzLe6oBePlU4MEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
DATA 200
OK truncated
/ Frame F8D9 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6ee97c2eaf0d6588184e68b7b2adcd4614bc94ce8ffa1b5f75d7264fca5e844b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 9EC0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEI6zdXB_9i4cqAjtLmPoAn8&google_cver=1

43 B
163 B

356ms
22ms

Image
image/gif

185.86.138.154

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEI6zdXB_9i4cqAjtLmPoAn8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNW4ZzOUlQaIPiUca1uR7_vVss9RBNcGSvwIBAk9MtULvtw7Jdx7TS43YtecLxh5j8-JUY5SGmu6UNvAwuU0a0wH0H3GiVgkw34Cvc2BLxc4ifaIUQ-GnoR05Rd1IBomRZa2oExlXqLrt6l8cn119OF84Cfti1nBy19Hhyr00UUh9pyaeYU
Protocol: HTTP/1.1
Server: 185.86.138.154 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEI6zdXB_9i4cqAjtLmPoAn8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 9EC0 43 B
163 B 465ms
20ms Image
image/gif 185.86.138.154

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNW4ZzOUlQaIPiUca1uR7_vVss9RBNcGSvwIBAk9MtULvtw7Jdx7TS43YtecLxh5j8-JUY5SGmu6UNvAwuU0a0wH0H3GiVgkw34Cvc2BLxc4ifaIUQ-GnoR05Rd1IBomRZa2oExlXqLrt6l8cn119OF84Cfti1nBy19Hhyr00UUh9pyaeYU
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.154 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 568D 0
0 50ms
50ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cs4Ndt1t6ZJfPO4fK1fAPjvmB4AKR0ejlb6272IqPEaSFk8CwARABIMCygmtgleKQgqAHoAHTqd35AsgBBqkCMJphcXP3sT6oAwGqBP4BT9BvasUZ1fxvvtQv9fs9bxuoUctixWm0Nr_sottKcsHkBc9t9QLMKr30AUXXJHPFq9_Opx1nMZSuf9GN5ExxttpVghKjrD24U0SDzKXHo-h5-nkFKkNdo393n2iPSvoKeQDAKgdNxmjUBdn7LNCpsWX5Or5u_3SwEikyHCVcwf-cv50-Wi5la4sMksf2KnBuAiEbPfGERqSXmdUhqOZLw4m6FhFw4hmS1rkRUiZ4XOA5bsn2INnxBogJ9UzB81w5grre-dG4U5RxvhFgpjpDKlYC_tgNr-zMkLK_3oaKhPVaIZPqEJxAnGnVSEkTHAzRYgAZbFuYiZuECMvBfx3ABIGjvtKjBOAEA4gFuveblUqSBQYIGxACGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB5XWooYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwoQnKcMGMPW6eUB0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA8gLAbATgPW-E8gTm-2O4gPQEwDYEw2IFALYFAHQFQGAFwGyFx4KHAgAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBjqwW0&sigh=l9Q-t2UT1XU&uach_m=[UACH]&cid=CAQSOwBygQiDB5dlzyhT66Rq2upMnc29qnNtoAjz6BD1aKjOuxI7jhHKpCm7Dz7ZxWryoTpDPc5As19v6vwlGAE&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C5A1 1 KB
643 B 32ms
6ms Document
text/html 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 20:07:02 GMT
etag: 48472445140208031
expires: Sat, 03 Jun 2023 20:07:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7B5C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed8ef8c6815f4d70b635a82732e8a6d28fdc859581f2af9120b5dae088d98b3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6606 0
20 B 48ms
48ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5230743756536&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6606 0
20 B 48ms
47ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5230743756536&version=m202301230201&ct=76&x=1&cor=6173311438854368000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6606 15 KB
11 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BwNPIDMzK9R83QipfKSj5s2CFyFFJGXNYs00vktCTxVg2LZglaJ9iMTDp9_kN7bbYaI5Cv46Y9nU7bxtGTVoOhRP3W_stzVgz02HguRwPTmt0MiSUNy-nnuc7S6JFxuuhnMl9O6NLBXsXyfUIi3Uh5Mov-ALIp0tNLKi6VvTdeA24DiRM&cry=1&dbm_d=AKAmf-BfCtOduF8tz6t065lYFBMIK0FnFbvs9tVg5Q71lHM7XGXTorvBqZG_8nm3w0O6FmprL_wQWPkVr8K2kGc0VQJPTsXH05msuKLyeGIf5_mgExiSDpnUSHfKA_AyJN3mZSblJpAa3m_EwQL_PSyTkgQpKx4wnYLYeor9pmRRRKSAgPn8iDkazIJRonD_EuJ8AwE-AEhVR45up7xaG3wjjpJ7XDlUH7yPTRiFj8gB_hY-gL8QRQdMjeVgrCCdpa1CxAdDAogy3eKvlcA7I03T9n4DNvYYJWZuZlzdtMKUO18WWeVEKcIvOSEj_E8p2Y1E_6-Bgps9c2YfqYTdRok0WxCtDi_wulPpqRyRdxuXoEkyvZMu4CxnVR_guUGnBuJKJSQ6eFiqShV353mWf5H3sZPd1hRcI0dnEnlgqYVq6KvmHyXbX6Umk5Ogw1IHqBBO5sAuW5qE5QGr0CD_8dOq6D3GYDQx_AApvaedc_FGStcYVTSq7lN1xy7pNRBRTDNFl0J1j3MQO0jo3pS4Zj7X41wNewUns98-qH-PO5NNQTAe5cnK7xHaOT7rI80iWXd4AQhHxn3agIP7tIQ15k0ONXQOj1yxNNdBdRjogbKLK5TJM4sQfNSbvPDqVb6IyZAJSTT1UlWho9AmcgF__acaj8uDKiOBEKf6K6NC0VzMRrkfOeF7dN70K1MJP40yOBqS3m-Ik99v28FCmcDEscfWopkftk2v8dmWGYpr82aD2kX1QddakicJjxxtb32GcPc9-SmshZtYDWSklub8B65VWxEFGxJBT3-4o7r1q-AsRjPtvd3A2qzOIR4q0OnyOdTmY7mHOKoqcMRnwBVYAqWn26setmGokwWFrL8sHkt5bxuWRuAcaCpI5ZXRHDw-rUPM6VYfXJzJNCM4j-ZQX0mZIMXM8fHLEIr1vTaeQgTgr8eqFV43ygJxfb1k279Imt_Lyv9BpRKdAqONxV50K4BDyvXntLNidOBPXV5h6x8cfx_qO-amM2PcLmRjSwnBZKX1-siafZnuH-Xts1vppCRvYK9jDOyTkHLjMymUyjI7jtGvA8A5xheJd2ZD6mbgTPeJTalzNENU3Kc55FwCzEIN-JcpWeRlSopuoNdV-r_k-6kG50KTzUBPAjOStTqyuFy4laPmocDcbDWj_zggSaOvVXSiRP7tPcC8RcnwHQCUBKd2iaOE3K4tB-Wf0rRvZtRikh3G-qtfz9JURs9FDia6v3zdY4mgmMxIEVaLbCyzS8krfYfjHZ7fl1ofLdkAPWNZLj7RGDEuORz4S3KrIsTjBspwlP8rjPnprf0QeycdAQBLUKmsxW9cGz_Dh3kLAnO2qzDf8KQbrcAouW70FcnffQvOabemnvqZcJDgonnNAVFV0YaXc0P3yFaiOk2VI8Q2ccEDGLx-1A1LrhTqg59VUQKhrfsRMyqRw8WSHsEAJTGeikJAOWFaHxg8AKAr3zBx_6I9vxuS6lGrFL6kk-NHPv3CdPk2OLtu6z19nLNmS8zTyxUAhHO5IGW4Bbc7Egua8vonpYHxOJYOp75AMsgPD6g9LMoL2_-QHOKB9XsyVcitj1JcPTX5wXmrhaFhc6wVgZtLL_x-xYkSTKOXu8XyHc6E6536nzgt88GShNKWW1NkeXgV0ygcwSJpeyyhznKJVJxfE9cSkbzlbdzhDM7XOdwZt6cVmdqnSVOAkT5YK6wz_UehmNHBtqenVREC_468_4sT2GxfRAF1U-LMFY1aMt_0RgWSRKoKBFiFdl3w2HoQXmMk8X5EKi0TOt4UZVZThQZwLd-e0iFgyXZh4RLcBIdTftJHv01pUbhhIVSZYfxcx4BSeKALyWNGhwxXdzg5ERWa3D2OUGqE0IhGi46adBPWdcZd9zjEztxdQu_xnQRi4LlMcIHU0PTiZ6JSWPfxWAr6v8ZjYr4Eth1kMuvLZXkfl3Pk0-gmgNh8uItoRfjIaX3g-R_IQqI6zzCs7UKBONhhjtWdJt5mcTXGVAmBp2eiN_3h8QBWWfwVsOL5tuhlGPz2kwYoF5JftBUvAoUQrRGKto0Qbn1zcJkTtCysf-VEgRSu3slGv_n8wYE8HxdNRhUK1NibjGI-DyIdOfbVf_YhCwBxPLAlcIK5AvbCIkLthrsgvTiKieDTb8ohYwSd0mxzsPgpwUWSfxNr0GG8YteTezTJjn_OoSvt0neIKydqzc58vFnWVNK5e5DugFO8BS2cPszUZ1D-FNLf37iC4jnhZv45DadcbFsKDLI4TzPwl1QQmfBHspttMfsbg0Q5WU2pwnbJsL0sTKkCdbaBcbiysah_vZ5zxGKXWbB3jq76ewYyrZK4CAxKYbdBsQ4NvenGmZOfWDZAmsXKs_shK_j6YZK8BSzYXnmGd3Lp6mT4Rnj_oysIYmG444RHfTP8s6IgcSnZRPblQNdcf8xUqgqLzbh0fZ3m7Eb8yM5KT3QjNRnwVxZ1Zzyw-DeMwMnoMjjAlVRHM1eByqPgOqievpKY6760FRVCIhIslRVb7KmxICNJb5I94ziiA9pZa3iS2ZQn2PpOpnN1ofao_0-h6jbU9qkekeRv6HwZ4Ax-YwAYSm5fw715BXuuxBrRiG8iFtFtiNsCi-qDNG8ldzxULNHZLpp7AMXSXLFnZ1pIpju1LIglawpvjckqLjNJg-zEPNiwd4vJwkUj4ywNUCb944eFD01D5X0qpniFbzoL1VtwvKgP1X6lU_FUdrfEPCDyaH2coXgSzA0q1eaQ810hADMKyXIU0lBTzO2h6ySVKt4_Fg8ymEUmjKGWpBVC-If8BsVaQMTObIaFTrIkTiscQAkudD11J-NAoauHB7dJLwVw1hQEnQlwdUKD1H6FzdKUDH-M6E6U-JHjCdoYpHTtvZFtUxWJ-ZhLFc3eCIeBA9lE88o7EgMIXMLw_x7shyty5t2y1Thc-RetQp2MJUKBFCZ_qxbvz_qFkrRn34neROEc8ipkXt_DwV3nAuppM-d0FUeWgNyBMJ6yh1X0pJdNIgwG0DKauNLl-l_CNtlc2e3fzYnFwcYn24fMfOI03OSIEg0oOymc59Xe3BjCyywc2m4nSDec_PSSr2sUOO_BdTpJFFZW68gU_7TlSuUq5hmCZN5YbkboPvroyD69vAfKSZgbW5mZytjPZky2wsJORc0XWxLCWw&cid=CAQSOwBygQiD_Onfb63ey70FI2e2ezKZyOxFRnop3SzoXX_igqA1c427VeHv1oaG4smWxW69MaM5PIP9pZicGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=6173311438854368000&adk=578009112&idt=35&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

1120ae16d59ffc52127907573aa69df91c7cbeb710d5e0a0004b050542d221a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame F8D9 0
947 B 7ms
7ms Ping
text/html 37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fye-mek.net%2F&e=wqT_3QLzBcjzAgAAAwDWAAUBCLe36aMGEMme4NKIscLiFRgAKjYJFOgTeZJ00T8RVdehmpKszT8ZAAABAgzwPyFVDRIAKREk9AICMQAAAEAzM8M_MKSE2wo4pRVA5R5IZVCposslWLqcjgFgAGiztyt4qIgGgAEBigEDVVNEkgEDRVVSmAGgAaAB2ASoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAuoQ4AKTnFvqAhNodHRwczovL3llLW1lay5uZXQvgAMAiAMBkAMAmAMXoAMBqgPnAQq_AWh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2dlbl8yMDQ_aWQ9YXdiaWQmYXdiaWRfYj1BS0FtZi1DWU9JcWlyeFhJbzJfMXZIOTUzbW5fRkd4QVMxMWdyMHh3SndXTFlBX2F5eTZ6UXhOX3licGtFd3lEQTAwdDJGSjlnS1FCbkFzUExRV3JwcXh2WHRJV1psZnFKUSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMxNTY4NjcwNTI3MjQ5NzE1MDE3Igg3ODgyNzgxNyoEMzk0McADrALIAwDYA_LZOOADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAwyMTcuNjQuMTUxLjeoBACyBBAIABABGKABINgEKAAwADgCuAQAwASPpqUiyAQA2gQCCAHgBAHwBKmiyyWIBQGYBQCgBaGdrsWc1YCZGcAFAMkFAAAAAAAA8D_SBQkJAABBG3gAANgFAeAFAfAF_MtS-gUECAAQAJAGAJgGALgGAMEGCSMs8D_QBu6PAdoGFgoQCRIZAcAQABgA4AYB8gYCCACABwGIBwCYBwGgBwGqBwwxNTExMTQ1MzU5MTPIB6iIBtIHDQkADTsBOAjaBwYBcHAYAOAHAOoHAggA8AeH4wKKCAIQAJUIAACAP5gIAQ..&s=2443fecc21636838c051ed08bc1d1bb889d2818d&type=nv&nvt=5&jm=1003&px=122&py=150&bw=160&bh=600&sid=7203634191132297771&vd=ct~0|rr~0&sv=233&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22463012&sw=1600&sh=1200&pw=1600&ph=4506&ww=1600&wh=1200&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/233/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:32 GMT
AN-X-Request-Uuid: f270b65e-d69d-4313-8f7c-cd40df6a8cc2
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://ye-mek.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 9F36 170 KB
59 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Origin: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50146
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 07:18:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/elements/html/ Frame 9F36 11 KB
4 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C-NDtkFBEUdcRzYiSXhbuWowwZumKnq-Pn8K_K9456WlH-F87qw11mttT3KU9KrzOhrKNgjySrUI2PKKALOuT4Yv32-f-IE7liGYU_kqewPT35AJQ&cry=1&dbm_d=AKAmf-DfZMsxeB_CJZMv8RbIV1tta75rL-fikOEY0wjOO1pq8vMCobHod4a9lX9hkwdDH7aguxiuQLkUKsEF9OhhwOgVYGIzDjODqDL0_eHzXiGmxjHu4Ufcp_oLR1d_THqFL-coauJVhFtdYW2nD5A6iUiLzX_dG9bnNmL_HbTqab3ncKa9JulHkqaS3uCOrMcLmDv0JVeLTrmWpEk98A8EXbUEhpjRO-b2IM9ZJRDP6kjNW0o4dof2DZblBPbQlK7bNsMNFHhQggenXfYv4hen7gYAmwN2oy5QftzlA6AgA8uoWMJxkkvPZ4ml_w4TJ6azZIb-CVi8mYi471xYvxIvp5CWI7JxbOmH5J7_e1hLJuqDEP2L_mjFiStgDL32v3l-q_aJF0x0slwiCz4zA5LaBAkp6EvvItjH38i2x2fyzJQ8iYU2LRkcRDI2punnIQTYdkyzwCI8f-Oq49IEi_XUX6po3-17odmtdKp4Zbr26uMIynUPFg6GdXg0FpAqi1JVq_s4mdcTXg4RiYyRUBih1etQCWkoXllbppxOuxKUfXlb-rYBoWVrc-EiWluufO0Mj5jzxxdcs_y8ATVq3ZQTWYmR4WHzKXrwi4im2kVSxVaYtXz-j76NK5u5zCICVeAQEXuqIhRkWG3hMIoYKNfapLMiPMSOAkLAmFDADuZyyNcyUYDJEnsktFLw3CgSdEWAz8Hlf0QlFhLU8GD7GqfOs01YZE78jUN2mIzsZRU4vBaSsyuf-bi98K_JeDpIapfgB4ilHjkDFfkCKBHDwPmWTEF4loY8w6fRB0ID3SePD22D36Jk0WUXEdf-doYxxzQVTswmJAknE0dpmJlJidoh-211Q326EPBIYfW1mIxOHaqAmIrclEJ3RCXsTTuO_GRy7Dg-d5s9a1Ens6knuKxk5_dNUXkH3Z9w9h0UD-eTrQWCk6FAFUsZqiIKt_2QYVeBiGCHacytB8_oD4XwsWML37tYI3rmvhd690PTEVLRBjQZ22OLE0j4rkVCXXSxjtAx_IEVETzcfN1FJWTshoDa6yXLKDCnoBgODk5BARI8z-wuuUfcIVuHRTxUTJLGNvxV16FxXckb0dvbozoI171qMQp5VkkaOB8vlDA5HNm9-6wTCerAtAaljnJpENmvaCAVXOmG0n-BWcHv71iqhe8AW3XJBqq7MCX0orO3vkXWGM5rdNdpRaK6aZpN1TTq8g8BIfe1_NGCdQASTxeVYTrtgVUOf8mGr4MOb1ddJlUaao0aJFHT1FpSDlZimvn2gvWfl8yrfpMk7FGCkTcFOcoPLtRbGg6EIVCTYqO-CbF8aNanEI25fB2laF3uP7ZxvrhKXC_1RXgG8yt4DDiTuhRtvz67zeitDUDfU3CumRoqxH0sH26vtVn8zUjCF7I-5Aurx8T-QbrVWPAPDD8P676xvlKlLoV0SHZGjNb2RAgc-6f6N0BPhSLLk-TWURPwTURmtiAmNoXE4iCa053VdpmspegLRndvOeq723P-X6fu0Aw11QQ_YVftDauMaLKNfp4dnbkVhDeY9X1gWH0P0Kd4s4fI7eObRq-b_HrgZc7l5BtbJYWvKA1lOIt2b74GBmEtzxGq7FgpSrmLKSaDbePJLJ-zuze9EVjzzdcJ-ZZ4t_bwwi7_jRyA-sIi-GO3AccHnMekcXYsKP2ULO05g0dlW8h5fMsM3j9mNx9BG2hnznwrdX2mHEBmH_hJOr7SATEoQI6YxtoQ-Eaq1acIrAanpwNBmA8ld7JddnF3ePWaiSaX0DTM_iJoMb5S_97xyk9rctnyVjIJUBLfmOAzRrmf9eMq8GJmwHSqf3OZF8du9ghyH_MCXOXd6cWRUq_YMWIsLytrk2Rpco6fl9S8O6xgqn2ZOxCeRk9qM6Slh9_S2nRlvUoxaiKoZDYQWjEWinZ8XQLR5yTUxp6Q2F9YBkdVTMuJHnfHVpzdAfdWwirqK3nhbSo7YYz_kL5oX_PUjLWgOYxZ3mSy5AD6Qznnl2Tgqn-A3CTKWzXDz0s0WUEv6VPt_Y7fre95eanjFYtUSggcvpW_jEA2BrzYnicc50e0ivsgelXk0lBYa3YMf-HAkgrwDNjybHqZq600vrZ-WbH0iGf1Wqt9nrs0-g-w-U9IxoMigRceaUzjcv_gTeU2FwJbhQlMYp3syjQOlg9vBXNIbioKbVusKbhlY4YltrdG6IWpFZUqZ_2YPAbklLF8odX4A_i-Wvi29W_Cnp_7Y3kM_FejLDUwYa125cNPTKM4wYoPYCQCQ9-Px36-C1M5TF0g6pYOa36WmykTllsYq9m40Fsig8TLM-uHeDrpnEkfShlNi7H3wuNp0dA112nwVp5AhH_7S9XbxDJ7UDVdiWIt0kDlx03FHKpiqD6qDDlAyzqrLu9MuzJ3GrG1NdBw-VrK1D6qeWLj79o-9N-pHQ1tdeVVeIVB7QfJp_xaPq0JZi2gX-QJjTaouJsxxlzjhjGIzYVq9chGU_46es7qZlxU2Z_NI1GlHvtUcE2gUOvgUJrD2RlTOF3_lmXVpZ3FSVBNrxU2WhAbd4GftVdfCGlU136pAiD12mpfpnTMXSYsJ-vuK9404apq7AQtgOKDbzqTY6Vdsvm1Zt2blpYTglZ4MtQkY5buSnx86FjyZ0wexC_NgcVSexgboijYGWG8VvPtyl4F1IJs1qTW8psS0ygOQsZq_bP30gj6exUoaNAjO8zSrRCO1_duh3mBpZbvRMwFNUI0CW4qShDBsIuC579nV5Vg_aR068WZbptlJj0WUm6-9kZGgMOm7GkYdSCWCxBCvF9iJG-ZJzRszNqnqof0oYHHZznYNG36_RO2QvzzKRtmmNCpb8apG4KrDvK98Xg6Gz-MMu4w0JAERXUw5GDqZ-L6J0X-gYB5AfuJVMx8oFDt1hunUOvOWoA4XH9LWubIE7Y2mqGTYF0fgQ2_0GuJD_370eD5pRVU_raH4Mkh7JvS5o_CQWBYYm6Kbq2-93rkSEKlwU2Z61Iu7rccd8TgAcsxn7tk8yNRSeJzjj7uoVE5IImRLtozOm2gN9arEZ5quYAve_vM0lzdQzfNUwsE9W0YMh2h5x01IIhhQoxQdp8sTMW_jZXFEY2xEWw_jCASv5DHhzjCb8kCwBC9yWZ6dYF9w-8quJEYWbJQC90D7BPvfMBsWOBsQs8Dx5ucPJFG__wCgqG3a8bqwvV0v5gVryxfQthQ2Pvl6EpvCiel4BG435iB0PVRHTchpk84B56qvCs5aoeQW5_SIYxtp7QZ4C3zraHnOjT_8OB8t8QL_Z2I4AEuqf3GW82_Auuz2_42yXIHYHU0guJE3QMe_A68qUy8DmuJ49-phcGvz21MEqIJ2i3WkAmBfBSmDwmn4OwvKrarm5trQ3dqdrQUst3VDhu2lkbTqLqfGv8ZjDL9IPQDLCRHgrT4ZcLzh_BCBPpprL95CNkLpjyq0N52MIrhHrp5QILP0m2PCUvzED87SVKxiETA5sHVr9nn1pwafMbWb8CExgca1pEEou5Uw1UwJV8y7U-oswB-3F9Y9Ej6sgKT_6-oqqGmzvnhxeFP1aI7LTrKihn43gcW2Tl7kAxPc_NxOlaoQF8NN4EeAroVlVysbU5iNhjiNoPNNr-EJeCmsv2DhEVMKZZkykdxIEM-RTHMrf7UycfKGEQ6ADcpB9HVc9kw4GLV1PtYqFt0f9-JfdLw1Ww&cid=CAQSOwBygQiDJbBrjETz4hyZotY5JDdkaBOl9gWNtGHZNhwoaLYRAF_MB3XqkDHOIT6Q2w0KIdRiEMzmF7yMGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16255311636137271000&adk=1599433117&idt=37&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ae8017866a6744d35f26aa9da389e9771d40bcae3ee65df4c1b5e16e57b09fda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 14:12:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 6053914914909336730
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 14:12:27 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/ Frame 9F36 29 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a91fca903f7f2a3d051f657b5b25baed4e99b6c1e51bfee63737f73ff54f2b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:43:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1849
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11027
x-xss-protection: 0
server: cafe
etag: 5492578185836041520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:43:43 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9F36 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 18:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10156
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Jun 2024 18:25:16 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F70A 143 B
166 B 36ms
13ms Document
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 220
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:10:53 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 48FB 1 KB
643 B 33ms
10ms Document
text/html 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 20:07:02 GMT
etag: 48472445140208031
expires: Sat, 03 Jun 2023 20:07:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 48AF 93 KB
30 KB 63ms
30ms XHR
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 19 May 2023 17:15:21 GMT
server: nginx
etag: W/"6467aea9-175c4"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 03 Jun 2023 21:14:32 GMT

GET
DATA 200
OK truncated
/ Frame 568D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b9cb93e362454f74e2f63425e7b2eab735375f6b9b65560676e01c6f5606cdd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 2C1A 4 KB
1 KB 342ms
26ms Stylesheet
text/css 2a00:1450:4001:80e::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 02 Jun 2023 21:14:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 20:53:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 02 Jun 2023 21:14:33 GMT

GET
H3 200 load_preloaded_resource.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 2C1A 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/load_preloaded_resource.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e0b374d64219f25c480983127d46b1dad0d87e14292b621df9205a2c3c5ce98a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 14:07:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25647
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1247
x-xss-protection: 0
server: cafe
etag: 9347959128929567288
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 14:07:05 GMT

GET
H3 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/ Frame 2C1A 29 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a91fca903f7f2a3d051f657b5b25baed4e99b6c1e51bfee63737f73ff54f2b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 14:06:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25656
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11027
x-xss-protection: 0
server: cafe
etag: 5492578185836041520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 14:06:56 GMT

GET
H3 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 2C1A 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 13:55:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26317
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1307
x-xss-protection: 0
server: cafe
etag: 18393213423120915576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 13:55:55 GMT

GET
H3 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 2C1A 27 KB
11 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

d5e62a7f912b4ccb517132c3d83c5bbd6238b464e04e7587268c037f3a93b2c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 13:55:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26317
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10840
x-xss-protection: 0
server: cafe
etag: 15082532599910934484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 13:55:55 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2C1A 0
0 15ms
15ms Image
text/html 2a00:1450:4001:827::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSZq5xmBRiGaATVJKy3t8Rkhcx2Ze-BXdSHvEct78-kRNrFoFzoLopzG6h5cNeamkU5OLdHZ0h7Uwf1ARWKJ2a72Xr9xw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2C1A 171 KB
53 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:803::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54276
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1685532878231373"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:32 GMT

