pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Submission: On June 20 via api (June 20th 2023, 7:11:33 pm UTC) from TR — Scanned from DE

Summary HTTP 307 Redirects Behaviour Indicators

Summary

This website contacted 47 IPs in 5 countries across 32 domains to perform 307 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
2	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::11	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	2.19.224.115 2.19.224.115	16625 (AKAMAI-AS) (AKAMAI-AS)
20	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
53	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	13.224.192.181 13.224.192.181	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
2	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
17	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	108.138.9.235 108.138.9.235	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1 1	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
3	185.7.176.218 185.7.176.218	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
29	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
15 21	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
5 13	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
5 9	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
3	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
3	185.29.132.246 185.29.132.246	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 4	138.201.63.145 138.201.63.145	24940 (HETZNER-AS) (HETZNER-AS)
1	95.101.148.198 95.101.148.198	16625 (AKAMAI-AS) (AKAMAI-AS)
1	88.99.219.174 88.99.219.174	() ()
20	2a00:1450:400... 2a00:1450:4001:80f::2006	() ()
2	51.75.147.170 51.75.147.170	() ()
6	142.250.185.130 142.250.185.130	() ()
3	138.201.63.164 138.201.63.164	() ()
2 4	46.137.93.67 46.137.93.67	() ()
2	35.244.159.8 35.244.159.8	() ()
2	2.16.97.41 2.16.97.41	() ()
1	2a00:1450:400... 2a00:1450:4001:806::2004	() ()
2	2a02:26f0:480... 2a02:26f0:480:9::210:ee0e	() ()
3 4	185.94.180.126 185.94.180.126	() ()
2 2	3.71.149.231 3.71.149.231	() ()
4	2600:9000:223... 2600:9000:223f:8400:8:48e:53c0:93a1	() ()
1	141.101.90.97 141.101.90.97	() ()
1	108.177.15.157 108.177.15.157	() ()
307	47

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::11 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.224.115 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-224-115.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

53 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.181 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-181.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.9.235 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-9-235.fra56.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.7.176.221 (Turkey) 1 redirects

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

rek.izlesene.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.7.176.218 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

rek-n18.nktcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 142.250.186.162 (United States) 15 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 185.80.39.216 (Canada) 5 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.89.210.122 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.63.150 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.246 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.145 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.145.63.201.138.clients.your-server.de

hal900010.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.148.198 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-148-198.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.99.219.174 (None, )

ASN- ()

hal900029.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:80f::2006 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.75.147.170 (None, )

ASN- ()

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.130 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.63.164 (None, )

ASN- ()

hal90006.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.137.93.67 (None, ) 2 redirects

ASN- ()

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (None, )

ASN- ()

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.97.41 (None, )

ASN- ()

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2004 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:9::210:ee0e (None, )

ASN- ()

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.126 (None, ) 3 redirects

ASN- ()

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.71.149.231 (None, ) 2 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:223f:8400:8:48e:53c0:93a1 (None, )

ASN- ()

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.101.90.97 (None, )

ASN- ()

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.177.15.157 (None, )

ASN- ()

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
90	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 133 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 155	858 KB
60	doubleclick.net 15 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 244 googleads4.g.doubleclick.net bid.g.doubleclick.net	431 KB
42	ye-mek.net ye-mek.net — Cisco Umbrella Rank: 858491 cdn.ye-mek.net	618 KB
20	2mdn.net s0.2mdn.net	621 KB
20	virgul.com static.virgul.com — Cisco Umbrella Rank: 63446 ng.virgul.com — Cisco Umbrella Rank: 55403 ng2.virgul.com — Cisco Umbrella Rank: 60888	272 KB
13	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 621	10 KB
11	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 39899 hal900010.redintelligence.net — Cisco Umbrella Rank: 448958 hal900029.redintelligence.net hal90006.redintelligence.net	22 KB
9	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 249	10 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	502 KB
8	adsafeprotected.com 2 redirects fw.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com Failed	202 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com	2 KB
4	mathtag.com tags.mathtag.com — Cisco Umbrella Rank: 4813 pixel.mathtag.com — Cisco Umbrella Rank: 1145	3 KB
4	google.com adservice.google.com — Cisco Umbrella Rank: 107 www.google.com	743 B
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 357 aax.amazon-adsystem.com — Cisco Umbrella Rank: 444	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	nktcdn.com rek-n18.nktcdn.com	30 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 422 imasdk.googleapis.com — Cisco Umbrella Rank: 495	185 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com	570 B
2	doubleverify.com cdn.doubleverify.com tps.doubleverify.com Failed	106 KB
2	teads.tv sync.teads.tv	326 B
2	openx.net us-u.openx.net	418 B
2	contentspread.net cdn.contentspread.net	95 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 102765	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 1964 feed.pghub.io — Cisco Umbrella Rank: 2174	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13184	6 KB
2	cloakan.co www.cloakan.co	1 KB
1	o2online.de portal.o2online.de	608 B
1	izlesene.com 1 redirects rek.izlesene.com — Cisco Umbrella Rank: 273056	170 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	21 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2353	360 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	47 KB
307	32

	Domain	Requested by
53	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com s0.2mdn.net
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
29	tpc.googlesyndication.com	9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com pcloak.blob.core.windows.net s0.2mdn.net
21	cm.g.doubleclick.net	15 redirects googleads.g.doubleclick.net
20	s0.2mdn.net	pcloak.blob.core.windows.net s0.2mdn.net ye-mek.net
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com pcloak.blob.core.windows.net 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com googleads.g.doubleclick.net
15	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net www.googletagservices.com 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com pcloak.blob.core.windows.net
13	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
9	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
9	www.googletagservices.com	securepubads.g.doubleclick.net 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com googleads.g.doubleclick.net
9	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
8	9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
8	ng.virgul.com	static.virgul.com ye-mek.net ng2.virgul.com
6	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
4	static.adsafeprotected.com	fw.adsafeprotected.com googleads