GET
H2 200 46b994677b24ba6fbba76ec2a1001c60.js Show response
www.gstatic.com/mysidia/ Frame 2C1A 47 KB
18 KB 315ms
8ms Script
text/javascript 2a00:1450:4001:829::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/46b994677b24ba6fbba76ec2a1001c60.js?tag=mysidia_one_click_handler_one_afma

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

8b668fc0fe1720d5c5a32e17084992e57e3d2ee021731adf992e3546c5dc28cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Wed, 31 May 2023 04:16:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 233871
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18093
x-xss-protection: 0
last-modified: Wed, 31 May 2023 03:45:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 29 Aug 2023 04:16:42 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2C1A 0
19 B 53ms
52ms Image
text/html 2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CtsuJt1t6ZNz1CPPlkdUP_pSMqAjC3aD4cLL9yNrtEJiHjv_WCBABIOaX1iVglYKAgLAHoAGhwJjxKMgBCagDAcgDywSqBMIBT9CJw_8VYGVULuXuctg_TslvsirIhNwCpZdEXyN_8J5XNJHu8gYhxl1gn1Gt33DiSkOGXuvvd689KH0gG3hy9HQwUBTGXZ68cGI7naefEmn1Q4-I_wIg7iSGL_L12PWrDZXPWVdp2wcYc0GplJi5_TuWCg84E3vJFEKkf8T8CRq2HsmZb-I8hw0HcfszZlHTCnyh8PS4Py1Q8bOdpxpk7duRIJLLuJOdXNVPh_JHbW-dPJ3T9RVN-AEJInIqm4lR4ubABOmng_myBJIFBAgEGAGSBQQIBRgEoAYugAed_KSjBKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHANIIEwiA4YAQEAEYADICqgI6AoBASADyCA5iaWRkZXItNTcwNzE4OIAKBMgLAdgTC9AVAYAXAbIXCAoGCAASABgA&sigh=mNfW5ueafi0&uach_m=[UACH]&pr=10:0.27274&cid=CAQSKQBygQiD2PJJxtMk_WwRiEdQjtm_o14FZ3MefIfXQ1yntBy0Qq3L2QUoGAE&template_id=494&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 02 Jun 2023 21:14:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DE03 1 KB
643 B 34ms
12ms Document
text/html 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 20:07:02 GMT
etag: 48472445140208031
expires: Sat, 03 Jun 2023 20:07:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9F36 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e28ca4ec0407fa6ada8c19b60abf01311e13cdf09ab2fd7e763d098922d3b057

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9F87 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ByV8Y0oe9nBicE6EgQynmiA7qWn2qp7yMT-hOO1BcJWa3NUuk766-wfFCKHVFmS2Jq0TIJjy_SZEZIWJsM5itfOdPMQlBjOP7pgNgvj-_O6fctUq5L0oCp_YPLII_uHqL3RkO8miPPScfRe2N00mGgbt7b8pDFy2mZpA8_PIlMXkP0aKY&cry=1&dbm_d=AKAmf-DX3yKmCjztsUm-97WWtCTaMLPtyFwT9neCLL_pEo37jTIjayEw0UbahPqbPTDOqRCYbqsLOA7jWlrpNWFdJrqdAcK3PJUPvsSklamrp6iRhG3dXju2w4YxjAH3vtFad0AZiWYt1Sk6C1icr5EmUGgSdzKBVscpKBn4RCJoDpFfEIEb9Qm0qrhEursedRZmY1UN3hr7eVXmGJp-YDvKT66ay8smdUUOARqw5d_RA3ka5_o3TPEBKnvECeMRMLzghJwU5zrsSwcnC8mZfwvRr7EvuKubwmPnIOq5afzAYc1a4dnvfE4fw6VPnB3lDCMZcijtGcgO-gNqyRklwloWs1dvyD7-R22JZh9s1eJqnuH_oSZ0lRQt-X77xAn1g46D3gJoyp5aWJfP7Ut_6Aje9bkhIHYOE0vF3Hk66svyQQJsLqJ8vDf9OLcV_51xZPw-yJPZsFW82qVDchr7liYp-YMpm8NKIUxpaHO3tSFJDPqbSUNncvcLzoaBA4yE6Em_o34eX9nHob3T-eV2vH2nT7d6I20zErHDpm4LqNz1ErcR8xx5E0vzLLUJ4faP1iQh4MITnG0M87ZoJhWBVWiGMo-KDvNpFzcn6i7CD-7wrjLAJV6-x9aAUhwzbZ15qL8znv6qW5naW1sYWitr_kDR9chlP8uaUMu1C5EQqrHciwWhr8yBOdpRHjQukSK_34xMKKpGEdaDKhpnYoyk__UsHILeJuMDbnQP84DegwF_mnl7Poq-mSqZOpAxDRdhPuPi2sMZJlicjqwT7MTfRQaPmykN6g1TDxTYMD_4txOavQfMnun7NthLsXrprrQNXg36tBXI1JzqFQuHClIqTbmbRZHlq8ITZNwavZtjxXCaWryAmxnJ4pEE2xqgPxcKsw_7zCDYwFy_pE1lvltd9aPCb4VVZEmYeGYIxhso0l5d05MU1PS4ZPO7bVBnZK-1aEcNEzuAhDJ1oVgwnFzDUmD661ljT2mojofPEA_XsQoAfj7mVJiMtft9AvwxWibkBNzzwKDb_4GNbf23Prk8gVUDtIxzW7JaeSYyYoYYHJU48g39cF9JceFDJdT-I1mCxr1SeqUsE95K_zzAmDnbq523TTaby9PlE9ruKBEvH3Z9nK1HZXDs7YhPRUXF8R6DwZh_-8X2CA_wTEZhh08jezGnyc_pual79kUAGaFSm63q8aMBL99D0yVZY-4PF8w7MH7x65IMETeF1lO_konl8aXE8YZyYuqY1goFAJvdTfZNKZWikdEUZNsK6h40J_mC4rooR_0rMnGu-hqDPYn3pylY0670ZpZ2o31un96ULojGX6kyHS3iZXcJfGD3T1G0U3Vsh3_wj-pJQN_6bsRQloRMdbcNjtCgRd8xlpDkU-S0d-BqLHjJslfvHLaMWnY0avnPwq1276raVrhVQrrTBm-Bz7qqBK-6Wn4Vcj2928ITVhC-LTRlzKLLCEj3-mQUrfGDeQc9stdtKt2p9nLpyvWVmXp8-cXiC2mass5rvX5OEbVs88rsrfOv8_sBYPJ62BdkdTh4_2lCAMWo-1dSvCmKnVnRE6B3QljU8gTUQqMzKTm8xmJbEKdX4vtpLAB84oPobp_zPi-kwaoC2Citk4sbl8ELrIejD1Lx84wXbgqiwPRbSy7WXdvl4ak03MWj-Fdp9HpNAB1cerkImEYmz6pxks7qjOe6do-9c3ZWU2B5IoaXUeEDfuv02L4tlq-etv_SvC3h9DKywcngkEbTeHwZ_hM7azzj38Ag2t_-4pzi1cmvBySeCkmGFkylAeOQbYPWXAA12ftX9vTQxGYUa6wUhjzuWn0UQ4oDdCAlsMjzdqSpGzEVoEt6dDLC7yvrax9ck4D35NvrFa9F2ms68ghPK_ZHE_JKxGNLccHdZZ0swpsQWx6ujP-fb3L472IPg0wKUUTbuq6XyUMHCXAFx0cEnToglzwzOKKTtnfVZsptaXNxsjupn1miklvSDKKpPq6EIQ_s8GnuChenu-8nYxL8VQ8hKvEJUl5SYiIGyvdWHecjH1Em5JSIYoCyYmJmDqUJK_5bmj9P7bAOIbhdVHKbC4UmurtCPO4L1hzY9SwoRM5kecw2t-r2MWBoQ1i7jW0Uc9FH9X874wpBCG-ikyLOLCUgIqIqpkDGhnxVhpvLm4ZwPLO7dqs7Rdm-djLXIq9V-d37JL7QoFpKuOTG4xKiB34RZA0WbW-Cl7Db63ozm259TBg5ykM2uth73E7eTUYRKU0GqzAfUZE48QZBhEEiUGJJtbWGALyVbDm_2PQHfbNyPZh8qrTPFN-dQb5-fo5LKBabKaxP81ivQ0pXEHDetKQBP9PIQYbk4Ts1EIw--tmvaosmSbJ-2c-BMcNGYM95G5P_duEc83KvT-wFZE9ygAgk66oZ5HrrH59_L6sWkTefbtSGg-_3tEgDxuaVWWJLMdV7G9CNdnEqwwCEYYaeu66VtXli5FWnUO2KkR99ImptXVSdcPR8c-p7TxFtHiWXbxqmkbqtYWebKtZ3KePGSCCt3M2YvrdLGWb8o42RgBDyH7c-opqXiG2yf6ncGYxqydTc6xZoAtUk0SbgaX9b5IDwmCJv36dplWYcFco2KE2WZQe9kVRlscQP8gqEFbSkxr416rBXWcs5oMbMTUp61mzelo59583Z2Tb1rKbClbunDyt-OZUiRS2d4lBKXtshTunFD-jDuxZuuh0NpZENXTAZb1LL-YW7iDv1USCI6w7WHVKKAVX0QzmZyVhpuDfuN-9K-gjWUgtrLxaB6v-GQ46GBKqdSZe1qNTgkoOgJR3faHph1Fn34dOPZjz61UXqBHLByUFUWYDlyuPJb0je6uCYKYVrg_RqhH2GnU_WQGtiwbnwqTXHgWpThltJJcy261VjCOVTtiv0RE5VkPj-DEK_cLvk45_fY0FV1GByq5nEia8Frr9LyfTwsEO8GYyvWKrToSn3vokT4DyHU83c6aJNRGQ4TYqoHbZ80vi05TEpHX_8VBeiDSIftbGTjc2LQephRveQcSet2O9TyQDkuyQ282e7rGIYz_dhAIzqllI_2qzFsAkewYCbry8JXN0ccHNXGSCZSyubh_V-24sPU1nJwdaMBs2teHwkvgEDxHVYbImKyXX9rs79ZlMHFCpgq6w-j-_I6hEZzf1_JRyiUP2m0r-DKq0IPG4p2zYkrzio7P2XyEd51aeSKBbPAuA2lVHl-iCfuz6npc61jFs5pJ5lV6pGh_D9Wfa6cQdio2fHqBF6i63G0VmeFKw-1Fls49iiDR-sgtcGPNqiSs7ptlgt37KgPkYSiLPKrvIHQhREgOOrXrTV515AF8-VY6DV0ZGrf0-Hglt7_RTGxa4CsaYOAKmayhEs5PDTgdAmKFZBOcUTR4HeNt-Ya5rgsxDvE5rAFjmcaARachtVpcvdWpX0DZtjf-vdVDTAJlHKJGunX8xDljLQNCbvZtr6yb7BREfC03v9&cid=CAQSOwBygQiD1hMyPuGUEerF3iX0Ase6qRart9We8W08OYNH6h9rgW5Is5rykFNwK8zmUQf2pm12gghsxu99GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17483446497696620000&adk=3587751834&idt=39&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 18:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10156
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Jun 2024 18:25:16 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 2C1A 27 KB
27 KB 266ms
9ms Image
image/jpeg 2a00:1450:4001:830::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQTy3u322TScO9Sgf1YHHdJzBDZprqUvm5rMFX94sJYdwoVu5d-UbdJcg3mWuA&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

989f91fa12f5f9e15f7a3bd766a2b6f7fcd4516f042c420456474f7244948b1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 01:00:52 GMT
x-content-type-options: nosniff
age: 72821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27210
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 03:22:48 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 01 Jun 2024 01:00:52 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 2C1A 17 KB
17 KB 266ms
9ms Image
image/jpeg 2a00:1450:4001:830::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRWn25YjW8q97O5HhSD_2KY2H5Y4oSkqI8BbaTVUGPz7Tk33fawUO8ddJBqjA&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2c85053b0a859c15584a3e36f4b2b89825a249de7eb5e60ceffdff90e693df2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Tue, 30 May 2023 07:36:25 GMT
x-content-type-options: nosniff
age: 308288
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17296
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 04:44:59 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 29 May 2024 07:36:25 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 2C1A 19 KB
19 KB 270ms
13ms Image
image/jpeg 2a00:1450:4001:830::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSsO6eiyK_9ycQix7rYwHCneYJ0fd7uD7dU0EW_eAcOQk0nmBxXFSTvtAdCCL4&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5e78f2b6a53e0e082bf9932e994510d75274e3c9ddaa6bccfa39ac92d9ce11a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Wed, 31 May 2023 16:41:33 GMT
x-content-type-options: nosniff
age: 189180
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19515
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 10:38:16 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 30 May 2024 16:41:33 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 2C1A 15 KB
15 KB 271ms
14ms Image
image/jpeg 2a00:1450:4001:830::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSHKgUQNyFSE_CchJ8RIMKh3YWdUIX4l8F7xX4nNQNPJJHmHdlST4KLGesRhg&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d781b87672c02c52d249927ca34da19e4035710880f40398ba979dd475b2c9e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Thu, 01 Jun 2023 04:33:00 GMT
x-content-type-options: nosniff
age: 146493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15206
x-xss-protection: 0
last-modified: Tue, 28 Feb 2023 10:27:35 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 31 May 2024 04:33:00 GMT

GET
H3

200

3995853839924061625
tpc.googlesyndication.com/simgad/ Frame 2C1A
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOCat6zDHxCwCRiwCTIIZ7MB4_P2Swc
https://tpc.googlesyndication.com/simgad/3995853839924061625

77 KB
77 KB

7ms
6ms

Image
image/png

2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3995853839924061625

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

87a92e159459b46d503d7ca9301e076e886bf1eb91abaae349f8b6a69deb2571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Sun, 28 May 2023 21:57:53 GMT
x-content-type-options: nosniff
age: 429400
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79088
x-xss-protection: 0
last-modified: Mon, 24 Apr 2023 17:15:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 27 May 2024 21:57:53 GMT

Redirect headers

date: Thu, 01 Jun 2023 21:57:53 GMT
x-content-type-options: nosniff
server: cafe
age: 83799
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/3995853839924061625
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 01 Jul 2023 21:57:53 GMT

GET
H/1.1 200
OK dvbs_src_internal117.js Show response
cdn.doubleverify.com/ Frame 9F87 57 KB
19 KB 268ms
268ms Script
application/javascript 2a02:26f0:6c00::210:ba29

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=15911784&cmp=203336&plc=7322077&sid=18330&dvregion=0&unit=970x250
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba29 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: c74d4c8be63fda641c0e0255ad3c7416862f17e31442a1a0ddd7645bc2d69d3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Fri, 02 Jun 2023 21:14:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:02:11 GMT
Server: UploadServer
ETag: "d07704704b2ea7cfd4b9f2d78f0c7dbb"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18861
Expires: Thu, 30 May 2024 12:10:19 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 6ACC 108 KB
25 KB 38ms
16ms Document
text/html 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

22ec56df25744866a27efb0d3a95c71bec34cd151f986376a9f2e10f498760c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:33 GMT
expires: Sat, 01 Jun 2024 21:14:33 GMT
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7B5C 0
0 286ms
55ms Fetch
image/gif 142.250.186.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss-RwuT3I5x8BU0yjRvjvu2o865Y2MlnfaJcrmPNB4DYGOzvXmnenKaRBcJ2cBzJXcSv9rfN23cfpncKs8-IFFUG9ZCGfKbCWrmGCUvrFOzDM1F-aDjY2oNJgutXtmgHUT2ain7luhGUBdlbmjV4sIcBercc4S7jdo4qETcwL21OvbbXEUnmsZuNzEi_jgY2xP61ZsPESEhbikpjndCYB0hDjSm-e_FIQoiTC-JDX8fhcCiXjhDR3kezK0oMbx0c_NWeIHhz_cEy6RovpybgQ_ypXQYkI-uqMB0Om1CAD7KPP7VEhjMIN_83kfseEj32G9PTeR1zTAlY88OtBOsSydXhMn4Y50Aq9DuxSguJIUdBWibQKv4Wwx4zMFQJaH-YOijE-qVt3eDHgONH6280Lojzf_Kg6JCMqQ7gUvsxwXLpTLLekcFD-t7wAoi2BNYmh6a4y7_TKtEna33DvWuWR_3YZ8XUnibaP8g9k0GP1ps1g62e2QJtoIFUJEaqnojbhnY7CfIY7TAJ_2W_6_lFqoHhUckT6tRbF6Sq1MuoQjFIh8UQgYevJOZtNCglj8AT9ckPFQg0cgK1l8f71JzFpXZx2YjdNBht3jI2wNF4Tv7RQ4G_fMIbETs8ppxeiTrEvQBJLCarDjvsI3E-cKLTq1PnWSbJ1935rApoqMpasoD20_x_9bZFcGkB7y6YJyk8uJVQpmrsNkL3XfUXDDWthNvvFfMMhTQZQfKIYN7MB49nmzCirNSH6zoatF8MNyLZIInm6E0S3seNfqkPTEZjlY0t9m4dnWqsXakc3wfTft1MhvHRMMwJVslcn01NNxF3HkDjvURVHy9qenGoun7aDtvHoXNV2efwviTBy2wSnw61DtE0FhbRqMq4NLKR12ryN1Moi6-Ipgir6tU9K4GmyO-Rtgoypv5tFwtl9zve6i5E1TAfYHBLtcjmtC316yh2hWcTLhyEdm0knOX38SV4V9ZxuOwjC01Hwijy46TdiQP9rVccjbdJtUFuxummDl9krajv3bvkRmD3u69VAAJjP9YNJoIj7vmyhkls3fsGGcNZHOcc__S7j4OKp_xoRAqU6PqE_hWHOKIMsvv91bbPq64vQ-eab3YvubFWFpXfy0UExxhJz1tnrNNCtFa7wG6CfdXTa0VYxOMfsiZGfC9Y-Kw8bSxZWy8FxQCfBiSgfQQqHrSjvA2YUuWZuOtCvz6ICd87DwwpZD6cWj1mIIJCvihuBqOIomuRsB7Rt3UdHCD6CpN5n1NbhjpkgorEBcXblFZx2xZiGPUs-5IJuGrTtY6iHe2U4nUm6QN0OR0aEbbCc6EKrVs3V73Atlk8UCEeT33qc1GzVPx&sai=AMfl-YSbvzo28RHvgjqP6sSC9nDmxDb_Sz-5_RkA7HQFJBBP0sQSaTf3XXq7OlX_bT7inmDAO5KHaqESTnr10XcXZq60QG8A0woxs7_uUr-4bBrTDoOLne8ZIbZBkrTZ290_wbholNssxhN7Zmd1CDNXJkAwP2PrEUncdODrhCO3-mUSzcBzm3PzuU7gZHQIYYlOtWJKfUncf6xRduZ9-zxcVDIS64Rsx5d1wKqV1NbJmh5amAgNQmJ0n9M9VXE3g3Gvkdza&sig=Cg0ArKJSzLhIKZzsUCPaEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=285&cbvp=1&cstd=276&cisv=r20230531.92396&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 02 Jun 2023 21:14:33 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:33 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9355 22 KB
8 KB 32ms
13ms Document
text/html 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 176851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 31 May 2023 20:07:02 GMT
expires: Thu, 30 May 2024 20:07:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/ Frame 0874 0
145 B 32ms
32ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/postback?oz_pl=1&dt=9484611597092707615000&sr=GOOGLE_CONTENTNETWORK&pi=XRzobPsLhV&pd=avt&di=https%3A%2F%2Fye-mek.net&ap=&to=3&pp=ye-mek.net&ti=&md=1&dm=728x90&gt=DE&ci=948461&ui=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&de=2&si=&ac=Xmwo1n97Q8&psv=2.94.1&_x=1
Requested by: Host: s.h.w55c.net
URL: https://s.h.w55c.net/2/948461/analytics.js?dt=9484611597092707615000&pd=avt&di=https%3A%2F%2Fye-mek.net&ui=&ap=&sr=GOOGLE_CONTENTNETWORK&pp=ye-mek.net&ti=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&to=3&de=2&md=1&si=&dm=728x90&pi=XRzobPsLhV&gt=DE&ac=Xmwo1n97Q8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Jun 2023 21:14:32 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 471C 0
0 45ms
44ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvTIVCwvqfWCn63a-CXpBIvLrXkl2SnDi_Zf7Q7MDOKElBtBomqR37RZE2rBQ6wM08quZ7k1l6RfBB9sGL_-En0mWF9xvHzkZmdn9CaxrUp1axm3j1Lol1-olYsGw8OIqGVdn8N6lA6eaiPlnBhnRikKC5JXL0pWMNOsTqX02w7UwoLJTkayKG-eXgQFsE14dbX-iUAWcZN5JPF8k1SEN1NM64wUC9cY8_ZnHD8qpTofj_LnIj4PP0WbX5GvF4D27PxWmM9sZhNKJBnBxlDEKXuE0iah2n6QKTTHjxN14MmMYvMWkY-LMwtVzWv1KUcNWtSZv_OOs-9Crl6Zz5hdg2bZWmBSTp4Zm8BQxidfhOQG7arpofCKA&sai=AMfl-YSb2jix7FT8Tcq6IRX5s_OQXCaGy3qT4QVmtFhMR_GCd0cg4KV7Mxky29AB77Px0wb2Xaibui4I6D7gBgPh7aEpYuvRCVtkrWk5XqqrR2k&sig=Cg0ArKJSzLnIVvHgFy4YEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 02 Jun 2023 21:14:33 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 471C 15 KB
11 KB 57ms
57ms XHR
application/json 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230531&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

385cba033449fe06ec0f3d8d7982580a0b602f1eab1d93f3bb929b1e43e8c40a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11391
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/ Frame 0874 0
145 B 52ms
32ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/postback?dt=9484611597092707615000&sr=GOOGLE_CONTENTNETWORK&pi=XRzobPsLhV&pd=avt&di=https%3A%2F%2Fye-mek.net&ap=&to=3&pp=ye-mek.net&ti=&md=1&dm=728x90&gt=DE&ci=948461&ui=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&de=2&si=&ac=Xmwo1n97Q8&sid=AgmeqBgCEANq42aS&oz_sc=f9564083f49e78ef1b5f5ed7&oz_df=1685740473051&oz_l=1191&cv=3
Requested by: Host: s.h.w55c.net
URL: https://s.h.w55c.net/2/2.94.1/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Jun 2023 21:14:32 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
BLOB 200
OK 371f3489-1029-435f-8a4d-602bbf3162af
https://googleads.g.doubleclick.net/ Frame 5FAE 186 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://googleads.g.doubleclick.net/371f3489-1029-435f-8a4d-602bbf3162af
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 985d2b656cce9486a1f152d7c4bbbc4cc1d5a65a0af9bd52e260bcc255bced06

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Length: 186
Content-Type: application/javascript

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 471C 17 KB
6 KB 48ms
36ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 02 Jun 2023 21:14:33 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6606 41 KB
15 KB 20ms
8ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BwNPIDMzK9R83QipfKSj5s2CFyFFJGXNYs00vktCTxVg2LZglaJ9iMTDp9_kN7bbYaI5Cv46Y9nU7bxtGTVoOhRP3W_stzVgz02HguRwPTmt0MiSUNy-nnuc7S6JFxuuhnMl9O6NLBXsXyfUIi3Uh5Mov-ALIp0tNLKi6VvTdeA24DiRM&cry=1&dbm_d=AKAmf-BfCtOduF8tz6t065lYFBMIK0FnFbvs9tVg5Q71lHM7XGXTorvBqZG_8nm3w0O6FmprL_wQWPkVr8K2kGc0VQJPTsXH05msuKLyeGIf5_mgExiSDpnUSHfKA_AyJN3mZSblJpAa3m_EwQL_PSyTkgQpKx4wnYLYeor9pmRRRKSAgPn8iDkazIJRonD_EuJ8AwE-AEhVR45up7xaG3wjjpJ7XDlUH7yPTRiFj8gB_hY-gL8QRQdMjeVgrCCdpa1CxAdDAogy3eKvlcA7I03T9n4DNvYYJWZuZlzdtMKUO18WWeVEKcIvOSEj_E8p2Y1E_6-Bgps9c2YfqYTdRok0WxCtDi_wulPpqRyRdxuXoEkyvZMu4CxnVR_guUGnBuJKJSQ6eFiqShV353mWf5H3sZPd1hRcI0dnEnlgqYVq6KvmHyXbX6Umk5Ogw1IHqBBO5sAuW5qE5QGr0CD_8dOq6D3GYDQx_AApvaedc_FGStcYVTSq7lN1xy7pNRBRTDNFl0J1j3MQO0jo3pS4Zj7X41wNewUns98-qH-PO5NNQTAe5cnK7xHaOT7rI80iWXd4AQhHxn3agIP7tIQ15k0ONXQOj1yxNNdBdRjogbKLK5TJM4sQfNSbvPDqVb6IyZAJSTT1UlWho9AmcgF__acaj8uDKiOBEKf6K6NC0VzMRrkfOeF7dN70K1MJP40yOBqS3m-Ik99v28FCmcDEscfWopkftk2v8dmWGYpr82aD2kX1QddakicJjxxtb32GcPc9-SmshZtYDWSklub8B65VWxEFGxJBT3-4o7r1q-AsRjPtvd3A2qzOIR4q0OnyOdTmY7mHOKoqcMRnwBVYAqWn26setmGokwWFrL8sHkt5bxuWRuAcaCpI5ZXRHDw-rUPM6VYfXJzJNCM4j-ZQX0mZIMXM8fHLEIr1vTaeQgTgr8eqFV43ygJxfb1k279Imt_Lyv9BpRKdAqONxV50K4BDyvXntLNidOBPXV5h6x8cfx_qO-amM2PcLmRjSwnBZKX1-siafZnuH-Xts1vppCRvYK9jDOyTkHLjMymUyjI7jtGvA8A5xheJd2ZD6mbgTPeJTalzNENU3Kc55FwCzEIN-JcpWeRlSopuoNdV-r_k-6kG50KTzUBPAjOStTqyuFy4laPmocDcbDWj_zggSaOvVXSiRP7tPcC8RcnwHQCUBKd2iaOE3K4tB-Wf0rRvZtRikh3G-qtfz9JURs9FDia6v3zdY4mgmMxIEVaLbCyzS8krfYfjHZ7fl1ofLdkAPWNZLj7RGDEuORz4S3KrIsTjBspwlP8rjPnprf0QeycdAQBLUKmsxW9cGz_Dh3kLAnO2qzDf8KQbrcAouW70FcnffQvOabemnvqZcJDgonnNAVFV0YaXc0P3yFaiOk2VI8Q2ccEDGLx-1A1LrhTqg59VUQKhrfsRMyqRw8WSHsEAJTGeikJAOWFaHxg8AKAr3zBx_6I9vxuS6lGrFL6kk-NHPv3CdPk2OLtu6z19nLNmS8zTyxUAhHO5IGW4Bbc7Egua8vonpYHxOJYOp75AMsgPD6g9LMoL2_-QHOKB9XsyVcitj1JcPTX5wXmrhaFhc6wVgZtLL_x-xYkSTKOXu8XyHc6E6536nzgt88GShNKWW1NkeXgV0ygcwSJpeyyhznKJVJxfE9cSkbzlbdzhDM7XOdwZt6cVmdqnSVOAkT5YK6wz_UehmNHBtqenVREC_468_4sT2GxfRAF1U-LMFY1aMt_0RgWSRKoKBFiFdl3w2HoQXmMk8X5EKi0TOt4UZVZThQZwLd-e0iFgyXZh4RLcBIdTftJHv01pUbhhIVSZYfxcx4BSeKALyWNGhwxXdzg5ERWa3D2OUGqE0IhGi46adBPWdcZd9zjEztxdQu_xnQRi4LlMcIHU0PTiZ6JSWPfxWAr6v8ZjYr4Eth1kMuvLZXkfl3Pk0-gmgNh8uItoRfjIaX3g-R_IQqI6zzCs7UKBONhhjtWdJt5mcTXGVAmBp2eiN_3h8QBWWfwVsOL5tuhlGPz2kwYoF5JftBUvAoUQrRGKto0Qbn1zcJkTtCysf-VEgRSu3slGv_n8wYE8HxdNRhUK1NibjGI-DyIdOfbVf_YhCwBxPLAlcIK5AvbCIkLthrsgvTiKieDTb8ohYwSd0mxzsPgpwUWSfxNr0GG8YteTezTJjn_OoSvt0neIKydqzc58vFnWVNK5e5DugFO8BS2cPszUZ1D-FNLf37iC4jnhZv45DadcbFsKDLI4TzPwl1QQmfBHspttMfsbg0Q5WU2pwnbJsL0sTKkCdbaBcbiysah_vZ5zxGKXWbB3jq76ewYyrZK4CAxKYbdBsQ4NvenGmZOfWDZAmsXKs_shK_j6YZK8BSzYXnmGd3Lp6mT4Rnj_oysIYmG444RHfTP8s6IgcSnZRPblQNdcf8xUqgqLzbh0fZ3m7Eb8yM5KT3QjNRnwVxZ1Zzyw-DeMwMnoMjjAlVRHM1eByqPgOqievpKY6760FRVCIhIslRVb7KmxICNJb5I94ziiA9pZa3iS2ZQn2PpOpnN1ofao_0-h6jbU9qkekeRv6HwZ4Ax-YwAYSm5fw715BXuuxBrRiG8iFtFtiNsCi-qDNG8ldzxULNHZLpp7AMXSXLFnZ1pIpju1LIglawpvjckqLjNJg-zEPNiwd4vJwkUj4ywNUCb944eFD01D5X0qpniFbzoL1VtwvKgP1X6lU_FUdrfEPCDyaH2coXgSzA0q1eaQ810hADMKyXIU0lBTzO2h6ySVKt4_Fg8ymEUmjKGWpBVC-If8BsVaQMTObIaFTrIkTiscQAkudD11J-NAoauHB7dJLwVw1hQEnQlwdUKD1H6FzdKUDH-M6E6U-JHjCdoYpHTtvZFtUxWJ-ZhLFc3eCIeBA9lE88o7EgMIXMLw_x7shyty5t2y1Thc-RetQp2MJUKBFCZ_qxbvz_qFkrRn34neROEc8ipkXt_DwV3nAuppM-d0FUeWgNyBMJ6yh1X0pJdNIgwG0DKauNLl-l_CNtlc2e3fzYnFwcYn24fMfOI03OSIEg0oOymc59Xe3BjCyywc2m4nSDec_PSSr2sUOO_BdTpJFFZW68gU_7TlSuUq5hmCZN5YbkboPvroyD69vAfKSZgbW5mZytjPZky2wsJORc0XWxLCWw&cid=CAQSOwBygQiD_Onfb63ey70FI2e2ezKZyOxFRnop3SzoXX_igqA1c427VeHv1oaG4smWxW69MaM5PIP9pZicGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=6173311438854368000&adk=578009112&idt=35&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 18:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10157
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Jun 2024 18:25:16 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 6606
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1352960/70224255/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DWwPfUgMeWgpUm80xJfeqCuqUhdyjwPrxnDlbhslAc76FEeWGhIqo...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DWwPfUgMeWgpUm80xJfeqCuqUhdyjwPrxnDlbhslAc76FEeWGhIqorI4IPMdkp0rbt2cze9HdZTi1Ib...

74 KB
25 KB

118ms
52ms

Script
text/javascript

64.233.184.155

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DWwPfUgMeWgpUm80xJfeqCuqUhdyjwPrxnDlbhslAc76FEeWGhIqorI4IPMdkp0rbt2cze9HdZTi1IbJ_WJ4MtNcNbzPMC-HLk3FSYlEXWmO1XDt2HMKEOGdOebBZ1DkpvjKfYeEH2oqkInYWqK10uKrSeGyrwuMecOkr9udNOwAxjWKoS2RQAoCZ_4G5SClNukvCP3FOcxiTD5wi4RL7Nm2enXWJJme7ESZCJP9FM0B1SU4V8zM78HgPKipsLtqbBlLuB3w3nv5vYZcZkhrGNvZYMEaeEuWYzs9gz4_nVKwUlc4tvDJZGAiA3KxRfhSDUA8CeST9khdwxPQNwMXDUy3dojIQJmTTs2GXVCx3OCiXMiI4AyMEE8S1K2YlcQNwteldVXexFG6NcmZfzVe-lIzY1FxnS7AqSC_l7f3eQ0x3ujyAoyULz13vMyk-oeIT92K7BC9smY6kB8KuWKDJzyjOHew6qn79w1iljiFOHhYV7ixGrTd6bl0pexcUuutSSb-5nYvRkHHYoY1WKgKbRvbg_UhdW_GB3R5X4XTmLAwmQFWShv22hCms6Rm5IK9QZtpMxynCfdpuKEoBYFVIZcyCVVwSEdqFnMceDCyPs9lpRuhYNoJvfnFgcLo-58UQFAc6ek3KOnSGkf4pbp9CxAM_jizBi-ZJ_NNBJILLgSvVajADmovGhGxyxh_Pgg8lrqxBfRwewU4z1jZP5oQ3aQ_Dyyu_TrjeHHWtC5rfwjjr0mrO6ryBqQ0ap_2JaQ_lO7dpYsuFowG0S4GBG7UWtJGTcs7lklTxhqGyM4sXh4POUoXAmjEP5Z0F0wPaBN0oGsZjDdWE1pJyJ0SumGQ43o0FVD_DRgep0sWmgiyTFP3mXQDf3Y9qCXVzG7RIx6Q8HRwVvq_nQKjKy6Pg3HFgUBiN-cRIqq9-8PNMrLtA9Mlo9jxQ9JOsUzPoB3S71B8zWxBEAE7apq12a3wYryFDSzgMxJ0QwISR4t-oiOlMgIez2W7p9q-G5xaTtno1E33PCAIkqvvehAEr3VRMnTwgdyvr_j1PICbwf-Llip7erFawdaNUiUrKlqLTsxL-LXI_gCL1tBGhsjxBsp9AJNhM9e4h5UU-7e_7v-q6V2OyR0Tv9jXzuKxm_Hv0y_b9f3TdKAtWiVxwfqIZmPqxvKzCS8NuYsUCNEbec9NVEt67C_CabTg5mjxr_csxSnJ1Rb4dmnJqHdqkEPJwj2gX7D9yESJYfm7mcXfsW6ggkJ36ICkV4BX4TlHYItVG6kJQgxo23GdXXo6NI2Ffq4by8jIhLsUY-vdwxmQLdfk0dIKiwe821IaXT59UmzYBj6gl8TZYptwmvfb5y6MC3CgJ6PjTJmWSoG1RXCYlJx23OCVcDeOcxvCitFtanOTGyb9g6BIRamNdJYmu1RqwWzX8q0jskn33JkdM3hBipe4CHqFJvmXH5mPW6IeBPJktCcpS6bz1KwAEB19y73RGzngtD-pC_MDqFyq72NBIZeOne7T-gshJOrYZJPM-IywEPW6KQSxtCkjjRhpSOLNJhiqwlMSkX3_ipebOgq66T4Xk2WIqFx9TlKmC_DmkFIN-bFl06SDjrnSwumHH0yMPSG7bD2K39MPI2h2x4HY9gvVG9cZSYgLMuYNK6H5utq3YbgnaZslY2yEispqCD15TnfT4zyccFlycauXc-u-DkA_RHZoNbNeBSYhRarZdJuuMCdbQKS6pz4DUNqtcsD7tVaffOAxlj9H6YeTrv7PXSBlWGWDO8Ebw_LcDyftkGqmKa6X9_dGgbmD4CCHLtcDX0aVCMScpvO_sm-Nqs639EVT3C6OgJhS6OXs1To3EmPRs3GgdXNmTnTEZSUCtOW_jl5vUh8-PccWy3UUMfS2nB9FVMq01th9Ce383zoDmPFHVDkeugBSMgfPW10Ebga5yxbvzqe37jJKxu-owhT8ORK7b4dTFL8LOu93vRRob2FRgnOUFhK1Jwly3ClmIR-R1jZMLoeP-fA2hhzc4xzjyXCKOxzQl5LaL5LXBq6wO1NrZqxSHjC_l9bfqg8ix0D8LTkyQA2_88Yg78cs9Ei5OEHW1vMgHzmmCOyb1AMrjzx7l4WpSY42NHIVD3NaV3XuhFoygY_mQ0pJw4AfgOKCa2YZFLDmbORNg12LRSqHfgWajLLScZPqAJAf_hrC5AxRDDI4Tfd7bnKKqWTkH7xr2sIob6UCg-XKWKFXk0Wy0gDhk5A_A8Ps0aQHgr6IOYdSrkn_iRO4Xw3VmY2GZOXSesMRcIq9N91YNK9z3b1bfvzVkxUn_F5l36oXvJ9H2bEMRh468RNA8Ynoh_1cRKELChgMxBmBBsyjcxyPAkutGscGB121YZiR-4Ts0wEsEKGE0R93Z0iNjjl3E8szddbHILbLxPak0pB98ZmRDWKbOodhopDzp0iTnS8xj4WV_xVYmocXAei2PnQlJT7gSdVCDJT9ibKmeXl-spLg1u-orjyrAN_hg6H7NlgDkRQZoBFSKcL18fexWSrDVybB4rUD-dhe1UqD_RBxMGjLDeAC7pv7gjPQ4Lv2KwuhBV3XoND80oWr-xPnfMa1c9WiDFWwBhKxov3x78dawzOwmVfB27UE_5t8drOhSss9ybpno76sL3eNeWJhDKfb0auv5mkAEUj1bLEwmizovWxC229fqoshpkBnZ0-mHh3ilO0R0Z5lVbzLcMwmtMZxohFfCuCjkiY9yEdeRSXnQ_LKIt8Pz2fINnEBzhoZNxNY2I_6KmltFBjzau1usV0iPv_WODBjacPnCrXBMpaPcJmbki30QBUd2h_LSh0McawYbwjkWd35zv3I7ezmPLKkOletQGeN6KMKgMtpKzivtVBvdFCaD2-atLki-EzdmxnidSGr-OLx9ubwszwFaYeembPV2r-Rh8n5ZqPbgocobnE-KXeK69OOnmbFaa7yZ-gQKFUWjxmZWcGGh73iWReAzSVXf0s3DTHwMIyDPWAHroMvSaSIaOpKiucamYP_2PRPcEUMseJbXHovc3pCdRZ-OJEjHNXLk6nVpCyRsKY_dePS7Oc_K_su3S2Ndp4MKf3TSMzarLLd9wi4CqyBk5bmfsXDeTSlxwO-9-6LNXx01RB7I3yJUxtWqzFdys0b8Qrpd0BziIeyQRZHPZcXf0cSCAK3oFQBM6knCW8dHmbemqaC5KRfu2zF3Ih5AEVB1Zzvu37tMUAJPsEWTv8lT8IF0B7pxY14c-_NX1-sO40NLrI243seT3eUbDmgSQVIjr4f5KwsiS5VY2iMjxwHXBkcoZtq04VuPNXsdafwqR_LudIiRcWrnLnCKixRnFnsZO4uFXjKUpGnrquDwz2z43o2ZOtE-XfBigFDBMzIa-J3UqjN9ZmH4n6d9FuVkVYp_0qx8mOkSX2w7oxPHVGvet4MktL0sf0SXjwH1YO4jLDRvIUkvVOYhECsNG04WTjne8gZlaw_J9nBx2MT5-3PQPnQIAIGxUq40OTwVqvm1cv8P1ULYdumX0pUd-5zmM7vkNK8zkYdseN7IuntMrD2kDf-akReKf6gzrlFKxzHPjgd7sRlZER0x-n4wB31GfQMR6uhgEVG3HG0auCVjj6tw3fwgDmpIThk9leFLdmHy8sl-SGEQlafMiFuWA_1G4tkhiL0CMohhuuqZioYF2eyZdV94F2-FQiJFf_Np81_lo-AXgj3XCX1jufo16AMLZYI0aQQgEEjsAcoEIg_zp32-t3su9BSNntnsymcjsRUZ6Kd0s6F1_4oKgNXONu1Xh79aGhuLJlsVuvTGjOTyD_aWYnBgBYAE&cry=1&bundleId=

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

64.233.184.155 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

57d14f2736ec4cfa46bf75a9eba47c3340a2f271e341f49521e8eb51a9aef4fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25274
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: nginx
x-server-name: app08.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DWwPfUgMeWgpUm80xJfeqCuqUhdyjwPrxnDlbhslAc76FEeWGhIqorI4IPMdkp0rbt2cze9HdZTi1IbJ_WJ4MtNcNbzPMC-HLk3FSYlEXWmO1XDt2HMKEOGdOebBZ1DkpvjKfYeEH2oqkInYWqK10uKrSeGyrwuMecOkr9udNOwAxjWKoS2RQAoCZ_4G5SClNukvCP3FOcxiTD5wi4RL7Nm2enXWJJme7ESZCJP9FM0B1SU4V8zM78HgPKipsLtqbBlLuB3w3nv5vYZcZkhrGNvZYMEaeEuWYzs9gz4_nVKwUlc4tvDJZGAiA3KxRfhSDUA8CeST9khdwxPQNwMXDUy3dojIQJmTTs2GXVCx3OCiXMiI4AyMEE8S1K2YlcQNwteldVXexFG6NcmZfzVe-lIzY1FxnS7AqSC_l7f3eQ0x3ujyAoyULz13vMyk-oeIT92K7BC9smY6kB8KuWKDJzyjOHew6qn79w1iljiFOHhYV7ixGrTd6bl0pexcUuutSSb-5nYvRkHHYoY1WKgKbRvbg_UhdW_GB3R5X4XTmLAwmQFWShv22hCms6Rm5IK9QZtpMxynCfdpuKEoBYFVIZcyCVVwSEdqFnMceDCyPs9lpRuhYNoJvfnFgcLo-58UQFAc6ek3KOnSGkf4pbp9CxAM_jizBi-ZJ_NNBJILLgSvVajADmovGhGxyxh_Pgg8lrqxBfRwewU4z1jZP5oQ3aQ_Dyyu_TrjeHHWtC5rfwjjr0mrO6ryBqQ0ap_2JaQ_lO7dpYsuFowG0S4GBG7UWtJGTcs7lklTxhqGyM4sXh4POUoXAmjEP5Z0F0wPaBN0oGsZjDdWE1pJyJ0SumGQ43o0FVD_DRgep0sWmgiyTFP3mXQDf3Y9qCXVzG7RIx6Q8HRwVvq_nQKjKy6Pg3HFgUBiN-cRIqq9-8PNMrLtA9Mlo9jxQ9JOsUzPoB3S71B8zWxBEAE7apq12a3wYryFDSzgMxJ0QwISR4t-oiOlMgIez2W7p9q-G5xaTtno1E33PCAIkqvvehAEr3VRMnTwgdyvr_j1PICbwf-Llip7erFawdaNUiUrKlqLTsxL-LXI_gCL1tBGhsjxBsp9AJNhM9e4h5UU-7e_7v-q6V2OyR0Tv9jXzuKxm_Hv0y_b9f3TdKAtWiVxwfqIZmPqxvKzCS8NuYsUCNEbec9NVEt67C_CabTg5mjxr_csxSnJ1Rb4dmnJqHdqkEPJwj2gX7D9yESJYfm7mcXfsW6ggkJ36ICkV4BX4TlHYItVG6kJQgxo23GdXXo6NI2Ffq4by8jIhLsUY-vdwxmQLdfk0dIKiwe821IaXT59UmzYBj6gl8TZYptwmvfb5y6MC3CgJ6PjTJmWSoG1RXCYlJx23OCVcDeOcxvCitFtanOTGyb9g6BIRamNdJYmu1RqwWzX8q0jskn33JkdM3hBipe4CHqFJvmXH5mPW6IeBPJktCcpS6bz1KwAEB19y73RGzngtD-pC_MDqFyq72NBIZeOne7T-gshJOrYZJPM-IywEPW6KQSxtCkjjRhpSOLNJhiqwlMSkX3_ipebOgq66T4Xk2WIqFx9TlKmC_DmkFIN-bFl06SDjrnSwumHH0yMPSG7bD2K39MPI2h2x4HY9gvVG9cZSYgLMuYNK6H5utq3YbgnaZslY2yEispqCD15TnfT4zyccFlycauXc-u-DkA_RHZoNbNeBSYhRarZdJuuMCdbQKS6pz4DUNqtcsD7tVaffOAxlj9H6YeTrv7PXSBlWGWDO8Ebw_LcDyftkGqmKa6X9_dGgbmD4CCHLtcDX0aVCMScpvO_sm-Nqs639EVT3C6OgJhS6OXs1To3EmPRs3GgdXNmTnTEZSUCtOW_jl5vUh8-PccWy3UUMfS2nB9FVMq01th9Ce383zoDmPFHVDkeugBSMgfPW10Ebga5yxbvzqe37jJKxu-owhT8ORK7b4dTFL8LOu93vRRob2FRgnOUFhK1Jwly3ClmIR-R1jZMLoeP-fA2hhzc4xzjyXCKOxzQl5LaL5LXBq6wO1NrZqxSHjC_l9bfqg8ix0D8LTkyQA2_88Yg78cs9Ei5OEHW1vMgHzmmCOyb1AMrjzx7l4WpSY42NHIVD3NaV3XuhFoygY_mQ0pJw4AfgOKCa2YZFLDmbORNg12LRSqHfgWajLLScZPqAJAf_hrC5AxRDDI4Tfd7bnKKqWTkH7xr2sIob6UCg-XKWKFXk0Wy0gDhk5A_A8Ps0aQHgr6IOYdSrkn_iRO4Xw3VmY2GZOXSesMRcIq9N91YNK9z3b1bfvzVkxUn_F5l36oXvJ9H2bEMRh468RNA8Ynoh_1cRKELChgMxBmBBsyjcxyPAkutGscGB121YZiR-4Ts0wEsEKGE0R93Z0iNjjl3E8szddbHILbLxPak0pB98ZmRDWKbOodhopDzp0iTnS8xj4WV_xVYmocXAei2PnQlJT7gSdVCDJT9ibKmeXl-spLg1u-orjyrAN_hg6H7NlgDkRQZoBFSKcL18fexWSrDVybB4rUD-dhe1UqD_RBxMGjLDeAC7pv7gjPQ4Lv2KwuhBV3XoND80oWr-xPnfMa1c9WiDFWwBhKxov3x78dawzOwmVfB27UE_5t8drOhSss9ybpno76sL3eNeWJhDKfb0auv5mkAEUj1bLEwmizovWxC229fqoshpkBnZ0-mHh3ilO0R0Z5lVbzLcMwmtMZxohFfCuCjkiY9yEdeRSXnQ_LKIt8Pz2fINnEBzhoZNxNY2I_6KmltFBjzau1usV0iPv_WODBjacPnCrXBMpaPcJmbki30QBUd2h_LSh0McawYbwjkWd35zv3I7ezmPLKkOletQGeN6KMKgMtpKzivtVBvdFCaD2-atLki-EzdmxnidSGr-OLx9ubwszwFaYeembPV2r-Rh8n5ZqPbgocobnE-KXeK69OOnmbFaa7yZ-gQKFUWjxmZWcGGh73iWReAzSVXf0s3DTHwMIyDPWAHroMvSaSIaOpKiucamYP_2PRPcEUMseJbXHovc3pCdRZ-OJEjHNXLk6nVpCyRsKY_dePS7Oc_K_su3S2Ndp4MKf3TSMzarLLd9wi4CqyBk5bmfsXDeTSlxwO-9-6LNXx01RB7I3yJUxtWqzFdys0b8Qrpd0BziIeyQRZHPZcXf0cSCAK3oFQBM6knCW8dHmbemqaC5KRfu2zF3Ih5AEVB1Zzvu37tMUAJPsEWTv8lT8IF0B7pxY14c-_NX1-sO40NLrI243seT3eUbDmgSQVIjr4f5KwsiS5VY2iMjxwHXBkcoZtq04VuPNXsdafwqR_LudIiRcWrnLnCKixRnFnsZO4uFXjKUpGnrquDwz2z43o2ZOtE-XfBigFDBMzIa-J3UqjN9ZmH4n6d9FuVkVYp_0qx8mOkSX2w7oxPHVGvet4MktL0sf0SXjwH1YO4jLDRvIUkvVOYhECsNG04WTjne8gZlaw_J9nBx2MT5-3PQPnQIAIGxUq40OTwVqvm1cv8P1ULYdumX0pUd-5zmM7vkNK8zkYdseN7IuntMrD2kDf-akReKf6gzrlFKxzHPjgd7sRlZER0x-n4wB31GfQMR6uhgEVG3HG0auCVjj6tw3fwgDmpIThk9leFLdmHy8sl-SGEQlafMiFuWA_1G4tkhiL0CMohhuuqZioYF2eyZdV94F2-FQiJFf_Np81_lo-AXgj3XCX1jufo16AMLZYI0aQQgEEjsAcoEIg_zp32-t3su9BSNntnsymcjsRUZ6Kd0s6F1_4oKgNXONu1Xh79aGhuLJlsVuvTGjOTyD_aWYnBgBYAE&cry=1&bundleId=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 6F16 91 KB
23 KB 61ms
7ms Script
application/javascript 2600:9000:223f:1c00:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:1c00:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 21965897
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: cHVWyhaibUO61pO2xWDmTUQTc3J_QCYwu_bGevLpZLyQfxQI5LP-fQ==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3AF6 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 176851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 31 May 2023 20:07:02 GMT
expires: Thu, 30 May 2024 20:07:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2C1A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 707ff95e1c8d5fdf104f1398fae86cd13b594d95899c448db8ceae488d4934ec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 6ACC 118 KB
40 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50147
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 07:18:46 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6606 43 B
215 B 677ms
173ms Image
image/gif 2600:1f13:800:7781:4b1:18cc:611a:9549

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=d604d47b-b5b4-9944-fcef-13e23fdf4371&tv=%7Bc:epWLrk,pingTime:-3,time:191,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:65%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:191,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:65,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B181~0%5D,as:%5B181~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tG3NenF+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C116231%7C11624%7C1171%7C1172%7C1173%7C1174%7C1181%7C1182%7C1191%7C11a1%7C11a2%7C11b1%7C11c*.1352960-70224255%7C11c1,idMap:11c*,rmeas:1,rend:0,renddet:IMG.us,siq:67%7D&br=c
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:4b1:18cc:611a:9549 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6606 43 B
216 B 672ms
171ms Image
image/gif 2600:1f13:800:7781:4b1:18cc:611a:9549

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=d604d47b-b5b4-9944-fcef-13e23fdf4371&tv=%7Bc:epWLrl,pingTime:-6,time:192,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:192,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:65,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B182~0%5D,as:%5B182~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tG3NenF+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C116231%7C11624%7C1171%7C1172%7C1173%7C1174%7C1181%7C1182%7C1191%7C11a1%7C11a2%7C11b1%7C11c*.1352960-70224255%7C11c1,idMap:11c*,rmeas:1,rend:0,renddet:IMG.us,siq:67%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:4b1:18cc:611a:9549 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 2C1A 21 KB
21 KB 38ms
11ms Font
font/woff2 2a00:1450:4001:828::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 02:08:49 GMT
x-content-type-options: nosniff
age: 68744
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Jun 2024 02:08:49 GMT

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 2C1A 20 KB
21 KB 35ms
9ms Font
font/woff2 2a00:1450:4001:828::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Sat, 27 May 2023 05:48:51 GMT
x-content-type-options: nosniff
age: 573942
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 May 2024 05:48:51 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1244 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 176851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 31 May 2023 20:07:02 GMT
expires: Thu, 30 May 2024 20:07:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 438F 108 KB
25 KB 18ms
17ms Document
text/html 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

22ec56df25744866a27efb0d3a95c71bec34cd151f986376a9f2e10f498760c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:33 GMT
expires: Sat, 01 Jun 2024 21:14:33 GMT
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9F36 0
0 55ms
54ms Fetch
image/gif 142.250.186.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu0fin9zAATtmcILFNTGsvT3dS2CcsJqnP6m0rKSiQNhiuJvobWVWc-xy2h3K_xvECWgZLXmjUPTsSecYcXWMvRJ2vb7rqmkCKVKi-H0u2qSrK1fSQ_dAOKYf0wDSN_7AqwbyvSh225BhnY65DHF60b64GYClmy-ZE-atzgXTGBRPb9OAHsor_FnTywuTguWq6wTHevUvEmV8-LUrotzBKShDQYhq1goToacPsQNxY2ibL2Dx7mxwULuyfms4VsuNEBW7_Iqx-GAcMnl8EZhTOa7sW6RY9icMmnUAmJ4kh5PcG5FE36TWNYseYMDLfRJU6EZ6MUrDNtJ1ZC1iYMaVcZDEKaII7UG_lSe3fwkvw9JYcdBBakQIWFNZuQkWVlkDkPxdXH6gNUV9b9kDc1HC7K2AXV7xvvbI0Dw1thVf7aP5pBzkFQBYQ71mKCMxVSNDRH1r42xQ7zRxF5CW7cDiFTUE4dusef5d5RVF8Y0xpYWLu6Xcau5a5InEtnpoMInepEH4Wvv2jr0_IPBbFCq7EtP1LSPcvtPeuMqc5DIpP0tyanESIPbCpA1d5lfHOP7CcCr0b5JZDm1Qhajl6g6T-7WUN0IZsy04MT4rxj4kZNuEL1VSpgNjwySRxE6TfvjUVT_mpaUKQ5nTDhxRQ4ninth84ygHaa2Z1Mg-Rmgu8QwaHlNWlfjryfcstUhnY3k-mvKGnwXUVoz-seVBbMaYwdGcfg1gN1_3h74geYJQ7tXeC77WKa6JiMLUUApQ5PpAsO4aQuovjlfPNYpDgg97r0CwFpxLwcHMipjYqIhvTz13Nn9Wm3RUYkB79rmERGjf6LmZiBVTl-NKa3gv4nwyXtacJxL8hh7fElEBDW_NPvqYVBF25Rbp_XQH58w8Lxp550zIKKPYP3v_jGUzroZeTy66D5CzTlOgNRcZdVWeQOPgbGg7ZXGkcXT0UPiLGMos0sEGyzr9pCASroYP0tvcJSrfDN-qzoxX3keX-30wW0wosnWnklvTOqmfK40pCurd_IROqJOMIRMm60z4a4nl2knXzRhFTC0kjiknLSzdCjF-2Y0WlLl0BWEQZ4nbgOHqqUy7hH11uFo6UDCc_Hzw28FiYOrY909GQz0XmjyMC2PEfyXfpdiaNArX9bHgaNn5NZpBd5MLHhSf1_toHUBc0HEHl8bFvT-aXgXT2WOyXbIxQiOcSspjdgp4UtFKWE1LcLHyKVJCFMemoNy6do675kGVdlGJSvF0Jp-pkBOjYWNGTAf5oSq9iRdf27f7UikJzas41cIwSDPQG5Q53eadKV3F23GaM9CHvgGjNp2SmvcZYBuHy_KVYKt29plw0ER8_57pElihbzAOc&sai=AMfl-YSHJFFt5iP98EPpDenvvuz-d88mrCOtNWRJDdRIUXdrIQhktGbFIgmhH1v2NXvpaGPBFH4e14k1alriJpF_7_3vI8XWUkW5kCWQ1Tt61wozrHgGFYrURsK5UBmHAnloVMYHpS7Dif50tghqqZLz0D6SqKRYDHrM5tSrw1Mr96ZkSeiw7yXdfTejui2bV5CF6JQfvfyE1mfdQ_Vit4Cs2k-ahFhejh5BEKez3wOIntU0x6K2fXo7CB_4MPsZKumQTij1&sig=Cg0ArKJSzP2e0pG4NC89EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=599&cbvp=1&cstd=588&cisv=r20230531.19851&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 02 Jun 2023 21:14:33 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 02 Jun 2023 21:14:33 GMT

POST
H/1.1 200
OK postback Show response
s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/ Frame 0874 0
145 B 36ms
36ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/postback?dt=9484611597092707615000&sr=GOOGLE_CONTENTNETWORK&pi=XRzobPsLhV&pd=avt&di=https%3A%2F%2Fye-mek.net&ap=&to=3&pp=ye-mek.net&ti=&md=1&dm=728x90&gt=DE&ci=948461&ui=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&de=2&si=&ac=Xmwo1n97Q8&sid=AgmeqBgCEANq42aS&oz_sc=f9564083f49e78ef1b5f5ed7&oz_df=1685740473347&oz_l=5530&cv=3
Requested by: Host: s.h.w55c.net
URL: https://s.h.w55c.net/2/2.94.1/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Jun 2023 21:14:32 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 9F87 680 B
714 B 453ms
27ms Script
text/javascript 130.211.44.5

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_308406838340&jsTagObjCallback=__tagObject_callback_308406838340&num=6&ctx=15911784&cmp=203336&plc=7322077&sid=18330&advid=&adsrv=&unit=970x250&isdvvid=&uid=308406838340&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.40&dvpx_strhd=0.40&brid=3&brver=114&bridua=3&dup=null&srcurlD=1&ssl=1&refD=2&htmlmsging=1&tstype=128&aUrlD=1&m1=13&noc=4&fcifrms=1&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA4%3D%402%3C%5D3%3D%403%5D4%40C6%5DH%3A%3F5%40HD%5D%3F6ETar9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETar9EEADTbpTauTauggd_5h4eha726a47aff3b%60b2_d%60d2fea%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETau&dvp_exetime=14.80&callbackName=__verify_callback_308406838340
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34a5c600bd9dd190078ef84a4bc7fa8359e9ee9e49874fe34a1dc71e6562aa4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:33 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 06/01/2023 21:14:33

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6606 43 B
215 B 600ms
172ms Image
image/gif 2600:1f13:800:7781:4b1:18cc:611a:9549

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=d604d47b-b5b4-9944-fcef-13e23fdf4371&tv=%7Bc:epWLsy,pingTime:-2,time:267,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:784,beZ:786,mfA:789,cmA:792,inA:792,inZ:798,prA:798,prZ:843,si:850,poA:852,poZ:882,cmZ:882,mfZ:882,loA:976,loZ:980,ltA:1051,ltZ:1051%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:65%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:268,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:65,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B258~0%5D,as:%5B258~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tG3NenF+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C116231%7C11624%7C1171%7C1172%7C1173%7C1174%7C1181%7C1182%7C1191%7C11a1%7C11a2%7C11b1%7C11c*.1352960-70224255%7C11c1,idMap:11c*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:67,sinceFw:199,readyFired:false%7D&br=c
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:4b1:18cc:611a:9549 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: nginx
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame C5A1
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESED5w6B117jHCGvNxMGgWcxE&google_cver=1&google_push=ATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4V&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESED5w6B117jHCGvNxMGgWcxE&google_cver=1&google_push=ATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4...

43 B
449 B

200ms
183ms

Image
image/gif

2606:4700::6812:19ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESED5w6B117jHCGvNxMGgWcxE&google_cver=1&google_push=ATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4V&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4V%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Server: 2606:4700::6812:19ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7d12b4e9796630c3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 167
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESED5w6B117jHCGvNxMGgWcxE&google_cver=1&google_push=ATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4V&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNbb97vgPpNkn60fBkCXLOJG7Xg8iUFbeIUKLLjB6OMraaPcnehP0j57kD3m-SECmPCoFJc2p9hleJiaINSI_uyhdCXzu4V%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7d12b4e7efc630c3-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C5A1
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGOrvYQ1wlvWn_-9lNcERx1Uo0k__RicSjUdRntezRJhEOQChPF0SJ36Mz9EBs0Yxa8BVejM_JcR...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGOrvYQ1wlvWn_-9lNcERx1Uo0k__RicSjUdRntezRJhEOQChPF0SJ36Mz9EBs0Yxa8BVej...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjAxNTIxMjQ1NzA4NTQwNDM0OA&google_push=ATf1kGOrvYQ1wlvWn_-9lNcERx1Uo0k__RicSjUdRntezRJhEOQChPF0SJ36Mz9EBs0Yxa8BVejM_J...

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjAxNTIxMjQ1NzA4NTQwNDM0OA&google_push=ATf1kGOrvYQ1wlvWn_-9lNcERx1Uo0k__RicSjUdRntezRJhEOQChPF0SJ36Mz9EBs0Yxa8BVejM_JcRDR3lMChuKkUjiS7lWmvN

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjAxNTIxMjQ1NzA4NTQwNDM0OA&google_push=ATf1kGOrvYQ1wlvWn_-9lNcERx1Uo0k__RicSjUdRntezRJhEOQChPF0SJ36Mz9EBs0Yxa8BVejM_JcRDR3lMChuKkUjiS7lWmvN
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C5A1
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKpxRCF61XE1xALtlhfZEwQ&google_cver=1&google_push=ATf1kGNapX10xp9uGkIzt53EK6zPma3ywZ72eOq00amBEdmRQqXkKrmenjRZvHYzceNwr4ukjkkQ5bC_hCtD...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNapX10xp9uGkIzt53EK6zPma3ywZ72eOq00amBEdmRQqXkKrmenjRZvHYzceNwr4ukjkkQ5bC_hCtDoLBCZmoZvI60jqw

170 B
188 B

19ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNapX10xp9uGkIzt53EK6zPma3ywZ72eOq00amBEdmRQqXkKrmenjRZvHYzceNwr4ukjkkQ5bC_hCtDoLBCZmoZvI60jqw

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNapX10xp9uGkIzt53EK6zPma3ywZ72eOq00amBEdmRQqXkKrmenjRZvHYzceNwr4ukjkkQ5bC_hCtDoLBCZmoZvI60jqw
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C5A1
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEF-_qX3iSw2fQLyQ1X5v6gw&google_cver=1&google_push=ATf1kGNWoFecpW9ZHIObqXcodyzA4-TSirN8JhSF8L1kelTu6XUNXOGAUh_wDM-KM1BqkwkJsvtClgu_QlJTEQ6UDdg3Eo...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEF-_qX3iSw2fQLyQ1X5v6gw&google_cver=1&google_push=ATf1kGNWoFecpW9ZHIObqXcodyzA4-TSirN8JhSF8L1kelTu6XUNXOGAUh_wDM-KM1BqkwkJsvtClgu_QlJTEQ6U...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=mQeaxo66QUOw3uUqw9YuOw&google_push=ATf1kGNWoFecpW9ZHIObqXcodyzA4-TSirN8JhSF8L1kelTu6XUNXOGAUh_wDM-KM1BqkwkJsvtClgu_QlJTEQ6...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=mQeaxo66QUOw3uUqw9YuOw&google_push=ATf1kGNWoFecpW9ZHIObqXcodyzA4-TSirN8JhSF8L1kelTu6XUNXOGAUh_wDM-KM1BqkwkJsvtClgu_QlJTEQ6UDdg3EoY14QPk

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=mQeaxo66QUOw3uUqw9YuOw&google_push=ATf1kGNWoFecpW9ZHIObqXcodyzA4-TSirN8JhSF8L1kelTu6XUNXOGAUh_wDM-KM1BqkwkJsvtClgu_QlJTEQ6UDdg3EoY14QPk
access-control-allow-origin: *
date: Fri, 02 Jun 2023 21:14:33 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame C5A1 0
45 B 428ms
24ms Image
text/plain 185.86.139.104

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEAs73KvFgHNei9eiTE817Lg&google_cver=1&google_push=ATf1kGPQSLNZnOwdrTwKV_zf9pswWGrsNrsoPq8bH44unmpVj0ePCkRa0QItR6pp-vjsePRupo9ZrBghwcu7twO4DnzQn2ojwYLp
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.104 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C5A1
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPom6HHYWLd4...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPom6HHYWLd4K-3RYI6fTaQlLhr7s...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPom6HHYWLd4K-3RYI6fTaQlLhr7sHT4KsLJ1DZQsSKo4f0MRYTEHSiYg_0g_oL7lC-VywMemyjpn9NDHESzJzMDxUj32btIA

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 02 Jun 2023 21:14:33 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8c399bb0-a1fd-4c71-8bda-d5a7cab1cbc1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPom6HHYWLd4K-3RYI6fTaQlLhr7sHT4KsLJ1DZQsSKo4f0MRYTEHSiYg_0g_oL7lC-VywMemyjpn9NDHESzJzMDxUj32btIA
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C5A1
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESECsyeX6EB...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESECs...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=99ccb4b7-b8cf-40e8-9384-5dd37440ba80&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=99ccb4b7-b8cf-40e8-9384-5dd37440ba80&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=99ccb4b7-b8cf-40e8-9384-5dd37440ba80&%%GOOGLE_PUSH_PAIR%%
date: Fri, 02 Jun 2023 21:14:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C5A1 0
12 B 20ms
17ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LqCtXG7_7Y87O7nJlEnaI_k13CV2TfPAyP3cILy42R8jsBDdvCWB7VN9ZbttdVT048VGTywWI

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 438F 118 KB
40 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50147
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 07:18:46 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 48FB
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aWl6dlZZVGQxUTVjNnM1&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGPKf3M8ZOt5UhGkvOLGK_VpCdxT2QoL5TbuMr7_nSx...

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aWl6dlZZVGQxUTVjNnM1&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGPKf3M8ZOt5UhGkvOLGK_VpCdxT2QoL5TbuMr7_nSxNCqKinYJMU7Wtw1t2H8cS-WnzsditD6R-PmMfslz9M2M3g89WCEY

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:33 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-777-g304ac51#rel-ec2-master i-0943143fd00beb9c6@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aWl6dlZZVGQxUTVjNnM1&google_gid=CAESEM704ECpB3-yhFAcpajjktA&google_cver=1&google_push=ATf1kGPKf3M8ZOt5UhGkvOLGK_VpCdxT2QoL5TbuMr7_nSxNCqKinYJMU7Wtw1t2H8cS-WnzsditD6R-PmMfslz9M2M3g89WCEY
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 48FB
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGPFg03vCPbqX2PMZCb9MAF5TD_gfoSDODnhvMqW2GDYQeMCmiwpCTHC8cGLDCq3p30V3tVKVbPy...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGPFg03vCPbqX2PMZCb9MAF5TD_gfoSDODnhvMqW2GDYQeMCmiwpCTHC8cGLDCq3p30V3tV...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDk1MDEyODg4MTA4NjE1MTIzMg&google_push=ATf1kGPFg03vCPbqX2PMZCb9MAF5TD_gfoSDODnhvMqW2GDYQeMCmiwpCTHC8cGLDCq3p30V3tVKVb...

170 B
188 B

21ms
21ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDk1MDEyODg4MTA4NjE1MTIzMg&google_push=ATf1kGPFg03vCPbqX2PMZCb9MAF5TD_gfoSDODnhvMqW2GDYQeMCmiwpCTHC8cGLDCq3p30V3tVKVbPyb1ss7yGH8JhPk0nAxiE

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDk1MDEyODg4MTA4NjE1MTIzMg&google_push=ATf1kGPFg03vCPbqX2PMZCb9MAF5TD_gfoSDODnhvMqW2GDYQeMCmiwpCTHC8cGLDCq3p30V3tVKVbPyb1ss7yGH8JhPk0nAxiE
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 48FB
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vO3xXynvRA2O7rHqzTPeHw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vO3xXynvRA2O7rHqzTPeHw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGO2Whn1ft1C9SR2_0dqfT3yIFzcJjXWm0dUfCVof2gccma1TJkQAWMY_SqPDY5CVAKgPEXjk39gRiiWC2jpeJzU9b6AFo4

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vO3xXynvRA2O7rHqzTPeHw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGO2Whn1ft1C9SR2_0dqfT3yIFzcJjXWm0dUfCVof2gccma1TJkQAWMY_SqPDY5CVAKgPEXjk39gRiiWC2jpeJzU9b6AFo4
date: Fri, 02 Jun 2023 21:14:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 48FB
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJ8Mi-kTzaOj3ahXAOzDLoE&google_cver=1&google_push=ATf1kGNtqwfJeKoCUJy0wUCvY4YAb8KQTAnwtP1RfDjektCjnWvNfqibdjrZseigUjJF4xy3M_x...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElGMkNPNk0tMjgtNFQ4NQ==&google_push=ATf1kGNtqwfJeKoCUJy0wUCvY4YAb8KQTAnwtP1RfDjektCjnWvNfqibdjrZseigUjJF4xy3M_xEcJ95fmCh1Vmj7wpesVq2pg

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElGMkNPNk0tMjgtNFQ4NQ==&google_push=ATf1kGNtqwfJeKoCUJy0wUCvY4YAb8KQTAnwtP1RfDjektCjnWvNfqibdjrZseigUjJF4xy3M_xEcJ95fmCh1Vmj7wpesVq2pg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElGMkNPNk0tMjgtNFQ4NQ==&google_push=ATf1kGNtqwfJeKoCUJy0wUCvY4YAb8KQTAnwtP1RfDjektCjnWvNfqibdjrZseigUjJF4xy3M_xEcJ95fmCh1Vmj7wpesVq2pg
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 48FB
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAAFKMAAAAB&google_nid=index&google_push=ATf1kGPF2Zf8uuIJmLvrVf-w88TK2aG9MDxCN...

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAAFKMAAAAB&google_nid=index&google_push=ATf1kGPF2Zf8uuIJmLvrVf-w88TK2aG9MDxCNPKEg8ucfkDL8E4i-jGswaMKtpyMFCouKw7b-mo2yDkCp1b8YSa6zlmC8dsLbIU

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:33 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAAFKMAAAAB&google_nid=index&google_push=ATf1kGPF2Zf8uuIJmLvrVf-w88TK2aG9MDxCNPKEg8ucfkDL8E4i-jGswaMKtpyMFCouKw7b-mo2yDkCp1b8YSa6zlmC8dsLbIU
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2

200

report
sync.teads.tv/um/ Frame 48FB
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENp_adFgDZ20uK7uAqWJuY4&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGMNt0riUtQEZOq9u9zzGKIdSJRc42zWg_cjBzWn1kAPE03cwF-xG3jMeH7oy82I_zGX5VtwdzNXEKPA3gts9MZdFreToxc
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

51ms
51ms

Image
image/gif

104.111.217.42

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Server: 104.111.217.42 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

expires: Fri, 02 Jun 2023 21:14:33 GMT
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 48FB
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGOxzMEEXeaqn...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGOxzMEEXeaqnn7OW6mhw9gIP6Zo99...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGOxzMEEXeaqnn7OW6mhw9gIP6Zo99kW4Y9mFh6-JJ9mPxftZbmnMWmwUlr3Fn7ob4HrQnbCYyQzPZZF-na_kzN5GbXHQDPt

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 02 Jun 2023 21:14:33 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 158483bb-baba-47a0-8800-c9c4518f06b3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGOxzMEEXeaqnn7OW6mhw9gIP6Zo99kW4Y9mFh6-JJ9mPxftZbmnMWmwUlr3Fn7ob4HrQnbCYyQzPZZF-na_kzN5GbXHQDPt
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 48FB 0
12 B 20ms
18ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KnlkmDyFJHgpIPJDpFoMXzNg7baIOdbG2SDEYZ-xbbFAceZAJdWbpHo26rGLjo-sND--KZQ5k

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame DE03 70 B
264 B 35ms
31ms Image
image/gif 3.33.220.150

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFDperUaU-4k-kn0dEFgkSo&google_cver=1&google_push=ATf1kGPReO0ZEpws_9qbX-c6EOOk9cOyZm6xeKn1CQstJ92HZ5zCvpUfCj858z6g0KM_dPg1PoJH3virTO6oDzCKW6zYxckjgf7r
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame DE03 0
187 B 80ms
12ms Image
text/plain 98.98.134.243

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEBhbFdXkHrK6RPFopA09eXk&google_cver=1&google_push=ATf1kGMIn-s9tWXybr1r03pGzHr-gCrUjQzv0DQOTFb_GA08l2cj05FPdbknrbudPGf5PAJ_uC7Ywu1EGiScT4LJRguKMMDKYJSY
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.243 -, , ASN (),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DE03
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAAFKMAAAAB&google_nid=index&google_push=ATf1kGM1XSeee6eZoVUdH3p40fgZG1d52HmVy...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAAFKMAAAAB&google_nid=index&google_push=ATf1kGM1XSeee6eZoVUdH3p40fgZG1d52HmVy4tAU_DAt4STnoLxJipzgOYKkOh9fmYCT7X_qqFl1foQlrPH3xLt47E-EDer6KA

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:33 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPxLpBO1PwkErVdJOQDa-wg&google_hm=ZHpbuKDTtt2bHKdRyqb3YQAAFKMAAAAB&google_nid=index&google_push=ATf1kGM1XSeee6eZoVUdH3p40fgZG1d52HmVy4tAU_DAt4STnoLxJipzgOYKkOh9fmYCT7X_qqFl1foQlrPH3xLt47E-EDer6KA
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DE03
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEAh7LQE7x8skzH6-0NkAB9k&google_cver=1&google_push=ATf1kGPhub388YLXKSzIvYlt91uHth66PMYL-0JW-DD-ZktySLSYbnU5SzwNx0o2-8nWLD8vUJfDbNPTmTSFksHh...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPhub388YLXKSzIvYlt91uHth66PMYL-0JW-DD-ZktySLSYbnU5SzwNx0o2-8nWLD8vUJfDbNPTmTSFksHhxSFiOrJUW-Y

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPhub388YLXKSzIvYlt91uHth66PMYL-0JW-DD-ZktySLSYbnU5SzwNx0o2-8nWLD8vUJfDbNPTmTSFksHhxSFiOrJUW-Y

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 02 Jun 2023 21:14:33 GMT
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA6-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPhub388YLXKSzIvYlt91uHth66PMYL-0JW-DD-ZktySLSYbnU5SzwNx0o2-8nWLD8vUJfDbNPTmTSFksHhxSFiOrJUW-Y
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: bWcT8c8GBjJpmtA0nzFHj5sso5nH5our35gAfZRfvNki3KLOVkDOtw==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DE03
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKpxRCF61XE1xALtlhfZEwQ&google_cver=1&google_push=ATf1kGPaaIp1AWLiS_hhy0Fo05_h0wXTCVQkCS9A0dlbzZVcOpPNsTAg6erDxfNNUe0PVVMpKFUoznJxhJDg...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPaaIp1AWLiS_hhy0Fo05_h0wXTCVQkCS9A0dlbzZVcOpPNsTAg6erDxfNNUe0PVVMpKFUoznJxhJDglbdPboRpSM9lsok

170 B
188 B

21ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPaaIp1AWLiS_hhy0Fo05_h0wXTCVQkCS9A0dlbzZVcOpPNsTAg6erDxfNNUe0PVVMpKFUoznJxhJDglbdPboRpSM9lsok

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPaaIp1AWLiS_hhy0Fo05_h0wXTCVQkCS9A0dlbzZVcOpPNsTAg6erDxfNNUe0PVVMpKFUoznJxhJDglbdPboRpSM9lsok
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DE03
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEF-_qX3iSw2fQLyQ1X5v6gw&google_cver=1&google_push=ATf1kGMJWKiW7j-IOi3ZUWNPp3uHPup1SPAsR8LiZD2Lmxd_mfBLX9zVv7jmaQ2tgH2LXduU71R98Ri_fwdUuj88rAEfwI...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEF-_qX3iSw2fQLyQ1X5v6gw&google_cver=1&google_push=ATf1kGMJWKiW7j-IOi3ZUWNPp3uHPup1SPAsR8LiZD2Lmxd_mfBLX9zVv7jmaQ2tgH2LXduU71R98Ri_fwdUuj88...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=mQeaxo66QUOw3uUqw9YuOw&google_push=ATf1kGMJWKiW7j-IOi3ZUWNPp3uHPup1SPAsR8LiZD2Lmxd_mfBLX9zVv7jmaQ2tgH2LXduU71R98Ri_fwdUuj8...

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=mQeaxo66QUOw3uUqw9YuOw&google_push=ATf1kGMJWKiW7j-IOi3ZUWNPp3uHPup1SPAsR8LiZD2Lmxd_mfBLX9zVv7jmaQ2tgH2LXduU71R98Ri_fwdUuj88rAEfwI3J8fGh

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=mQeaxo66QUOw3uUqw9YuOw&google_push=ATf1kGMJWKiW7j-IOi3ZUWNPp3uHPup1SPAsR8LiZD2Lmxd_mfBLX9zVv7jmaQ2tgH2LXduU71R98Ri_fwdUuj88rAEfwI3J8fGh
access-control-allow-origin: *
date: Fri, 02 Jun 2023 21:14:33 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DE03
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESENHi5nEiaeniP0uzXAuWnkk&google_cver=1&google_push=ATf1kGNRfc0y7C7qSwqCAwN7EtJEaUdKDraGSb3CTNdQj1ExNvjenU6KHq6DzhUb0YYw-LNWJxB4ZUMalU9gLtnUQ2PgF1cqsrWo
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGNRfc0y7C7qSwqCAwN7EtJEaUdKDraGSb3CTNdQj1ExNvjenU6KHq6DzhUb0YYw-LNWJxB4ZUMalU9gLtnUQ2PgF1cqsrW...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY5NDI1MjE2NDE4NzcxNDc2NTEwMQ%3D%3D&google_push=ATf1kGNRfc0y7C7qSwqCAwN7EtJEaUdKDraGSb3CTNdQj1ExNvjenU6K...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY5NDI1MjE2NDE4NzcxNDc2NTEwMQ%3D%3D&google_push=ATf1kGNRfc0y7C7qSwqCAwN7EtJEaUdKDraGSb3CTNdQj1ExNvjenU6KHq6DzhUb0YYw-LNWJxB4ZUMalU9gLtnUQ2PgF1cqsrWo

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY5NDI1MjE2NDE4NzcxNDc2NTEwMQ%3D%3D&google_push=ATf1kGNRfc0y7C7qSwqCAwN7EtJEaUdKDraGSb3CTNdQj1ExNvjenU6KHq6DzhUb0YYw-LNWJxB4ZUMalU9gLtnUQ2PgF1cqsrWo
date: Fri, 02 Jun 2023 21:14:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DE03 0
12 B 18ms
16ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kem92u2miCgwS56JMSubsgcOE3dAMiqCbLygxc2BNC2IgS1h7PD1DNhpEEfJc5ja8zNX5l

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0381 13 KB
5 KB 9ms
6ms Document
text/html 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 23408
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 14:44:25 GMT
expires: Sat, 01 Jun 2024 14:44:25 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9564 783 B
535 B 22ms
18ms Document
text/html 2a00:1450:4001:827::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

GSE /

Resource Hash

384a137940b8de9de3f1a089bed8f94f2ef1b129a14cdd4d616b341e97fb4c3f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LlR34zNqhosZniIbXeJGwA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-LlR34zNqhosZniIbXeJGwA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:33 GMT
expires: Fri, 02 Jun 2023 21:14:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 42AF 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 176851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 31 May 2023 20:07:02 GMT
expires: Thu, 30 May 2024 20:07:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 48AF 0
209 B 46ms
45ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1685740470631&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 8DFD 37 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d36d6d3206e659da626f7f2a51fb78d2fdd8df03852bbc5c0ca4ee8fde52316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 12:29:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31513
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14684
x-xss-protection: 0
last-modified: Tue, 30 May 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jun 2024 12:29:20 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F8D9 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=77&version=unknown&sample=0.01

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F70A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

23ms
22ms

Document
text/html

2a00:1450:4001:830::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:33 GMT
expires: Fri, 02 Jun 2023 21:14:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:33 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9355 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d36d6d3206e659da626f7f2a51fb78d2fdd8df03852bbc5c0ca4ee8fde52316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 12:29:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31513
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14684
x-xss-protection: 0
last-modified: Tue, 30 May 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jun 2024 12:29:20 GMT

GET
H3 200 021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 3AF6 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d36d6d3206e659da626f7f2a51fb78d2fdd8df03852bbc5c0ca4ee8fde52316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 12:29:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31513
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14684
x-xss-protection: 0
last-modified: Tue, 30 May 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jun 2024 12:29:20 GMT

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 6ACC 366 B
298 B 12ms
8ms Image
image/svg+xml 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Sat, 27 May 2023 09:38:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 560155
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 269
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 May 2024 09:38:38 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 6ACC 23 KB
23 KB 12ms
8ms Font
font/woff 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 10:47:49 GMT
x-content-type-options: nosniff
age: 37604
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jun 2024 10:47:49 GMT

GET
H3 200 021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 1244 37 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d36d6d3206e659da626f7f2a51fb78d2fdd8df03852bbc5c0ca4ee8fde52316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 12:29:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31513
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14684
x-xss-protection: 0
last-modified: Tue, 30 May 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jun 2024 12:29:20 GMT

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 438F 366 B
298 B 7ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Sat, 27 May 2023 09:38:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 560155
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 269
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 May 2024 09:38:38 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 438F 23 KB
23 KB 8ms
8ms Font
font/woff 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 10:47:49 GMT
x-content-type-options: nosniff
age: 37604
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jun 2024 10:47:49 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7B5C 0
0 47ms
45ms Fetch
image/gif 142.250.186.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss-RwuT3I5x8BU0yjRvjvu2o865Y2MlnfaJcrmPNB4DYGOzvXmnenKaRBcJ2cBzJXcSv9rfN23cfpncKs8-IFFUG9ZCGfKbCWrmGCUvrFOzDM1F-aDjY2oNJgutXtmgHUT2ain7luhGUBdlbmjV4sIcBercc4S7jdo4qETcwL21OvbbXEUnmsZuNzEi_jgY2xP61ZsPESEhbikpjndCYB0hDjSm-e_FIQoiTC-JDX8fhcCiXjhDR3kezK0oMbx0c_NWeIHhz_cEy6RovpybgQ_ypXQYkI-uqMB0Om1CAD7KPP7VEhjMIN_83kfseEj32G9PTeR1zTAlY88OtBOsSydXhMn4Y50Aq9DuxSguJIUdBWibQKv4Wwx4zMFQJaH-YOijE-qVt3eDHgONH6280Lojzf_Kg6JCMqQ7gUvsxwXLpTLLekcFD-t7wAoi2BNYmh6a4y7_TKtEna33DvWuWR_3YZ8XUnibaP8g9k0GP1ps1g62e2QJtoIFUJEaqnojbhnY7CfIY7TAJ_2W_6_lFqoHhUckT6tRbF6Sq1MuoQjFIh8UQgYevJOZtNCglj8AT9ckPFQg0cgK1l8f71JzFpXZx2YjdNBht3jI2wNF4Tv7RQ4G_fMIbETs8ppxeiTrEvQBJLCarDjvsI3E-cKLTq1PnWSbJ1935rApoqMpasoD20_x_9bZFcGkB7y6YJyk8uJVQpmrsNkL3XfUXDDWthNvvFfMMhTQZQfKIYN7MB49nmzCirNSH6zoatF8MNyLZIInm6E0S3seNfqkPTEZjlY0t9m4dnWqsXakc3wfTft1MhvHRMMwJVslcn01NNxF3HkDjvURVHy9qenGoun7aDtvHoXNV2efwviTBy2wSnw61DtE0FhbRqMq4NLKR12ryN1Moi6-Ipgir6tU9K4GmyO-Rtgoypv5tFwtl9zve6i5E1TAfYHBLtcjmtC316yh2hWcTLhyEdm0knOX38SV4V9ZxuOwjC01Hwijy46TdiQP9rVccjbdJtUFuxummDl9krajv3bvkRmD3u69VAAJjP9YNJoIj7vmyhkls3fsGGcNZHOcc__S7j4OKp_xoRAqU6PqE_hWHOKIMsvv91bbPq64vQ-eab3YvubFWFpXfy0UExxhJz1tnrNNCtFa7wG6CfdXTa0VYxOMfsiZGfC9Y-Kw8bSxZWy8FxQCfBiSgfQQqHrSjvA2YUuWZuOtCvz6ICd87DwwpZD6cWj1mIIJCvihuBqOIomuRsB7Rt3UdHCD6CpN5n1NbhjpkgorEBcXblFZx2xZiGPUs-5IJuGrTtY6iHe2U4nUm6QN0OR0aEbbCc6EKrVs3V73Atlk8UCEeT33qc1GzVPx&sai=AMfl-YSbvzo28RHvgjqP6sSC9nDmxDb_Sz-5_RkA7HQFJBBP0sQSaTf3XXq7OlX_bT7inmDAO5KHaqESTnr10XcXZq60QG8A0woxs7_uUr-4bBrTDoOLne8ZIbZBkrTZ290_wbholNssxhN7Zmd1CDNXJkAwP2PrEUncdODrhCO3-mUSzcBzm3PzuU7gZHQIYYlOtWJKfUncf6xRduZ9-zxcVDIS64Rsx5d1wKqV1NbJmh5amAgNQmJ0n9M9VXE3g3Gvkdza&sig=Cg0ArKJSzLhIKZzsUCPaEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1041&vt=11&dtpt=756&dett=3&cstd=276&cisv=r20230531.92396&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 02 Jun 2023 21:14:33 GMT

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 6606 170 KB
59 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Origin: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50147
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 07:18:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/elements/html/ Frame 6606 11 KB
4 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1352960/70224255/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DWwPfUgMeWgpUm80xJfeqCuqUhdyjwPrxnDlbhslAc76FEeWGhIqorI4IPMdkp0rbt2cze9HdZTi1IbJ_WJ4MtNcNbzPMC-HLk3FSYlEXWmO1XDt2HMKEOGdOebBZ1DkpvjKfYeEH2oqkInYWqK10uKrSeGyrwuMecOkr9udNOwAxjWKoS2RQAoCZ_4G5SClNukvCP3FOcxiTD5wi4RL7Nm2enXWJJme7ESZCJP9FM0B1SU4V8zM78HgPKipsLtqbBlLuB3w3nv5vYZcZkhrGNvZYMEaeEuWYzs9gz4_nVKwUlc4tvDJZGAiA3KxRfhSDUA8CeST9khdwxPQNwMXDUy3dojIQJmTTs2GXVCx3OCiXMiI4AyMEE8S1K2YlcQNwteldVXexFG6NcmZfzVe-lIzY1FxnS7AqSC_l7f3eQ0x3ujyAoyULz13vMyk-oeIT92K7BC9smY6kB8KuWKDJzyjOHew6qn79w1iljiFOHhYV7ixGrTd6bl0pexcUuutSSb-5nYvRkHHYoY1WKgKbRvbg_UhdW_GB3R5X4XTmLAwmQFWShv22hCms6Rm5IK9QZtpMxynCfdpuKEoBYFVIZcyCVVwSEdqFnMceDCyPs9lpRuhYNoJvfnFgcLo-58UQFAc6ek3KOnSGkf4pbp9CxAM_jizBi-ZJ_NNBJILLgSvVajADmovGhGxyxh_Pgg8lrqxBfRwewU4z1jZP5oQ3aQ_Dyyu_TrjeHHWtC5rfwjjr0mrO6ryBqQ0ap_2JaQ_lO7dpYsuFowG0S4GBG7UWtJGTcs7lklTxhqGyM4sXh4POUoXAmjEP5Z0F0wPaBN0oGsZjDdWE1pJyJ0SumGQ43o0FVD_DRgep0sWmgiyTFP3mXQDf3Y9qCXVzG7RIx6Q8HRwVvq_nQKjKy6Pg3HFgUBiN-cRIqq9-8PNMrLtA9Mlo9jxQ9JOsUzPoB3S71B8zWxBEAE7apq12a3wYryFDSzgMxJ0QwISR4t-oiOlMgIez2W7p9q-G5xaTtno1E33PCAIkqvvehAEr3VRMnTwgdyvr_j1PICbwf-Llip7erFawdaNUiUrKlqLTsxL-LXI_gCL1tBGhsjxBsp9AJNhM9e4h5UU-7e_7v-q6V2OyR0Tv9jXzuKxm_Hv0y_b9f3TdKAtWiVxwfqIZmPqxvKzCS8NuYsUCNEbec9NVEt67C_CabTg5mjxr_csxSnJ1Rb4dmnJqHdqkEPJwj2gX7D9yESJYfm7mcXfsW6ggkJ36ICkV4BX4TlHYItVG6kJQgxo23GdXXo6NI2Ffq4by8jIhLsUY-vdwxmQLdfk0dIKiwe821IaXT59UmzYBj6gl8TZYptwmvfb5y6MC3CgJ6PjTJmWSoG1RXCYlJx23OCVcDeOcxvCitFtanOTGyb9g6BIRamNdJYmu1RqwWzX8q0jskn33JkdM3hBipe4CHqFJvmXH5mPW6IeBPJktCcpS6bz1KwAEB19y73RGzngtD-pC_MDqFyq72NBIZeOne7T-gshJOrYZJPM-IywEPW6KQSxtCkjjRhpSOLNJhiqwlMSkX3_ipebOgq66T4Xk2WIqFx9TlKmC_DmkFIN-bFl06SDjrnSwumHH0yMPSG7bD2K39MPI2h2x4HY9gvVG9cZSYgLMuYNK6H5utq3YbgnaZslY2yEispqCD15TnfT4zyccFlycauXc-u-DkA_RHZoNbNeBSYhRarZdJuuMCdbQKS6pz4DUNqtcsD7tVaffOAxlj9H6YeTrv7PXSBlWGWDO8Ebw_LcDyftkGqmKa6X9_dGgbmD4CCHLtcDX0aVCMScpvO_sm-Nqs639EVT3C6OgJhS6OXs1To3EmPRs3GgdXNmTnTEZSUCtOW_jl5vUh8-PccWy3UUMfS2nB9FVMq01th9Ce383zoDmPFHVDkeugBSMgfPW10Ebga5yxbvzqe37jJKxu-owhT8ORK7b4dTFL8LOu93vRRob2FRgnOUFhK1Jwly3ClmIR-R1jZMLoeP-fA2hhzc4xzjyXCKOxzQl5LaL5LXBq6wO1NrZqxSHjC_l9bfqg8ix0D8LTkyQA2_88Yg78cs9Ei5OEHW1vMgHzmmCOyb1AMrjzx7l4WpSY42NHIVD3NaV3XuhFoygY_mQ0pJw4AfgOKCa2YZFLDmbORNg12LRSqHfgWajLLScZPqAJAf_hrC5AxRDDI4Tfd7bnKKqWTkH7xr2sIob6UCg-XKWKFXk0Wy0gDhk5A_A8Ps0aQHgr6IOYdSrkn_iRO4Xw3VmY2GZOXSesMRcIq9N91YNK9z3b1bfvzVkxUn_F5l36oXvJ9H2bEMRh468RNA8Ynoh_1cRKELChgMxBmBBsyjcxyPAkutGscGB121YZiR-4Ts0wEsEKGE0R93Z0iNjjl3E8szddbHILbLxPak0pB98ZmRDWKbOodhopDzp0iTnS8xj4WV_xVYmocXAei2PnQlJT7gSdVCDJT9ibKmeXl-spLg1u-orjyrAN_hg6H7NlgDkRQZoBFSKcL18fexWSrDVybB4rUD-dhe1UqD_RBxMGjLDeAC7pv7gjPQ4Lv2KwuhBV3XoND80oWr-xPnfMa1c9WiDFWwBhKxov3x78dawzOwmVfB27UE_5t8drOhSss9ybpno76sL3eNeWJhDKfb0auv5mkAEUj1bLEwmizovWxC229fqoshpkBnZ0-mHh3ilO0R0Z5lVbzLcMwmtMZxohFfCuCjkiY9yEdeRSXnQ_LKIt8Pz2fINnEBzhoZNxNY2I_6KmltFBjzau1usV0iPv_WODBjacPnCrXBMpaPcJmbki30QBUd2h_LSh0McawYbwjkWd35zv3I7ezmPLKkOletQGeN6KMKgMtpKzivtVBvdFCaD2-atLki-EzdmxnidSGr-OLx9ubwszwFaYeembPV2r-Rh8n5ZqPbgocobnE-KXeK69OOnmbFaa7yZ-gQKFUWjxmZWcGGh73iWReAzSVXf0s3DTHwMIyDPWAHroMvSaSIaOpKiucamYP_2PRPcEUMseJbXHovc3pCdRZ-OJEjHNXLk6nVpCyRsKY_dePS7Oc_K_su3S2Ndp4MKf3TSMzarLLd9wi4CqyBk5bmfsXDeTSlxwO-9-6LNXx01RB7I3yJUxtWqzFdys0b8Qrpd0BziIeyQRZHPZcXf0cSCAK3oFQBM6knCW8dHmbemqaC5KRfu2zF3Ih5AEVB1Zzvu37tMUAJPsEWTv8lT8IF0B7pxY14c-_NX1-sO40NLrI243seT3eUbDmgSQVIjr4f5KwsiS5VY2iMjxwHXBkcoZtq04VuPNXsdafwqR_LudIiRcWrnLnCKixRnFnsZO4uFXjKUpGnrquDwz2z43o2ZOtE-XfBigFDBMzIa-J3UqjN9ZmH4n6d9FuVkVYp_0qx8mOkSX2w7oxPHVGvet4MktL0sf0SXjwH1YO4jLDRvIUkvVOYhECsNG04WTjne8gZlaw_J9nBx2MT5-3PQPnQIAIGxUq40OTwVqvm1cv8P1ULYdumX0pUd-5zmM7vkNK8zkYdseN7IuntMrD2kDf-akReKf6gzrlFKxzHPjgd7sRlZER0x-n4wB31GfQMR6uhgEVG3HG0auCVjj6tw3fwgDmpIThk9leFLdmHy8sl-SGEQlafMiFuWA_1G4tkhiL0CMohhuuqZioYF2eyZdV94F2-FQiJFf_Np81_lo-AXgj3XCX1jufo16AMLZYI0aQQgEEjsAcoEIg_zp32-t3su9BSNntnsymcjsRUZ6Kd0s6F1_4oKgNXONu1Xh79aGhuLJlsVuvTGjOTyD_aWYnBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-7983651257838282&ias_chanId=1&ias_placementId=18513634021&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iyqquP0DVazRHO4Pp9QncJ&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:d604d47b-b5b4-9944-fcef-13e23fdf4371,c:epWLpi,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-597464b965-gbk5b,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:5,mot:0,app:0,maw:0,fm:tG3NenF+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C116231%7C11624%7C1171%7C1172%7C1173%7C1174%7C1181%7C1182%7C1191%7C11a1%7C11a2%7C11b1%7C11c*.1352960-70224255%7C11c1,idMap:11c*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:rjss,et:66,oid:78232ddf-018a-11ee-a1a5-8af868d1f5cc,v:19.8.416,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ae8017866a6744d35f26aa9da389e9771d40bcae3ee65df4c1b5e16e57b09fda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 14:12:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 6053914914909336730
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 14:12:27 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/ Frame 6606 29 KB
11 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a91fca903f7f2a3d051f657b5b25baed4e99b6c1e51bfee63737f73ff54f2b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 20:43:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1850
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11027
x-xss-protection: 0
server: cafe
etag: 5492578185836041520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Jun 2023 20:43:43 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9F36 0
0 47ms
46ms Fetch
image/gif 142.250.186.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu0fin9zAATtmcILFNTGsvT3dS2CcsJqnP6m0rKSiQNhiuJvobWVWc-xy2h3K_xvECWgZLXmjUPTsSecYcXWMvRJ2vb7rqmkCKVKi-H0u2qSrK1fSQ_dAOKYf0wDSN_7AqwbyvSh225BhnY65DHF60b64GYClmy-ZE-atzgXTGBRPb9OAHsor_FnTywuTguWq6wTHevUvEmV8-LUrotzBKShDQYhq1goToacPsQNxY2ibL2Dx7mxwULuyfms4VsuNEBW7_Iqx-GAcMnl8EZhTOa7sW6RY9icMmnUAmJ4kh5PcG5FE36TWNYseYMDLfRJU6EZ6MUrDNtJ1ZC1iYMaVcZDEKaII7UG_lSe3fwkvw9JYcdBBakQIWFNZuQkWVlkDkPxdXH6gNUV9b9kDc1HC7K2AXV7xvvbI0Dw1thVf7aP5pBzkFQBYQ71mKCMxVSNDRH1r42xQ7zRxF5CW7cDiFTUE4dusef5d5RVF8Y0xpYWLu6Xcau5a5InEtnpoMInepEH4Wvv2jr0_IPBbFCq7EtP1LSPcvtPeuMqc5DIpP0tyanESIPbCpA1d5lfHOP7CcCr0b5JZDm1Qhajl6g6T-7WUN0IZsy04MT4rxj4kZNuEL1VSpgNjwySRxE6TfvjUVT_mpaUKQ5nTDhxRQ4ninth84ygHaa2Z1Mg-Rmgu8QwaHlNWlfjryfcstUhnY3k-mvKGnwXUVoz-seVBbMaYwdGcfg1gN1_3h74geYJQ7tXeC77WKa6JiMLUUApQ5PpAsO4aQuovjlfPNYpDgg97r0CwFpxLwcHMipjYqIhvTz13Nn9Wm3RUYkB79rmERGjf6LmZiBVTl-NKa3gv4nwyXtacJxL8hh7fElEBDW_NPvqYVBF25Rbp_XQH58w8Lxp550zIKKPYP3v_jGUzroZeTy66D5CzTlOgNRcZdVWeQOPgbGg7ZXGkcXT0UPiLGMos0sEGyzr9pCASroYP0tvcJSrfDN-qzoxX3keX-30wW0wosnWnklvTOqmfK40pCurd_IROqJOMIRMm60z4a4nl2knXzRhFTC0kjiknLSzdCjF-2Y0WlLl0BWEQZ4nbgOHqqUy7hH11uFo6UDCc_Hzw28FiYOrY909GQz0XmjyMC2PEfyXfpdiaNArX9bHgaNn5NZpBd5MLHhSf1_toHUBc0HEHl8bFvT-aXgXT2WOyXbIxQiOcSspjdgp4UtFKWE1LcLHyKVJCFMemoNy6do675kGVdlGJSvF0Jp-pkBOjYWNGTAf5oSq9iRdf27f7UikJzas41cIwSDPQG5Q53eadKV3F23GaM9CHvgGjNp2SmvcZYBuHy_KVYKt29plw0ER8_57pElihbzAOc&sai=AMfl-YSHJFFt5iP98EPpDenvvuz-d88mrCOtNWRJDdRIUXdrIQhktGbFIgmhH1v2NXvpaGPBFH4e14k1alriJpF_7_3vI8XWUkW5kCWQ1Tt61wozrHgGFYrURsK5UBmHAnloVMYHpS7Dif50tghqqZLz0D6SqKRYDHrM5tSrw1Mr96ZkSeiw7yXdfTejui2bV5CF6JQfvfyE1mfdQ_Vit4Cs2k-ahFhejh5BEKez3wOIntU0x6K2fXo7CB_4MPsZKumQTij1&sig=Cg0ArKJSzP2e0pG4NC89EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=940&vt=11&dtpt=341&dett=3&cstd=588&cisv=r20230531.19851&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 02 Jun 2023 21:14:33 GMT

GET
H3 200 021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 42AF 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d36d6d3206e659da626f7f2a51fb78d2fdd8df03852bbc5c0ca4ee8fde52316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 12:29:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31513
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14684
x-xss-protection: 0
last-modified: Tue, 30 May 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jun 2024 12:29:20 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6ACC 7 KB
5 KB 49ms
48ms XHR
application/json 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3557f7e6c4a9d06b6e43bf7ea5f34c27cfef05122fb637dec5de90639a8f26fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5574
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9564 0
0 40ms
40ms Image
text/html 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230531&jk=1539967078957678&rc=
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CD04 1 KB
643 B 23ms
9ms Document
text/html 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 20:07:02 GMT
etag: 48472445140208031
expires: Sat, 03 Jun 2023 20:07:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6606 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5588435e3d314e29ecb6c584356560b0ad88387bcd90273afe810d2b6da2c998

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_kia.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 6ACC 1 KB
703 B 8ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/logo_kia.svg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Wed, 31 May 2023 05:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231270
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 May 2024 05:00:03 GMT

GET
H3 200 23717839_20211129030214001_bg_01.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 6ACC 19 KB
19 KB 15ms
14ms Image
image/jpeg 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211129030214001_bg_01.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a47f0577f7ea71a94a67f89e665edfa620191e7c7741d5f86416ff15d2ad93c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 13:05:28 GMT
x-content-type-options: nosniff
age: 29345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19388
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 11:02:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 13:05:28 GMT

GET
H3 200 23717839_20211129030217345_bg_02.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 6ACC 35 KB
35 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211129030217345_bg_02.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

16ba6f005e8c3ea82df564a4667777958189cc3f6cdf5831a3ea2da22c4f2280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 05:08:06 GMT
x-content-type-options: nosniff
age: 57987
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35918
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 11:02:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 05:08:06 GMT

GET
H3 200 23717839_20211129030220304_bg_03.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 6ACC 22 KB
22 KB 12ms
10ms Image
image/jpeg 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211129030220304_bg_03.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

8b5d61a246e0cf39dcd784a0ac5d4d744b7cb0b737f6672cefee63aad5b4ad5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 05:06:24 GMT
x-content-type-options: nosniff
age: 58089
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22400
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 11:02:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 05:06:24 GMT

GET
H3 200 23717839_20211129030223722_bg_04.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 6ACC 19 KB
19 KB 17ms
16ms Image
image/jpeg 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211129030223722_bg_04.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f7d5efa206046c4c93f66d4bf98992053a5c5fa126c42656d147a8427ffe6ea7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=SF6Wm8BnCS&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 08:29:37 GMT
x-content-type-options: nosniff
age: 45896
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18948
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 11:02:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 08:29:37 GMT

GET
H2 200 5ed7638be4b07a92411bbffe
ng.virgul.com/tck/i_vb2/ Frame 48AF 0
209 B 44ms
43ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed7638be4b07a92411bbffe?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1685740473948&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 48AF 0
209 B 44ms
43ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1685740473948&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 48AF 0
209 B 45ms
44ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1685740473949&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 48AF 0
209 B 44ms
44ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1685740473949&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 438F 7 KB
6 KB 49ms
49ms XHR
application/json 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3d387bb264dd5258f6f33d48d136b49616dfd399bbde3b896798c71317a4d3b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5764
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/ Frame 0874 0
145 B 32ms
32ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/postback?dt=9484611597092707615000&sr=GOOGLE_CONTENTNETWORK&pi=XRzobPsLhV&pd=avt&di=https%3A%2F%2Fye-mek.net&ap=&to=3&pp=ye-mek.net&ti=&md=1&dm=728x90&gt=DE&ci=948461&ui=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&de=2&si=&ac=Xmwo1n97Q8&sid=AgmeqBgCEANq42aS&oz_sc=f9564083f49e78ef1b5f5ed7&oz_df=1685740473823&oz_l=273&cv=3
Requested by: Host: s.h.w55c.net
URL: https://s.h.w55c.net/2/2.94.1/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Jun 2023 21:14:33 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F8D9 42 B
64 B 46ms
42ms Fetch
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsucVGXGwgDF5Zndm5tQ1EaV6FCwQ_LLvDBME-7P2or9sgNS0ie1lI3Pxm7C79RtkEe7Nb7997EpM8HCd7v7zt9thgLfiIcF-31oVZ3ioDb23o5L8w6a&sig=Cg0ArKJSzJWRcT-Oei6NEAE&id=lidar2&mcvt=1122&p=0,0,600,160&mtos=1122,1122,1122,1122,1122&tos=1122,0,0,0,0&v=20230531&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3299242717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1685740472312&rpt=452&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 0381 37 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d36d6d3206e659da626f7f2a51fb78d2fdd8df03852bbc5c0ca4ee8fde52316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 12:29:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31513
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14684
x-xss-protection: 0
last-modified: Tue, 30 May 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jun 2024 12:29:20 GMT

GET
H3 200 logo_kia.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 438F 1 KB
703 B 9ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/logo_kia.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Wed, 31 May 2023 05:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231271
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 May 2024 05:00:03 GMT

GET
H3 200 23717839_20211129030214001_bg_01.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 438F 19 KB
19 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211129030214001_bg_01.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a47f0577f7ea71a94a67f89e665edfa620191e7c7741d5f86416ff15d2ad93c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 13:05:28 GMT
x-content-type-options: nosniff
age: 29346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19388
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 11:02:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 13:05:28 GMT

GET
H3 200 23717839_20211129030217345_bg_02.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 438F 35 KB
35 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211129030217345_bg_02.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

16ba6f005e8c3ea82df564a4667777958189cc3f6cdf5831a3ea2da22c4f2280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 05:08:06 GMT
x-content-type-options: nosniff
age: 57988
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35918
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 11:02:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 05:08:06 GMT

GET
H3 200 23717839_20211129030220304_bg_03.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 438F 22 KB
22 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211129030220304_bg_03.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

8b5d61a246e0cf39dcd784a0ac5d4d744b7cb0b737f6672cefee63aad5b4ad5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 05:06:24 GMT
x-content-type-options: nosniff
age: 58090
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22400
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 11:02:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 05:06:24 GMT

GET
H3 200 23717839_20211129030223722_bg_04.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 438F 19 KB
19 KB 14ms
12ms Image
image/jpeg 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211129030223722_bg_04.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f7d5efa206046c4c93f66d4bf98992053a5c5fa126c42656d147a8427ffe6ea7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=MZJjft3I8i&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 08:29:37 GMT
x-content-type-options: nosniff
age: 45897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18948
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 11:02:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 08:29:37 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame F8D9 0
947 B 21ms
20ms Ping
text/html 37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fye-mek.net%2F&e=wqT_3QLzBcjzAgAAAwDWAAUBCLe36aMGEMme4NKIscLiFRgAKjYJFOgTeZJ00T8RVdehmpKszT8ZAAABAgzwPyFVDRIAKREk9AICMQAAAEAzM8M_MKSE2wo4pRVA5R5IZVCposslWLqcjgFgAGiztyt4qIgGgAEBigEDVVNEkgEDRVVSmAGgAaAB2ASoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAuoQ4AKTnFvqAhNodHRwczovL3llLW1lay5uZXQvgAMAiAMBkAMAmAMXoAMBqgPnAQq_AWh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2dlbl8yMDQ_aWQ9YXdiaWQmYXdiaWRfYj1BS0FtZi1DWU9JcWlyeFhJbzJfMXZIOTUzbW5fRkd4QVMxMWdyMHh3SndXTFlBX2F5eTZ6UXhOX3licGtFd3lEQTAwdDJGSjlnS1FCbkFzUExRV3JwcXh2WHRJV1psZnFKUSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMxNTY4NjcwNTI3MjQ5NzE1MDE3Igg3ODgyNzgxNyoEMzk0McADrALIAwDYA_LZOOADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAwyMTcuNjQuMTUxLjeoBACyBBAIABABGKABINgEKAAwADgCuAQAwASPpqUiyAQA2gQCCAHgBAHwBKmiyyWIBQGYBQCgBaGdrsWc1YCZGcAFAMkFAAAAAAAA8D_SBQkJAABBG3gAANgFAeAFAfAF_MtS-gUECAAQAJAGAJgGALgGAMEGCSMs8D_QBu6PAdoGFgoQCRIZAcAQABgA4AYB8gYCCACABwGIBwCYBwGgBwGqBwwxNTExMTQ1MzU5MTPIB6iIBtIHDQkADTsBOAjaBwYBcHAYAOAHAOoHAggA8AeH4wKKCAIQAJUIAACAP5gIAQ..&s=2443fecc21636838c051ed08bc1d1bb889d2818d&type=pv&jm=1003&px=122&py=150&bw=160&bh=600&sf=1&sid=7203634191132297771&vd=ct~0|rr~5&sv=233&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22463012&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/233/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:34 GMT
AN-X-Request-Uuid: 0bb8e556-7577-4dd9-a9f9-8c2fae62239c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://ye-mek.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 568D 42 B
64 B 54ms
51ms Fetch
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssPgdFdXPkgSRwKUWNPw4cztBy7Ld1opvOau-V6_coFb5VVjk6hrN59IXwpy_4OXmvV2tMlpIImuEUJTvdQUe7gePyqKnCWBMRzLQR9dUuJtkcMVPqdwypSDrrESVYFNxd6IW72kg&sai=AMfl-YQQANYMKkcHhexwEzdK6DzlBt7-wo_ePdO2ap8PQtC0gaSgwIghuDUvBhUgbQS71-Zlb5Q91EEr9TmvWdJWRalEarplhdD5Yee9-rf8kJNzFsY9Cyo9cpWI7VU&sig=Cg0ArKJSzOcr_2rGn7xHEAE&cid=CAQSOwBygQiDB5dlzyhT66Rq2upMnc29qnNtoAjz6BD1aKjOuxI7jhHKpCm7Dz7ZxWryoTpDPc5As19v6vwlGAE&id=lidar2&mcvt=1039&p=1,1,70,729&mtos=1039,1039,1039,1039,1039&tos=1039,0,0,0,0&v=20230531&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1685740472364&rpt=590&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6ACC 17 KB
6 KB 31ms
27ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 02 Jun 2023 21:14:34 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6606 43 B
215 B 174ms
173ms Image
image/gif 2600:1f13:800:7781:4b1:18cc:611a:9549

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=d604d47b-b5b4-9944-fcef-13e23fdf4371&tv=%7Bc:epWLAJ,pingTime:0,time:774,type:pf,im:%7Bpci:%7Btdr:641%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:65%7D,%7Bpiv:100,vs:i,r:,t:774%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:774,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:65,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B764~0%5D,as:%5B764~160.600%5D%7D%7D,%7Bsl:i,t:774,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~100%5D,as:%5B1~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tG3NenF+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C116231%7C11624%7C1171%7C1172%7C1173%7C1174%7C1181%7C1182%7C1191%7C11a1%7C11a2%7C11b1%7C11c*.1352960-70224255%7C11c1,idMap:11c*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:67,sis:559%7D&br=c
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:4b1:18cc:611a:9549 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: nginx
x-server-name: dt22.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 438F 17 KB
6 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 02 Jun 2023 21:14:34 GMT

POST
H/1.1 204
No Content bsevent.gif
rtbc-ew1.doubleverify.com/ Frame 9F87 0
234 B 40ms
18ms Ping
text/plain 130.211.44.5

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=bae5c03e3e7445f195746171c7a91de5&vfdur=466&cbust=1685740474055588
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Fri, 02 Jun 2023 21:14:34 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 06/01/2023 21:14:34

GET
H2 200 DV_GlobalPassback_Update_970x250.jpg
cdn.pathtosuccess.global/ Frame 9F87 115 KB
115 KB 59ms
7ms Image
image/jpeg 2600:9000:21f3:f000:19:8ca6:3640:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.pathtosuccess.global/DV_GlobalPassback_Update_970x250.jpg
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:f000:19:8ca6:3640:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1165aab0094ed2411579eeb149c033d97f73e5dcdb116f40eab65d3e82d94bcb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 19:14:44 GMT
via: 1.1 2afacc6ad96dbba3f0b477cd95f16458.cloudfront.net (CloudFront)
last-modified: Wed, 17 May 2023 17:51:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 7190
x-amz-server-side-encryption: AES256
etag: "7e480c97f9008854b4c2e336777e97f0"
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 117466
x-amz-cf-id: _QhgMqXb02_uBzZswZYQCcSusNOjtzE2mDH4e56inMfo47IXtHwTcQ==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6606 43 B
215 B 174ms
172ms Image
image/gif 2600:1f13:800:7781:4b1:18cc:611a:9549

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=d604d47b-b5b4-9944-fcef-13e23fdf4371&tv=%7Bc:epWLBQ,pingTime:-10,time:843,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS45MCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1685740474083%7C%7C242156192b285368eb93d1ecf9f51475%7C%7Ce2cb1dcbe7da8721e3ae9a3fd2b4449b%7C%7C29e1cef1b3cb97c5e6c11c78460c1b81%7C%7C2e12a6cbf76f89bb9114ffb67c31f001%7C%7Ca1c7f98052184a1b479fe92fdc18a3ec%7C%7C5f629cfd44dcad58bfed953fc6608d75%7C%7C173e92daab7adffbf23148186f933156%7C%7C1663701684%7D
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:4b1:18cc:611a:9549 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: nginx
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame CD04 0
103 B 14ms
11ms Image
text/plain 2a02:fa8:8806:12::1400

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEKJ6J-wZm3-ZJAQJdCjWpuM&google_cver=1&google_push=ATf1kGNXfY3FpkqgEufjCzdF0lWZMo6usk_xhY0cKiT3WRyjkG74pQzWJdYeTjV811ofySUr9et-5XL0ZNQLSr7AOQi3crwOm7Y
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 i.match
a.tribalfusion.com/ Frame CD04 43 B
394 B 193ms
189ms Image
image/gif 2606:4700::6812:19ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESED5w6B117jHCGvNxMGgWcxE&google_cver=1&google_push=ATf1kGPRGWmu8KNQ5gzM7j34QGXgXDFfrZKRSAH0KnBhubl3awaGXpBGG9rzuq6NCMWq44VxJxvAOH6jsSRBVaC0Lbew9Qyd3ac&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGPRGWmu8KNQ5gzM7j34QGXgXDFfrZKRSAH0KnBhubl3awaGXpBGG9rzuq6NCMWq44VxJxvAOH6jsSRBVaC0Lbew9Qyd3ac%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7d12b4eb2b1830c3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD04
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECrjoq9OxshxHB2dufZXPpc&google_cver=1&google_push=ATf1kGOu_FsTj_SZ-SwpMmi3jF1r0Ae3SK3k7VufxOJtDz4QyZ6h5AOPU03iJmazej_8IoQtfLaqRMJuz38h0mBBsYC13UEXCw
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E19FCC0AED154058BE4BB5C1C5FDC9DA&google_push=ATf1kGOu_FsTj_SZ-SwpMmi3jF1r0Ae3SK3k7VufxOJtDz4QyZ6h5AOPU03iJmazej_8IoQtfLaqRMJuz38h0mB...

170 B
188 B

19ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E19FCC0AED154058BE4BB5C1C5FDC9DA&google_push=ATf1kGOu_FsTj_SZ-SwpMmi3jF1r0Ae3SK3k7VufxOJtDz4QyZ6h5AOPU03iJmazej_8IoQtfLaqRMJuz38h0mBBsYC13UEXCw

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 02 Jun 2023 21:14:34 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E19FCC0AED154058BE4BB5C1C5FDC9DA&google_push=ATf1kGOu_FsTj_SZ-SwpMmi3jF1r0Ae3SK3k7VufxOJtDz4QyZ6h5AOPU03iJmazej_8IoQtfLaqRMJuz38h0mBBsYC13UEXCw
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 01 Jun 2023 21:14:34 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD04
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHPn87xOORv7DWnj2l2k41w&google_cver=1&google_push=ATf1kGNGjaITyGvWib4D8bjAxXjAKwcYiorQCX2Q6n1NYj_nhouNm4T52-SLbrp7xIm3LEcGW_GcjT0CFN_...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGNGjaITyGvWib4D8bjAxXjAKwcYiorQCX2Q6n1NYj_nhouNm4T52-SLbrp7xIm3LEcGW_GcjT0CFN_qGV25XwGWp5Zfu_0&google_hm=OHYtUjrMSOetfIM4pORGigc

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGNGjaITyGvWib4D8bjAxXjAKwcYiorQCX2Q6n1NYj_nhouNm4T52-SLbrp7xIm3LEcGW_GcjT0CFN_qGV25XwGWp5Zfu_0&google_hm=OHYtUjrMSOetfIM4pORGigc

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGNGjaITyGvWib4D8bjAxXjAKwcYiorQCX2Q6n1NYj_nhouNm4T52-SLbrp7xIm3LEcGW_GcjT0CFN_qGV25XwGWp5Zfu_0&google_hm=OHYtUjrMSOetfIM4pORGigc
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD04
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEEtzvU6EpdL4wQPD5vRcwI8&google_cver=1&google_push=ATf1kGM-A0Nmh60ungUQzWrX7GLgGZf-tZsDNvlSN9dt68WgIpdUHMGvVdAPslQMJS-LIJnuT3iUts0Bdo9mzZ...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0MDIwMDIwNTM3Nzc5NjI0MQ%3D%3D&google_push=ATf1kGM-A0Nmh60ungUQzWrX7GLgGZf-tZsDNvlSN9dt68WgIpdUHMGvVdAPslQMJS-LIJnuT3iUts0Bdo9mzZzOS4...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0MDIwMDIwNTM3Nzc5NjI0MQ%3D%3D&google_push=ATf1kGM-A0Nmh60ungUQzWrX7GLgGZf-tZsDNvlSN9dt68WgIpdUHMGvVdAPslQMJS-LIJnuT3iUts0Bdo9mzZzOS4rpP9TmghI

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0MDIwMDIwNTM3Nzc5NjI0MQ%3D%3D&google_push=ATf1kGM-A0Nmh60ungUQzWrX7GLgGZf-tZsDNvlSN9dt68WgIpdUHMGvVdAPslQMJS-LIJnuT3iUts0Bdo9mzZzOS4rpP9TmghI
Date: Fri, 02 Jun 2023 21:14:34 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD04
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDY3llJy5iWmO7-xM-ew0wg&google_cver=1&google_push=ATf1kGO-ns2vipcNeDM2VCr160zdtxGdrAX1hDG9rsQtMs7yaPne3pXSBPHJo03BFMDjjn-mS5zq8u21...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDk1MDEyODg4MTA4NjE1MTIzMg&google_push=ATf1kGO-ns2vipcNeDM2VCr160zdtxGdrAX1hDG9rsQtMs7yaPne3pXSBPHJo03BFMDjjn-mS5zq8u...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDk1MDEyODg4MTA4NjE1MTIzMg&google_push=ATf1kGO-ns2vipcNeDM2VCr160zdtxGdrAX1hDG9rsQtMs7yaPne3pXSBPHJo03BFMDjjn-mS5zq8u21V4cVW44FtWJZYQrPiw

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDk1MDEyODg4MTA4NjE1MTIzMg&google_push=ATf1kGO-ns2vipcNeDM2VCr160zdtxGdrAX1hDG9rsQtMs7yaPne3pXSBPHJo03BFMDjjn-mS5zq8u21V4cVW44FtWJZYQrPiw
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame CD04 43 B
245 B 53ms
14ms Image
image/gif 35.227.252.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEKnHTWx-O5Ov3hZQQTYnP30&google_cver=1&google_push=ATf1kGM-yGXuLmY0iNYfMV6QsqJaWi-Tjg7_ErjXZTVPmYh8oOeWA_HBS_VV8pAUoocP6aCK073rYZF1Ph-S_xck3IL7YvOblA
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CD04 0
12 B 17ms
15ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JzO_VeyvEEJSx7em8v6BdbbNZ2GmxKCWjqMe0ncqDznY9NCn-wsnsf_rGXE2qymBxDfhSg

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E230 1 KB
643 B 8ms
7ms Document
text/html 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4052
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 20:07:02 GMT
etag: 48472445140208031
expires: Sat, 03 Jun 2023 20:07:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9F87 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 738827c79f4b5df09a02e97c1137117dd5db85082a5be2b1c06fb62eca1a160b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12943809228921786815/ Frame 0AAF 1 KB
767 B 27ms
17ms Document
text/html 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=JUpa7ve0ik&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Jun 2023 21:14:34 GMT
expires: Sat, 01 Jun 2024 21:14:34 GMT
last-modified: Thu, 27 Apr 2023 13:46:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6606 0
0 47ms
46ms Fetch
image/gif 142.250.186.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstsoWGOrYmaYqGyT9SKm7geSFfPfqJdtgbi6g5vLRWC9WB5pERzc_GxSW2CLwRCum9a84SX0kpjZeXhhKPlkY7zHHF0J2BBFuRoj1nBf1EbG7FuP4jTffb3yClhArDLFfByV2tr8OpBwADhsbIt-xKjjMB3grA&sai=AMfl-YQC1IQjrYeQH5TSSpTMkEZXuCgRaQwUXfgT0E9c05PIjE9FhaWL5kKpOt_jXKvI-X2L14v2K8y94jxgGSO72aiv07f7u3w6L9dPrKCLAHLfnKLnKN8SCFswGFKZSQ&sig=Cg0ArKJSzOv82_PSp8BCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=439&cbvp=1&cstd=430&cisv=r20230531.97615&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 02 Jun 2023 21:14:34 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 6606 60 B
60 B 142ms
23ms Image
image/gif 213.202.235.8

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180662177&extPm=361577763&gdpr_consent=&gdpr=

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.8 -, , ASN (),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Fri, 02 Jun 2023 21:14:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Fr, 02 Jun 2023 09:14:34 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 1119
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js Show response
pagead2.googlesyndication.com/bg/ Frame B2A9 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d36d6d3206e659da626f7f2a51fb78d2fdd8df03852bbc5c0ca4ee8fde52316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 12:29:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31514
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14684
x-xss-protection: 0
last-modified: Tue, 30 May 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jun 2024 12:29:20 GMT

POST
H/1.1 200
OK postback Show response
s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/ Frame 0874 0
145 B 34ms
33ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/postback?dt=9484611597092707615000&sr=GOOGLE_CONTENTNETWORK&pi=XRzobPsLhV&pd=avt&di=https%3A%2F%2Fye-mek.net&ap=&to=3&pp=ye-mek.net&ti=&md=1&dm=728x90&gt=DE&ci=948461&ui=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&de=2&si=&ac=Xmwo1n97Q8&sid=AgmeqBgCEANq42aS&oz_sc=f9564083f49e78ef1b5f5ed7&oz_df=1685740474268&oz_l=2823&cv=3
Requested by: Host: s.h.w55c.net
URL: https://s.h.w55c.net/2/2.94.1/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Jun 2023 21:14:33 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js Show response
pagead2.googlesyndication.com/bg/ Frame FC19 37 KB
14 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/021tMgbmWdpib38qUft40v3Y3wOFK7xcDKTuj95SMW0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d36d6d3206e659da626f7f2a51fb78d2fdd8df03852bbc5c0ca4ee8fde52316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 12:29:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31514
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14684
x-xss-protection: 0
last-modified: Tue, 30 May 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Jun 2024 12:29:20 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 0AAF 113 KB
38 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=JUpa7ve0ik&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=JUpa7ve0ik&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 02 Jun 2023 21:14:34 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 0AAF 118 KB
40 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=JUpa7ve0ik&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=JUpa7ve0ik&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50148
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Jun 2023 07:18:46 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame E230 0
103 B 19ms
19ms Image
text/plain 2a02:fa8:8806:12::1400

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEKJ6J-wZm3-ZJAQJdCjWpuM&google_cver=1&google_push=ATf1kGO7KPXROtp3ROccP_1IBq6t1SqiqgPJ3Y9Hi5kXCXvC_TUdgz7Srrey0Mz9Pusc2eEKIiTM93__paVdT9JFp6dPkmWdtsRZ
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3 200 i.match
a.tribalfusion.com/ Frame E230 43 B
603 B 195ms
195ms Image
image/gif 2606:4700::6812:19ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESED5w6B117jHCGvNxMGgWcxE&google_cver=1&google_push=ATf1kGM6WW17YETzRLg8RxIJuKkJscTCcOTV0BpR2_Y0R9p3PZTdAzosyE_r7m_0GiecRgg_ud-NL250sSN2CsmVJ9Z1JeflXt93&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGM6WW17YETzRLg8RxIJuKkJscTCcOTV0BpR2_Y0R9p3PZTdAzosyE_r7m_0GiecRgg_ud-NL250sSN2CsmVJ9Z1JeflXt93%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:19ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7d12b4ed7c8d3a9e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E230
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEEtzvU6EpdL4wQPD5vRcwI8&google_cver=1&google_push=ATf1kGPzjzO5JjdrYXgR-pSM-uboPeMMS-xZGFsHOYLA2lBIa2cmOxD6AZr0i1tAwGhZi2S5HB4lL53Y5cniaM...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0MDIwMDIwNTM3Nzc5NjI0MQ%3D%3D&google_push=ATf1kGPzjzO5JjdrYXgR-pSM-uboPeMMS-xZGFsHOYLA2lBIa2cmOxD6AZr0i1tAwGhZi2S5HB4lL53Y5cniaMhAe6...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0MDIwMDIwNTM3Nzc5NjI0MQ%3D%3D&google_push=ATf1kGPzjzO5JjdrYXgR-pSM-uboPeMMS-xZGFsHOYLA2lBIa2cmOxD6AZr0i1tAwGhZi2S5HB4lL53Y5cniaMhAe6OxRFyGIDY

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0MDIwMDIwNTM3Nzc5NjI0MQ%3D%3D&google_push=ATf1kGPzjzO5JjdrYXgR-pSM-uboPeMMS-xZGFsHOYLA2lBIa2cmOxD6AZr0i1tAwGhZi2S5HB4lL53Y5cniaMhAe6OxRFyGIDY
Date: Fri, 02 Jun 2023 21:14:34 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E230
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEDrxNVLNywf5-zqYSI0D1F0&google_cver=1&google_push=ATf1kGOz8I8xcCd5IBjIv1yz1_g4wDFh_l8SPT8c30pDIGJUI01oa-HwJu8s_ZZoEOBI55nnx3ec7pFJH_MScJDi...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RdO6a_k3SQe4bZzp0GgZzA2&google_push=ATf1kGOz8I8xcCd5IBjIv1yz1_g4wDFh_l8SPT8c30pDIGJUI01oa-HwJu8s_ZZoEOBI55nnx3ec7pFJH_MScJDi4PbIcJbk3rla

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RdO6a_k3SQe4bZzp0GgZzA2&google_push=ATf1kGOz8I8xcCd5IBjIv1yz1_g4wDFh_l8SPT8c30pDIGJUI01oa-HwJu8s_ZZoEOBI55nnx3ec7pFJH_MScJDi4PbIcJbk3rla

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 02 Jun 2023 21:14:34 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RdO6a_k3SQe4bZzp0GgZzA2&google_push=ATf1kGOz8I8xcCd5IBjIv1yz1_g4wDFh_l8SPT8c30pDIGJUI01oa-HwJu8s_ZZoEOBI55nnx3ec7pFJH_MScJDi4PbIcJbk3rla
x-host: tde-deliveryengine-production-75d6fd846b-z6vm9
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame E230 43 B
363 B 138ms
16ms Image
image/gif 178.250.7.11

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESECBGkfjgqzThqV-RrtapSHY&google_cver=1&google_push=ATf1kGN0O2yfdGjkXGea6-VY3fhQFyFuYwFw7_gpoOWomu01ELHynsadBHGsAPzGiXy8a5xOn6Mewa-X7JXHy2vGo1aCb6MUcjLE

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:33 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 241143
expires: Fri, 02 Jun 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E230
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vO3xXynvRA2O7rHqzTPeHw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vO3xXynvRA2O7rHqzTPeHw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGMRMdtYbVYxpGYHbM67z__5msnS22Kl-z5e7CldbZli_gi9IlMVYCv4FLTWwvVxBHGv5h8DUBgz11UT44YcEf-EUYOOtgtc

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vO3xXynvRA2O7rHqzTPeHw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGMRMdtYbVYxpGYHbM67z__5msnS22Kl-z5e7CldbZli_gi9IlMVYCv4FLTWwvVxBHGv5h8DUBgz11UT44YcEf-EUYOOtgtc
date: Fri, 02 Jun 2023 21:14:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E230
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPj3xhejLVFT...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPj3xhejLVFT84dozMJueNxmzMB7p...

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPj3xhejLVFT84dozMJueNxmzMB7pWLBKxsnPBgs9HIgP5VtahDNRPaembKYMSqXdCCsfUCUx3Ar5oFuqON8WJK2-K2mf1K1A

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 02 Jun 2023 21:14:34 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0d280081-9e2f-48d0-9cb1-70a19b823648
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NjUwMzEyNDkyMDUyOTc4NTM0OA%3D%3D&google_gid=CAESEKhmpHlSp_dKLbhYY6JNL6s&google_cver=1&google_push=ATf1kGPj3xhejLVFT84dozMJueNxmzMB7pWLBKxsnPBgs9HIgP5VtahDNRPaembKYMSqXdCCsfUCUx3Ar5oFuqON8WJK2-K2mf1K1A
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E230 0
12 B 20ms
19ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L_LorBQcpbKnm2uf4AoglhUjnoEu8usIzGktolRiGi57Zj8c8NA1WdbWxrNxXVR6BpaV-pgg

Requested by

Host: 8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
URL: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 48AF 0
209 B 44ms
44ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1685740470631&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 02 Jun 2023 21:14:34 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 2C1A 42 B
64 B 51ms
50ms Fetch
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsudmo4WfARl_sTS5KnSnSmoaFry8P0WJpHzYmxhmqwPTUbi7IGOwO6TYGWtQq2QyL3e3eVFTgSdthHspZvWzPQy7nvKdi9Jvhi41yeypHeVeOqs5befGtPUXfDenx_jtaKS79WFLQ&sai=AMfl-YQJM5tAEs0a9B9zVWZTgFAXAxuwU-4r1PoIwXgtxk3rhVWmGIDHWcTym5BCJZrTHFq7qz1KDfhdLDdaKyxorf0vXrYhsPy0Qm8&sig=Cg0ArKJSzIr7Jkeg6uW2EAE&cid=CAQSKQBygQiD2PJJxtMk_WwRiEdQjtm_o14FZ3MefIfXQ1yntBy0Qq3L2QUoGAE&id=lidar2&mcvt=1066&p=0,0,600,160&mtos=1066,1066,1066,1066,1066&tos=1066,0,0,0,0&v=20230531&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3358678828&rs=5&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1685740472447&rpt=1118&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback
s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/ Frame 0874 0
145 B 34ms
33ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/postback?dt=9484611597092707615000&sr=GOOGLE_CONTENTNETWORK&pi=XRzobPsLhV&pd=avt&di=https%3A%2F%2Fye-mek.net&ap=&to=3&pp=ye-mek.net&ti=&md=1&dm=728x90&gt=DE&ci=948461&ui=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&de=2&si=&ac=Xmwo1n97Q8&sid=AgmeqBgCEANq42aS&oz_sc=f9564083f49e78ef1b5f5ed7&oz_df=1685740474645&oz_l=180&cv=3
Requested by: Host: s.h.w55c.net
URL: https://s.h.w55c.net/2/2.94.1/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Jun 2023 21:14:33 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9355 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbUqduFt6ZIrCJM-yx_AP_ceJ6AcAAAAAOAHgBAI&bg=!enmleS3NAAY9J7QfHSc7ADkAdvg8WjnMICDLOLGATHbn_FmFlY5h1M_NAewqjQzRY9hetdjkZECs5X_cMqUu5QFyWNJFvPfBYXsCAAADbFIAAAADaAEHmQM93Ff8ecnRM9hwWOGjEMGfm7ppBWAeBqwQkywRu00eg3UWcZHoi_gbJY1bLZI1hqK2iP7paw8m2ZSajC1_DZimzNu4-RL3RcWDDj1Vjo_LSTv6Ywhh2L8Kk8yUdLDKkhiaoEMTmyLtw_U913zKHXjAgwCtadsI7K_DYlllSBkuDvscMNn7LG9_gPQ085iKhW85ac6E7OEUIp_EF5D0APeWSKmsDnneZUGzBLyKH79RbFU0UVzO3wXLpeG0gWavX7FmWVMkrlm0Amey7892r5YOuFfKD3MKVBEkc7bVtMPAmngQ07LA_3fIvUXHTm2J0ryoAGRSIcBmwQgmt2dUvgt4zNHqwFeYiDnNCvUzTheUPwV6V3x936UApTHNtgpvW8kZT6d8b1gxWH5-9ic-AtMyiawIq7Ru-t0WEhC-kkZo2W7SqJd-OcpOkkZFSDmgFbVMZCIssINM5_JP9YhI4FVqVZzAZwgZAXUjfzUeJpwPcK_EUcqllP3iH0BNTa6AgQyHF0yx16N1BHjBaQTLG1tAJA02x2uaInUDam9Qc27RuTLDV5RUtiblVzmOM8qFl2YX5BIPjkyaicUdhJQmtt0l9CGcNbltzClIsHvrmdHQq9lqYxrcc1Uc_pc0oiYauGrlljc6GiQ-zS7cgORcTHC6ksDHvqd_xsTMW0DdtBdzoyt_PgPf1fKydw5gT0_NUxKfzKjcoz4Yi-rJuAxxSIOtLpGU6OoMorKynmRLm2rJibem6mvANNVShV2Ltr8XTaI-SGDsSWVfMhPbqLUGGJWSgtmyjstFg59mFzrko_ZUISfo9FpR6Un4TMuIL4Uz9evcO7LVaUHegk5CJ_h-XgKt2BTCBi7G2zQlcZMmci5JaE3DmnnFjRlUChzwLTwlPl9XlwhtYWhFczmkKxOSyIzL04MtY8Fi1wP9Nry5uBFHPtZgR7ONA_MASU6oluqX5uoH_DGUAKPmpjf9WN2JmLoZb7za21mhiQYGIWidtTys71oLOI3QzBh05X6Ua7jTxlQ2GIOOmB76zLIt0OSEiCA-eOXmIJLcHYlxo3CVmIEkqFl6oFY4zpyZN9lxqSNwDbL2qqGkpaCuZtVNAo47AA

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B5C 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4508566629722&version=m202301230201&ct=76&x=1&cor=3822053559052326000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rid
match.adsrvr.org/track/ Frame 48AF 63 B
385 B 33ms
32ms XHR
application/json 3.33.220.150

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 02 Jun 2023 21:14:34 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://ye-mek.net
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Sun, 02 Jul 2023 21:14:34 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F36 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4937179272012&version=m202301230201&ct=76&x=1&cor=16255311636137271000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 2BDD 52 KB
17 KB 41ms
6ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 47776
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Fri, 02 Jun 2023 21:14:35 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 24 May 2023 07:58:00 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1992, 291976
X-Served-By: cache-lga13626-LGA, cache-fra-eddf8230043-FRA
X-Timer: S1685740475.108990,VS0,VE0

GET
H/1.1 200
OK beacon
ap.lijit.com/ Frame F1BC 4 KB
2 KB 15ms
14ms Document
text/html 216.52.2.91
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13442375
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.91 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Content-Encoding: gzip
Content-Length: 1005
Content-Type: text/html
Date: Fri, 02 Jun 2023 21:14:35 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
Vary: Accept-Encoding, User-Agent
X-Sovrn-Pod: ad_ap1ams1

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B1C2 16 KB
6 KB 66ms
13ms Document
text/html 23.35.236.201

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=159432
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=53148
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Fri, 02 Jun 2023 21:14:35 GMT
expires: Sat, 03 Jun 2023 12:00:23 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET check.html
biddr.brealtime.com/ Frame 1FD3 0
0

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame CC11 281 B
554 B 74ms
14ms Document
text/html 23.56.202.187

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 02 Jun 2023 21:14:35 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6606 0
0 46ms
46ms Fetch
image/gif 142.250.186.66

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstsoWGOrYmaYqGyT9SKm7geSFfPfqJdtgbi6g5vLRWC9WB5pERzc_GxSW2CLwRCum9a84SX0kpjZeXhhKPlkY7zHHF0J2BBFuRoj1nBf1EbG7FuP4jTffb3yClhArDLFfByV2tr8OpBwADhsbIt-xKjjMB3grA&sai=AMfl-YQC1IQjrYeQH5TSSpTMkEZXuCgRaQwUXfgT0E9c05PIjE9FhaWL5kKpOt_jXKvI-X2L14v2K8y94jxgGSO72aiv07f7u3w6L9dPrKCLAHLfnKLnKN8SCFswGFKZSQ&sig=Cg0ArKJSzOv82_PSp8BCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1133&vt=11&dtpt=694&dett=3&cstd=430&cisv=r20230531.97615&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 02 Jun 2023 21:14:34 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0381 0
12 B 6ms
6ms Image
text/plain 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1lcyeA
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:14:35 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6606 43 B
215 B 172ms
171ms Image
image/gif 2600:1f13:800:7781:4b1:18cc:611a:9549

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=d604d47b-b5b4-9944-fcef-13e23fdf4371&tv=%7Bc:epWLRB,pingTime:1,time:1820,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:65%7D,%7Bpiv:100,vs:i,r:,t:774%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:1046,o:774,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:65,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B764~0%5D,as:%5B764~160.600%5D%7D%7D,%7Bsl:i,t:774,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1046~100%5D,as:%5B1046~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:380,fm:tG3NenF+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C116231%7C11624%7C1171%7C1172%7C1173%7C1174%7C1181%7C1182%7C1191%7C11a1%7C11a2%7C11b1%7C11c*.1352960-70224255%7C11c1,idMap:11c*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:67,sis:559%7D&br=c
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:4b1:18cc:611a:9549 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:35 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6606 43 B
215 B 182ms
181ms Image
image/gif 2600:1f13:800:7781:4b1:18cc:611a:9549

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=d604d47b-b5b4-9944-fcef-13e23fdf4371&tv=%7Bc:epWLRC,pingTime:1,time:1821,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:65%7D,%7Bpiv:100,vs:i,r:,t:774%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:1047,o:774,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:65,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B764~0%5D,as:%5B764~160.600%5D%7D%7D,%7Bsl:i,t:774,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1047~100%5D,as:%5B1047~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:380,fm:tG3NenF+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C116231%7C11624%7C1171%7C1172%7C1173%7C1174%7C1181%7C1182%7C1191%7C11a1%7C11a2%7C11b1%7C11c*.1352960-70224255%7C11c1,idMap:11c*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:67,sis:559,metricId:grpm1,cmr:t%7D&br=c
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:4b1:18cc:611a:9549 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:35 GMT
server: nginx
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 main.js
s0.2mdn.net/creatives/assets/4703545/ Frame 0AAF 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=JUpa7ve0ik&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=JUpa7ve0ik&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date: Fri, 02 Jun 2023 21:06:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 483
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 02 Jun 2023 21:21:32 GMT

GET sodar
pagead2.googlesyndication.com/getconfig/ Frame 0AAF 0
0

GET event
unilever.demdex.net/ Frame 48AF 0
0

GET cm-notify
creativecdn.com/ Frame F1BC 0
0

GET sync
rtb.mfadsrvr.com/ Frame F1BC 0
0

GET p-CXt61zNBpKUt1.gif
cms.quantserve.com/pixel/ Frame F1BC 0
0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame F1BC 0
187 B 21ms
15ms Image
text/plain 98.98.134.243

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13442375
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.243 -, , ASN (),
Reverse DNS
Software: A /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Fri, 02 Jun 2023 21:14:34 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET

merge
ce.lijit.com/ Frame F1BC
Redirect Chain

https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=fmx
https://x.bidswitch.net/sync?dsp_id=70&user_id=4950128881086151232&ssp=fmx
https://ce.lijit.com/merge?pid=26&3pid=99ccb4b7-b8cf-40e8-9384-5dd37440ba80&gdpr=&gdpr_consent=

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F1BC
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=R3dCNnBCWkhYWVFfV29USVNrLWJHZml4&gdpr=0

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=R3dCNnBCWkhYWVFfV29USVNrLWJHZml4&gdpr=0

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13442375

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 02 Jun 2023 21:14:35 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=R3dCNnBCWkhYWVFfV29USVNrLWJHZml4&gdpr=0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET svr
match.prod.bidr.io/cookie-sync/ Frame F1BC 0
0

GET getuid
ib.adnxs.com/ Frame F1BC 0
0

GET sync.php
pixel-eu.rubiconproject.com/exchange/ Frame F1BC 0
0

GET
H3

403

pixel
cm.g.doubleclick.net/ Frame F1BC
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=R3dCNnBCWkhYWVFfV29USVNrLWJHZml4&gdpr=0

0
0

21ms
21ms

Image
text/html

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=R3dCNnBCWkhYWVFfV29USVNrLWJHZml4&gdpr=0
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13442375
Protocol: H3
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Redirect headers

Date: Fri, 02 Jun 2023 21:14:35 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=R3dCNnBCWkhYWVFfV29USVNrLWJHZml4&gdpr=0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET sovrn
tr.blismedia.com/v1/api/sync/ Frame F1BC 0
0

GET pixel.gif
aorta.clickagy.com/ Frame F1BC 0
0

GET rmpssp
sync.1rx.io/usersync2/ Frame F1BC 0
0

GET

merge
ce.lijit.com/ Frame F1BC
Redirect Chain

https://um.simpli.fi/lj_match?r=1685740475079&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=2&3pid=E19FCC0AED154058BE4BB5C1C5FDC9DA

0
0

GET ae12848777b41970a5f2
aax-eu.amazon-adsystem.com/s/x/ Frame F1BC 0
0

GET sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame F1BC 0
0

GET generic
data.adsrvr.org/track/cmf/ Frame F1BC 0
0

GET rtset
bh.contextweb.com/bh/ Frame F1BC 0
0

GET
H/1.1 200
OK usync.js
eus.rubiconproject.com/ Frame CC11 34 KB
0 31ms
30ms Script
text/html 23.56.202.187

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date: Fri, 02 Jun 2023 21:14:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Jun 2023 04:53:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=27555
Connection: keep-alive
Content-Length: 10113
Expires: Sat, 03 Jun 2023 04:53:50 GMT

POST
H/1.1 200
OK postback
s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/ Frame 0874 0
145 B 32ms
32ms XHR
text/plain 18.203.131.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.h.w55c.net/2/2.94.1/948461/AgmeqBgCEANq42aS/postback?dt=9484611597092707615000&sr=GOOGLE_CONTENTNETWORK&pi=XRzobPsLhV&pd=avt&di=https%3A%2F%2Fye-mek.net&ap=&to=3&pp=ye-mek.net&ti=&md=1&dm=728x90&gt=DE&ci=948461&ui=&pv=e28a648a-64d3-47d4-bdb2-044182c8c8ea&de=2&si=&ac=Xmwo1n97Q8&sid=AgmeqBgCEANq42aS&oz_sc=f9564083f49e78ef1b5f5ed7&oz_df=1685740475175&oz_l=33&cv=3
Requested by: Host: s.h.w55c.net
URL: https://s.h.w55c.net/2/2.94.1/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.131.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-131-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 02 Jun 2023 21:14:34 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 58B3 0
0

GET user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0082 0
0

GET cm
us-u.openx.net/w/1.0/ Frame E4A5 0
0

GET async_usersync
ib.adnxs.com/ Frame 2BDD 0
0

GET PugMaster
image6.pubmatic.com/AdServer/ Frame B1C2 0
0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3AF6 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4ETbuFt6ZNSZLpS_3gOH17x4AAAAADgB4AQC&bg=!YWKlYjbNAAY9J7QfHSc7ADkAdvg8Wt0VgDnZXxxwzmq3Z35ytGVc7pEE-tXsWVaEW-q04DAbhcKY0lBFA0qHToePjDxQ3pR2PvMCAAAD-FIAAAAJaAEHmQND7Aj1VEAZGRpp0GJLyDfvlil52SGYWxYnK4I30e3MRkObTj5f5soukWMeXOcNmRKVgXW-jRHXnNQpIt1GH-Z0OKZYVFP9nAjQMmlRMRltIcNFeAAnjrXmINxz_bqXvdE0qCXFqe3iVYEiBNVlJWkpxtHnbd-DCEv6-xzKIqmLVfXXNBG6H50cmjWSFzZYpL02Lod4V2XlzsZGRkGaUWB4niK8W1DAOma5alqEDx_9HphdyYk3zUrxg11HieyzXxr23lFv4UE3CitnaoNSzDV9BqHhtxs3uNilOxQzn1ROLvYg3_DDmiJcXEuESA5SZsx6Q7QezlY8nvSkfyZLS-xccE9zjbnAjzGKekv2IyR1gcMfwxEr1SPh5d9X0FqPtezcIhSHEDn6vfb6z-nz9UUiYC4K011khMVfp5mWsxjtcqpHGRlyHN_hxDdwsHUwFpNwOAWJ0Nc-xjwJs19jfwiEmMTJJPCjbdn-HD0JRQ2AqQ1I4jt8Zyt963fdTT558-cwJwR9bUWHYFr60vKm7RNcNIelX8sO5yJrMziRkp7mZHPojKRMHF0f4eWFvkASp0BpoTNFgbDg1yqtlW8CkDd5dnBZc9KpQFJDlyTQyCYHGUF7YCahfG1f8U1564xkMz-4u1jtELSiqRBRQUbqEuArd64I2DpjCYP1gC8XfjOolpyaYpNZ03ATZS7l1HLqs26MkPbp1Wg7BZ47c8-WWOe_Fu7KkpiUxaow0YFtDyrhpciKyHRAZdcIz8JluO_kBh8eh2mg6K2DVTh7_5cD7KEzU6ncYDQrjpxb7jub2HUGVNyE0c_Tnr1fOTDmb_mmJvdnof44V7JVhMlx3veoimG7ul4YTa7xt1x_Q30nI2FgwoHQVxnHRB3u8MrNaTEzqpPsrnWehAYh2bryqaVXwkpJrRVdrdyIS3Q8cf2mHrjDA0GlkYrvBvvS1T4RjkUZX7kBjmVFKZcYl4Jf-MZz9BN7n1P2l8oRG2k98H7FqWgNU_VYlBKcmY1dkGxvNjPlNlKOPaUurYuNs16a613qxLnR4JTVBeen9bI3R8BsQ6kUPXYlPdcED0AIvHM4hhSkz46agDV8zMJYkNd8PSydSZrAntfRjg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1244 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:813::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Blue5uFt6ZPX-Jq-z9u8PmYqj0AwAAAAAOAHgBAI&bg=!FhWlFUHNAAY9J7QfHSc7ADkAdvg8WqmgpsZ4dGBxfQ80nmhId1qoTi9WXkhPZL67so5YsO8jbe9ov9nYOA4NuyWHXbKmZIgRDVsCAAAD7FIAAAAEaAEHmQNi5ryI1ay_FG_lDJdUJo4i_AxOIeenYhN-HraQFpjS4mbgwttHi1jXW3E6HLX4KDY64FkEWk6qPul5TO4udxVq9cO-_yhqcLUDRrHsbkek1HTdd-ViW2bgaoEt4WFLmgHBgQEqtepTBT_QdNoOX0GzpnkZ4XkJIOkM0nAJjioHbpMbD9mzU-lyNq4X-9uXcmP7-fnzFwZFDqXw151bws-kMb2WGXziOjkRBy1-y8SWrp9jkM-JpdSjEwGlE3vPsNaF04ChAGknQ5mVMGlqt4AL9HBsS9vmKSXYofio8YJAtA0ogu4ARdGook0YAmZRstLkR7dKYsSIW7ubHOUcRFWI3Q87bNJ327zDYQhLzOS2tv87DDjsnpKDSN1j_8EjUysjixGRpiB2AHK4Zs013q6Qv7cLtfE9XnwnA76xa_QyXf70AAWpJX-cltkNx1LyhXYEMlLVbSmYzaD3krqBaOLDet9moSY7RMxlNuZ6h1sc_PXCsoRI5uSdSrrnGJvOi7Nw1tsHuP6oz5Hgxe04UuI5rc5vcip9HvuQfo2mfJHLPFF-6DlUUhyjhLSO0fFzjjQdvmdItqW0x1HaTfR51yZjkbgT924TP8Sue_4XLg7A0a5dr9m4fEoTJhUtPbJCpucV4Qpk_ANKF12DGN1vk1OlGYITQetFTWGXr_7wBzO6kdT9ytmpKh7IQpdb1uNdF1xWgCQoKxzzbbBrDWT7BoHGupBuUW8qTu7xQmFAEXBz7idmOZpAOyJ5lQA8cUyqmS8E5vLqtt-C3M5hHjLrf0wbPddefYR6pZ9xLxGxD7ViWZAp8q5LyRJhs2U6WCPwrFaQYIN4pqLKJE-GUr43acEey47Lo97oIqGCyr2gbVltSMKbi7fygS7AkYDQefzGldZQnzdHNDl5P_ZnWDo4wjp6vQB-RIuXLVQMznhRM3BbDM_AYpsjs3qN2claBjvsmaZZLNTpZkGj_8_esYSunO50LwhMShgAdr8eNTs_GT33cYJKGI9jv4lUpR36UWTiEF2dl5bTCTdjJ_xMczxxuc-YEXYanUpaAR2iuxfWSc32YNaOTqmnx-1CJZf8bAnxzrMuLvf0t_MtjmrnJV8UiN0mzeTWGCF8CYL4e2ZX1z1zAJY_Vstd-se3LfN20TQgCYlXXcM

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Jun 2023 21:14:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET gen_204
pagead2.googlesyndication.com/pagead/ Frame 42AF 0
0

POST avw.gif
c.4dex.io/ Frame 48AF 0
0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 6606 0
0

GET 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 48AF 0
0

POST avw.gif
c.4dex.io/ Frame 48AF 0
0

GET 160x600_de-de_performance.js
s0.2mdn.net/creatives/assets/4703545/ Frame 0AAF 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hb.emxdgt.com
URL: https://hb.emxdgt.com/?t=1500&ts=1685740470957&src=pbjs

Domain: biddr.brealtime.com
URL: https://biddr.brealtime.com/check.html

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Domain: unilever.demdex.net
URL: https://unilever.demdex.net/event?d_sid=25453995&cs=1685740475184

Domain: creativecdn.com
URL: https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=

Domain: rtb.mfadsrvr.com
URL: https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent=

Domain: cms.quantserve.com
URL: https://cms.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=

Domain: ce.lijit.com
URL: https://ce.lijit.com/merge?pid=26&3pid=99ccb4b7-b8cf-40e8-9384-5dd37440ba80&gdpr=&gdpr_consent=

Domain: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D92%263pid%3D%24UID&gdpr=0&gdpr_consent=

Domain: pixel-eu.rubiconproject.com
URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent=

Domain: tr.blismedia.com
URL: https://tr.blismedia.com/v1/api/sync/sovrn?gdpr=0&gdpr_consent=

Domain: aorta.clickagy.com
URL: https://aorta.clickagy.com/pixel.gif?ch=185&cm=GwB6pBZHXYQ_WoTISk-bGfix&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync2/rmpssp?sub=sovrn&gdpr=0&gdpr_consent=

Domain: ce.lijit.com
URL: https://ce.lijit.com/merge?pid=2&3pid=E19FCC0AED154058BE4BB5C1C5FDC9DA

Domain: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=0&gdpr_consent=

Domain: pixel-us-east.rubiconproject.com
URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent=

Domain: data.adsrvr.org
URL: https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent=

Domain: bh.contextweb.com
URL: https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent=

Domain: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=

Domain: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=0&gdpr_consent=

Domain: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Domain: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=84205102&p=159432&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BuJFfuFt6ZJv-NNXl-gbMvZ2YAgAAAAA4AeAEAg&bg=!Dg2lDVnNAAY9J7QfHSc7ADkAdvg8Wh-jZpFPp6Ge1zBUBVqQ_rQq3zljPaoZ-e4_BogzXXXDKM9oG376kuUS9yHt9-uToFnAGwsCAAAD6VIAAAADaAEHmQNIB9AHdB-JyiPApVF8xmI9RgsXE9v8T7e0FErCcCOlMpq01ZTWNYWLlLlZfK4iR0UgqsTk42uL1VAzVGRULH9_RMCVa6HrdssO2hdfWYmPxDnlAMsdTyCCpvrrhRxBVA2jd1QAVtWMQ8Pw30zYAzRq0QQZJ66tb28q1eucclASWrn7vEe_GnoZoqVhuLuOYnl80yWM9559RMHRGo2MiMTf6b3XzSiyHKa_58MBzTxIlSuUZW7NwKQg2aK2eB3wNdZEfgQJXxK1mCZE7sPTEavlltrthP8TrrpgmTo-Tikv-OqdZKvprBJ4YgUKKWTy4C_ljwyK3FioyBl4sKKDEyEsQfnvURI3PSYj8hfrWhK2ZvXAaxzXbiFy93eOzV5rrQz7Mgzva0h8bKo-oSTupLy7xEeuNx8uMcpLOOz3HAB0f3b5y4O50pPFM7R4sTN_AOXt1IFIx2K2Hkh86OaRUCIHrxSVtWpi7g0T1CVUzTKpUyEPKuh91PVi0Rto0gntyeYw_a0tXCoWcFzMeGwzdVnNFVPvMuvIqYfsy8XrxVsfVnJA_sgbJ_M9AWSLhNRBndDIaDbJ1-PbTiXiIZefPZ3wU05tjPjgazogJ5hWO21IYahOEOJwGUDCgFl1mIElAyOTUAIEH4ChRKUoF0pZQZY17yObDdm0Y4VRPdEim811eYi1yKuKYBB33E-g3iRpF0AegJBrFZ68edg5_3FarAyyIOk6dmwt58zC5ToFb_7UhFm4yYYuL5q-AV-hdVOekeBFt89K5iDJD6HIysVsRBFNGvcj-GmiLAvhDQ6Dj-XUE5ssFPUpntBxp_woeHPex_R_xxsLdYb4Rmlb-5waOfctnzbR5P0IQUUaY09ULILFXlrVVQAZq99cYY8MkIHTND2e2pZSfHqySkJClEpuzztR1JiFUB4iyG2Q-CVNwAl6PxPj3IlO2gyAN1tBjBhPQCjWKleutali1GYlB5L6VaweoNERxAyXukbHt-L4CoBZobWtJGHmfGqSbM200XP_P0DxTXJ27tWuNTwzYc4hNIIejLKeHBw2ZIeJTc6QYGua62DZectUCt3D4sFCfukNTLvb-stX9tSuMa3f2gp4mXqL9SK-tdYv42vI

Domain: c.4dex.io
URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-1455783126174-15337921728129623web_yemeknet_kategori_sayfalari_728x90_repeating&evt=start&pv_id=07cd1822-8f98-4564-bf5d-ab3057e32922&adu_el_id=div-gpt-ad-1455783126174-15337921728129623web_yemeknet_kategori_sayfalari_728x90_repeating&v=0&tz_off=0&js_late=1&js_ts=&size=728x90&pbjs_sizes=728x90%2C468x60&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=0&pg_durat=5015&pg_paused=0&pg_exp=5015&vsbl=0&adsrv_vsbl=0&adsrv_att_delta=0&clk_time=&reset=0&adsrv_adu_exp=0&navs_ts=1685740469907&trgr_ts=1685740472278&init_ts=1685740472279&start_ts=1685740472280&reset_ts=&vsbl_ts=&adsrv_vsbl_ts=&auct_id=4907aa65-3755-4d00-86c3-25662597bb8d&featv=1&pn=1&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=food&env=web&org_id=1066&pgtyp=allpages&plcmt=web_yemeknet_kategori_sayfalari_728x90_repeating&site=ye-mek-net&subcat=&adsrv=dfp&adsrv_advrt_id=4640999434&adsrv_cmpgn_id=2414810363&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=728x90&adgjsv=1.16.2

Domain: c.4dex.io
URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-1455783126174-15337821728129623web_yemeknet_kategori_sayfalari_728x90_2&evt=start&pv_id=07cd1822-8f98-4564-bf5d-ab3057e32922&adu_el_id=div-gpt-ad-1455783126174-15337821728129623web_yemeknet_kategori_sayfalari_728x90_2&v=0&tz_off=0&js_late=1&js_ts=&size=728x90&pbjs_sizes=728x90%2C468x60&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=0&pg_durat=5021&pg_paused=0&pg_exp=5021&vsbl=0&adsrv_vsbl=0&adsrv_att_delta=0&clk_time=&reset=0&adsrv_adu_exp=0&navs_ts=1685740469907&trgr_ts=1685740472306&init_ts=1685740472306&start_ts=1685740472307&reset_ts=&vsbl_ts=&adsrv_vsbl_ts=&auct_id=4907aa65-3755-4d00-86c3-25662597bb8d&featv=1&pn=1&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=food&env=web&org_id=1066&pgtyp=allpages&plcmt=web_yemeknet_kategori_sayfalari_728x90_2&site=ye-mek-net&subcat=&adsrv=dfp&adsrv_advrt_id=4640999434&adsrv_cmpgn_id=2414810363&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=728x90&adgjsv=1.16.2

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssnvUv19I3vPy0gaWKrlYN9_VUtksyHajMswEoPpQrz2pTFwKpPXkTDjfn28FEQxaMXyxEsBsj-qHdmFIm5H2BB821AQSHkV5WYwIWXn0dORmq9LbjU6FDcldm3iZA3NdL28EJrKA&sai=AMfl-YTg4Ei0aGxDYCDE2hGWnveVGTOM1kId59e6ksvIMvocEddMFVVizoPzluRJmq81NA8Pg_5fO1B5C96eZKx_jf1EpZ02cF3VCpSeyuP5iVs4h72eIzyg1HmX_sA&sig=Cg0ArKJSzGYplyoEkjUwEAE&cid=CAQSOwBygQiD_Onfb63ey70FI2e2ezKZyOxFRnop3SzoXX_igqA1c427VeHv1oaG4smWxW69MaM5PIP9pZicGAE&id=lidar2&mcvt=1000&p=0,119,40,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230531&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1685740472459&rpt=1462&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0

Domain: ng2.virgul.com
URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1685740470631&userId=vnetf7faab32-01ce-4b83-8272-10080bac7dde

Domain: c.4dex.io
URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower&evt=vsbl&pv_id=07cd1822-8f98-4564-bf5d-ab3057e32922&adu_el_id=div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower&v=0&tz_off=0&js_late=1&js_ts=&size=160x600&pbjs_sizes=160x600%2C120x600%2C300x600%2C300x800%2C300x250%2C120x240%2C160x800&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=2626&pg_durat=5041&pg_paused=0&pg_exp=5041&vsbl=1&adsrv_vsbl=1&adsrv_att_delta=-217&clk_time=&reset=1&adsrv_adu_exp=0&navs_ts=1685740469907&trgr_ts=1685740472325&init_ts=1685740472325&start_ts=1685740472325&reset_ts=1685740472606&vsbl_ts=1685740473830&adsrv_vsbl_ts=1685740473498&auct_id=4907aa65-3755-4d00-86c3-25662597bb8d&featv=1&pn=1&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=food&env=web&org_id=1066&pgtyp=allpages&plcmt=web_yemeknet_left_tower&site=ye-mek-net&subcat=&adsrv=dfp&adsrv_advrt_id=4837683725&adsrv_cmpgn_id=2819842489&adsrv_crea_id=138339352911&adsrv_empty=0&adsrv_lnitem_id=5615618577&adsrv_size=88x31&adgjsv=1.16.2

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lijit.com/	1970-01-20 21:01:16	Name: ljt_reader Value: GwB6pBZHXYQ_WoTISk-bGfix
.rubiconproject.com/	1970-01-20 21:01:16	Name: khaos Value: LIF2CO6M-28-4T85
.rubiconproject.com/	1970-01-20 21:01:16	Name: audit Value: 1\|naVuGyos1qpbzdBzr7Cjqzpcd3HBZZ775PzI6EyVJjkkIUeXzf4l4QpF6sNYlFLVDqDbQAwtYdFN+011ZXQEx2pNjxJ85LHdsqlSNZOaaDQ=
.doubleclick.net/	1970-01-20 21:37:16	Name: IDE Value: AHWqTUmC_w7_ISqDuLyXeM01MGFWovnymmWHpRS-ClSlwan3hSAGJfgOS4FQhDb48O8
.adnxs.com/	1970-01-20 14:25:16	Name: icu Value: ChgI5MdxEAoYASABKAEwt7fpowY4AUABSAEQt7fpowYYAA..
.adnxs.com/	1970-01-20 14:25:16	Name: uuid2 Value: 6503124920529785348
.hspvst.com/	1969-12-31 23:59:59	Name: VI2677 Value: %7B%22time%22%3A1685740470%2C%22utid%22%3A%223fbca3f5a604254933b798a9a6279a81%22%2C%22t%22%3A%22P%22%2C%22s%22%3A%22%22%7D
.hspvst.com/	1969-12-31 23:59:59	Name: VIP2677 Value: 1
.casalemedia.com/	1970-01-20 21:01:16	Name: CMID Value: ZHpbuKDTtt2bHKdRyqb3YQAA
.casalemedia.com/	1970-01-20 14:25:16	Name: CMPS Value: 5283
.casalemedia.com/	1970-01-20 14:25:16	Name: CMPRO Value: 5283
.adnxs.com/	1970-01-20 14:25:16	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In2m830t!]tbPl1M>e)ZlrFUfJ+tGXxoaNA545>pdO/S38[b?3tkyIK5AnYvn$]3/Pwi3If)y3KL9D3I?+v+b**.
.ctnsnet.com/	1970-01-20 21:01:16	Name: cid_38762d523acc48e7ad7c8338a4e4468a Value: 1
.ctnsnet.com/	1970-01-20 21:01:16	Name: gid_CAESEOovkkdY1eZBecR-FnijYe8 Value: 1
.mathtag.com/	1970-01-20 21:41:35	Name: uuid Value: f07d647a-5bb8-4f00-b9df-35662d96879c
.mathtag.com/	1970-01-20 12:58:52	Name: mt_mop Value: 4:1685740472
.spotxchange.com/	1970-01-20 12:55:59	Name: audience Value: 781ed7e7-018a-11ee-9583-129210fe0206
.w55c.net/	1970-01-20 12:58:52	Name: matchgoogle Value: 5
.w55c.net/	1970-01-20 21:45:54	Name: wfivefivec Value: iizvVYTd1Q5c6s5
.yahoo.com/	1970-01-20 21:01:38	Name: A3 Value: d=AQABBLlbemQCENbtvhXVxG3shfUokrIosTAFEgEBAQGte2SEZOANyiMA_eMAAA&S=AQAAAhiWttVAF1A9wZZSyxvf2bQ

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://hb.emxdgt.com/?t=1500&ts=1685740470957&src=pbjs Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685740470740&bpp=4&bdt=639&idt=254&shv=r20230531&mjsv=m202305300101&ptt=9&saldr=aa&nras=1&correlator=3160278201483&frm=24&ife=1&pv=2&ga_vid=560780656.1685740470&ga_sid=1685740471&ga_hid=519214623&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C44788442%2C21065724&oid=2&pvsid=2150670595636049&tmod=952913366&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.viu0ogpn687e&fsb=1&dtd=271 Message: Failed to load resource: the server responded with a status of 403 ()
worker	error	URL: blob:https://googleads.g.doubleclick.net/371f3489-1029-435f-8a4d-602bbf3162af Message: Mixed Content: The page at 'blob:https://googleads.g.doubleclick.net/371f3489-1029-435f-8a4d-602bbf3162af' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://googleads.g.doubleclick.net/371f3489-1029-435f-8a4d-602bbf3162af Message: Mixed Content: The page at 'blob:https://googleads.g.doubleclick.net/371f3489-1029-435f-8a4d-602bbf3162af' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=R3dCNnBCWkhYWVFfV29USVNrLWJHZml4&gdpr=0 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8850d9c692fae2cf277b313a0515a762.safeframe.googlesyndication.com
a.teads.tv
a.tribalfusion.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
acdn.adnxs.com
ads.pubmatic.com
ads.travelaudience.com
ads.w55c.net
adservice.google.com
adservice.google.de
adx.adform.net
ajax.googleapis.com
aorta.clickagy.com
ap.lijit.com
bh.contextweb.com
bid.g.doubleclick.net
bidder.criteo.com
biddr.brealtime.com
c.4dex.io
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.adnxs.com
cdn.doubleverify.com
cdn.jsdelivr.net
cdn.pathtosuccess.global
cdn.ye-mek.net
ce.lijit.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
cpm.programattik.com
creativecdn.com
cti.w55c.net
data.adsrvr.org
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
encrypted-tbn0.gstatic.com
encrypted-tbn2.gstatic.com
eus.rubiconproject.com
fastlane.rubiconproject.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
fra1-ib.adnxs.com
fw.adsafeprotected.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hb.emxdgt.com
hbopenbid.pubmatic.com
i.w55c.net
ib.adnxs.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
ius.ctnsnet.com
m.exactag.com
match.360yield.com
match.adsrvr.org
match.prod.bidr.io
mp.4dex.io
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
prebid.adnxs.com
rtb-csync.smartadserver.com
rtb.mfadsrvr.com
rtb.openx.net
rtb0.doubleverify.com
rtbc-ew1.doubleverify.com
s.ad.smaato.net
s.h.w55c.net
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
script.4dex.io
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
static.virgul.com
sync.1rx.io
sync.mathtag.com
sync.search.spotxchange.com
sync.teads.tv
t.hspvst.com
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
unilever.demdex.net
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
ye-mek.net
aax-eu.amazon-adsystem.com
ads.pubmatic.com
aorta.clickagy.com
bh.contextweb.com
biddr.brealtime.com
c.4dex.io
ce.lijit.com
cms.quantserve.com
creativecdn.com
data.adsrvr.org
hb.emxdgt.com
ib.adnxs.com
image6.pubmatic.com
match.prod.bidr.io
ng2.virgul.com
pagead2.googlesyndication.com
pixel-eu.rubiconproject.com
pixel-us-east.rubiconproject.com
rtb.mfadsrvr.com
s0.2mdn.net
sync.1rx.io
tr.blismedia.com
unilever.demdex.net
us-u.openx.net
104.111.217.42
13.248.245.213
130.211.44.5
142.250.186.66
142.250.186.98
151.101.129.108
151.139.128.10
154.58.197.185
178.250.7.11
18.155.122.7
18.159.8.247
18.195.124.86
18.203.131.238
185.29.134.248
185.64.189.112
185.64.189.115
185.7.176.221
185.80.39.216
185.86.138.154
185.86.139.104
185.89.208.11
185.94.180.126
192.229.233.53
2.18.232.7
2.19.224.115
20.60.220.36
213.202.235.8
216.52.2.91
23.35.236.201
23.56.202.187
2600:1f13:800:7781:4b1:18cc:611a:9549
2600:9000:2057:ae00:1b:5138:8a40:93a1
2600:9000:21f3:f000:19:8ca6:3640:93a1
2600:9000:223f:1c00:8:48e:53c0:93a1
2600:9000:248c:b800:1b:f040:3600:93a1
2602:803:c003:200::41
2606:4700:20::681a:8a9
2606:4700::6812:19ad
2606:4700::6812:372
2a00:1450:4001:800::2001
2a00:1450:4001:803::2002
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::200a
2a00:1450:4001:810::200a
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a00:1450:4001:829::2003
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2002
2a00:1450:4001:830::200e
2a00:1450:4001:831::2006
2a02:2638:d::2
2a02:2638:d::a
2a02:26f0:6c00::210:ba29
2a02:6ea0:c700::11
2a02:fa8:8806:12::1400
2a03:2880:f083:9:face:b00c:0:3
2a04:4e42:200::485
2a05:d018:d29:3601:7391:985f:3e9d:2132
3.33.220.150
3.75.62.37
34.102.243.38
34.98.64.218
35.156.100.193
35.186.193.173
35.190.0.66
35.204.158.49
35.227.252.103
35.241.45.217
37.157.2.234
37.157.6.237
37.252.171.149
37.252.171.53
37.252.171.84
44.235.132.190
51.75.86.98
52.212.231.135
52.222.208.154
54.72.193.93
64.233.184.155
69.173.144.139
77.245.159.14
85.111.6.48
85.114.159.93
94.138.206.83
98.98.134.243
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0116639f142917a190651b0397189783d114b077fc3454a35a91b5fac14e7d09
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2
05ab85031a66d915981070514ecba360106d3670a17a34e3bbda713cd39c7269
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
089371c2d0c637c172d5af2ba670a229c49df18790fa29a8c9a3d4af7796f2c7
09244740f4a5bf8ab1aa815df2f809d370c932e5c5e977221091acbee7b66570
096ef6644ebed2ac191e5a20c7c5bf31a24d8739912e2142003fdaa469a13aa5
09d46eb1397a55833670832dcac4edf7f7e1d2b170b3eb7c11557cadcfe0a784
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb6011ca0dbc5ca0ec9f0cf68f65fb93b324b359d0aa3c1986bc5c60b04b875
0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd
0e0428600e8815fb1b00f6c4b75eed554b1f6abb176d39a9ea4b137d3f3614be
0e09643b85c7d7ac0c6988abb0327a1d5d1b732eb40b01b9125c41a53f927be6
1120ae16d59ffc52127907573aa69df91c7cbeb710d5e0a0004b050542d221a7
1165aab0094ed2411579eeb149c033d97f73e5dcdb116f40eab65d3e82d94bcb
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
16ba6f005e8c3ea82df564a4667777958189cc3f6cdf5831a3ea2da22c4f2280
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c68cb6bc118e5b02cad9e6c2f51391bc1c7318d8e200e111b92e5f339fdffe1
1e3a7651e485bbd08be45c3794ce29db6668bd23f89ef0f62d86ac8f6488378e
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
22c974ca84d1beebef37b4c95335f8ae6f597563bbb9246eed2f4f647a176128
22ec56df25744866a27efb0d3a95c71bec34cd151f986376a9f2e10f498760c9
22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2c481ccdb6e10e0136132ac25c732c873df15b1cf23a063a714f63606159551e
2c85c5e8866a5be17210bdb8b331d82fcf9d771c40bf698a416b675731a5a27f
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
3043e0fd34fabd354986783715033dade1d8ea2abc31b62ba87f26ed190bc2dc
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
317f3f734c2c1b5b80469bc5a3e78cc9dd0658ebcd5a40abbe1799f3dd6075a6
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
325be98d467be29fd7b3d1c36f2e137806b171ca7d73ef3b535e198ec0bd1dc1
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
33566729393f70e95f9e326dbc67dedbb3bdc4d6a743ef40141fa1d126f079ad
34a5c600bd9dd190078ef84a4bc7fa8359e9ee9e49874fe34a1dc71e6562aa4f
3557f7e6c4a9d06b6e43bf7ea5f34c27cfef05122fb637dec5de90639a8f26fe
3735e94afb2539b14515fdd10d7cc066cffa99d4b52762959e342295e08a770e
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
384a137940b8de9de3f1a089bed8f94f2ef1b129a14cdd4d616b341e97fb4c3f
385cba033449fe06ec0f3d8d7982580a0b602f1eab1d93f3bb929b1e43e8c40a
3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07
3d252ef715596a18ae31690327a2a05170d235165c134e7e19e7d38ab1db18ca
3d387bb264dd5258f6f33d48d136b49616dfd399bbde3b896798c71317a4d3b1
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
3f3d5ba7baa0ebfca86fbfaebccda25b2e2720318f80280cd90e10a437ff3d80
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
42c600c9293359a7e6a9506e5dc30ca74845321a0849e8aa0cc5d2d52a7b5a94
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46f0e1ce5f1bc9e08e3dc864c6d65fb7bde761cdde2e8ca86780c539991badf5
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4731ea3c5067871516e2b6ee7cd280b42770c3cf99dcb1905999137d7a0e2f6d
4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c
4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e4809916d0077b67c97480fbf143ebdd652c583f4158a97505547db40bed655
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
551debe8c4f0db7b25699af72a204caf099af55413f90eb34b5f546330d6187c
5588435e3d314e29ecb6c584356560b0ad88387bcd90273afe810d2b6da2c998
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565b56a04b0c14fbb67f85831742be7801516ffc8d4f8737eb702caf6abc64c1
57d14f2736ec4cfa46bf75a9eba47c3340a2f271e341f49521e8eb51a9aef4fc
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
5a36e85a53eed0a72e8568d4151832e914e5a82f7e1116fb68cc327fce7abf90
5e78f2b6a53e0e082bf9932e994510d75274e3c9ddaa6bccfa39ac92d9ce11a6
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
62f2ccc2b3eb10eec94ba074f7b3581f55cfef1d5ae874119843fa86d8dd550c
634d9d666f3f12d0d76460cfa724afd5e192b41e47479d22ccad14c7b0e1f47a
63e2084cf59c4f68f8346a17541d1cf44755745ec160e6bc3cfd9d1651424640
6463a8285a9c7d54fde4f62d247208584a061d3a0028a516ec3b902164256306
65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed
68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6a88e0d82ba2998038cc86adc47bfb48d21e6114e18d97f0ecd05f5df519a95f
6e5823650e0400d50a5dd5369c975651dad5cfcbab9e2629658c63bad7bc9fa3
6eb41577cebabab2a1a102e88c23d1313634417a67594a0051776a07b0cba1c9
6ee97c2eaf0d6588184e68b7b2adcd4614bc94ce8ffa1b5f75d7264fca5e844b
707ff95e1c8d5fdf104f1398fae86cd13b594d95899c448db8ceae488d4934ec
738827c79f4b5df09a02e97c1137117dd5db85082a5be2b1c06fb62eca1a160b
739e835d23ac0a35c5cf90e123d2b0b2367db61b0727852730f6abc8d57287d8
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
757c0b8b121e771aa6e291796631026ffc18a7736bbd2b857dfd03b581367dd5
772de1eb224033fdc2d4f895698a95d01249b3e95be8f99991e8f9099c985df0
787ed1e9f233b4252d8ed16a2ffe349ae6d520261f22eac2d2d543740878db1f
79a573f6e9799da462e038441c92df0b7e259a6356440c376bd8be2a79290a8e
7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460
837d63620657b055c980948022e01ba5c63c986d3d08ca7db80558411eab45d6
87a92e159459b46d503d7ca9301e076e886bf1eb91abaae349f8b6a69deb2571
881557cf62ae6459da90e17bdb7c608c646010d308e4c0feb9cda80cca82d59b
88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b5d61a246e0cf39dcd784a0ac5d4d744b7cb0b737f6672cefee63aad5b4ad5c
8b668fc0fe1720d5c5a32e17084992e57e3d2ee021731adf992e3546c5dc28cb
8b9df28f59076afb3f8ebca8d01cf67f27a2172705e582d8824af82e4a293494
8c47b44c2eb52f803ff7faa3cc7043d75a2814f83cf9c1dd66a1c669184e68f8
8c911e08d44dd204ab6b8d9d9d1f74658176977075a7bf651e6b42a963c1a98d
8d61d212045611c2b5a7956db31bf8ccf7f53515c48f85d6851be4c66a1cd9f8
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e2b2033aae5f2ebbc9b92291c3cdfa7a084429d21d85b382e39dfbd875b5f55
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
96e22a33f827f042ac4b239c21f468a17c87545df3f6b90e100d3a91b253a1e7
985d2b656cce9486a1f152d7c4bbbc4cc1d5a65a0af9bd52e260bcc255bced06
989f91fa12f5f9e15f7a3bd766a2b6f7fcd4516f042c420456474f7244948b1f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c1d5eead33fb63bd3a19b2444461953449797f909ef408e9aef9bf572546736
9ca119586f3ba8e6a4a1dacf83852d3275071d2501de033ba04673b4efde1ac3
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9ea78b1ce65a703b41383df1e1f48f700ed6380c1cea10c4d72e778979bf9afc
9ef105f7221a4f09156140c154b35b210855a2b53a0e6b21d1c5a3f49f1408ad
9fe178b3a246dfa8391758b6964ea91fa324fc0942c9d3fb8e7c652a47ab23da
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1755361ebea5c38443a4e30f7c334868e54ed383f2ea73dc412c665d0dc6f4e
a287c900da4f4cef8e6d67349bd8b78697ad934c0684abfd28d66eb4a2a25c60
a47f0577f7ea71a94a67f89e665edfa620191e7c7741d5f86416ff15d2ad93c8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6cc789aba8ac76bed3b32f93c97b5848d1e04c2866c15a0cbe39d9c25783af9
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a91fca903f7f2a3d051f657b5b25baed4e99b6c1e51bfee63737f73ff54f2b7c
a9f2bdacd4951b5e28dcd417c660d0e84dd2d82c09b81d4ff3f22e0bd3b20cb0
aaa292c08282944329c264acf4c4955a69f56548692a13e99fc2200b16c477d1
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
ae8017866a6744d35f26aa9da389e9771d40bcae3ee65df4c1b5e16e57b09fda
af27ff8e0ffae533f2ae54cf3d9372c0979b4d1691a2573af76d426a9488a545
b0a9edd9406b9e846d2613b16def49dca3d2307816622cb274acc4d0d2314245
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2778d3de547e6cea0d57eb3abc515fb41a4bb7e2702cb26f207ebf297468e75
b358220e5b27c2715f2afcdc4c02c448766bb9d81b959f877a0026aaf60c6f86
b417c070673174aa724c999366f652e5ab1971aeeccd7a4ad40e4e4c063d7b9d
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b9cb93e362454f74e2f63425e7b2eab735375f6b9b65560676e01c6f5606cdd7
bbed5424f2f97c210ccba4c2050a216711a997c49a8cef4051db16386e7a1b4d
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
bed8ef8c6815f4d70b635a82732e8a6d28fdc859581f2af9120b5dae088d98b3
c0fcb71f213c1aefb6bd2002a7d44c9f1b1ab89bf5e0a8fc3315841dd5f92591
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c2398f7cd250e7f74a174468329a3f1cb829032998f0ed4c0034672aa5f3ffeb
c2af72a404720105529c263fd93cd0193b920a7098a0e8c068c7fa9e6c35754c
c74d4c8be63fda641c0e0255ad3c7416862f17e31442a1a0ddd7645bc2d69d3c
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d0eecbcf21b9acc777514bffbc18edd561d281bd98dcc00a4d7960fcbc975982
d1f7d57c54a2f168df796106063e89d2c6dc208ceeb2fca5257ed9297ec2bf88
d2d887515bbff324e166602e4a4f70f620adc7da103204fc31d8fd3d0253ac62
d36d6d3206e659da626f7f2a51fb78d2fdd8df03852bbc5c0ca4ee8fde52316d
d5e62a7f912b4ccb517132c3d83c5bbd6238b464e04e7587268c037f3a93b2c8
d781b87672c02c52d249927ca34da19e4035710880f40398ba979dd475b2c9e9
d885cf09ac007648bdaa350a9c212bb445f25dd39f95c076d3b2b50e1d4450f9
d9ce125286da505381ed19d3047abb4bdfce2b9732c843e4804e06eeb4d7a577
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
db725e2f455d418fe503bf105ae1f43045035eb576fa2f667e21a8c290e06d17
dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b
dd259f8309cb2c4513eb680231e65a0a350b0f8fa8eb4a025911004a4422105e
df6e7e11a982b4d3dccfad68c43cc7fb11ee43b40932fdefadbe80ccedbc382a
e0b374d64219f25c480983127d46b1dad0d87e14292b621df9205a2c3c5ce98a
e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
e28ca4ec0407fa6ada8c19b60abf01311e13cdf09ab2fd7e763d098922d3b057
e2c418a303944d1c31548aaf08331c05ab08d7de8320a14fdcdcff6414fc267f
e2c85053b0a859c15584a3e36f4b2b89825a249de7eb5e60ceffdff90e693df2
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e685a897e3b552fe45551a3223b135ce7cb62521f32759e30f657e1028edd94e
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e83a6e6d3b514c443964ced040878fe12d03f326240804355adc29084ed7ca8c
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
eb3fefb9f04d4170c71910ecec0141261510af6e9e1597d165b9de39f2e10d73
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ec9c1369b44606c44b3ec76cd8aad114ccb1f370b75d9ddd9e2d57c4b8ced6f9
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0a19a7e20dabd906ec6c2d9ad7e0062049858827d69ed615458123c9b2870f9
f0e2f6c277ff5d8359dec23dff73f2e1ea64f512f3cf966ba7432e76e90846fb
f35fb700ba1c9f6aa2b682cbc9307da3918e9e7281fe35caff1d4a298b8bf046
f3a2f2ff619f65704ccefd549c7f2263e12111be789d50e398aafc0ee53b5f7e
f7c41caa53b84b95c232a75bc6e1266e8db92ee57f50a5670075c4bd7baf423e
f7d5efa206046c4c93f66d4bf98992053a5c5fa126c42656d147a8427ffe6ea7
f8851656c76b34d0b68710739e01ccf4592fcbf41a901b9f75709abf6b117151
fa70d5fb34f4a2dff7aae3c3b1eee28c078dd981bed43daf4d04b748595343a5
ff8c78ec4ebd4b0ef426dff1d250258c1573f343d930a59abbf39c7029b4eb97

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

443 Requests

83 %HTTPS

37 %IPv6

67 Domains

118 Subdomains

75 IPs

9 Countries

4917 kBTransfer

11348 kBSize

20 Cookies

0 Outgoing links

Redirected requests

443 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

443
Requests

83 %
HTTPS

37 %
IPv6

67
Domains

118
Subdomains

75
IPs

9
Countries

4917 kB
Transfer

11348 kB
Size

20
Cookies

443 HTTP transactions
9 data transactions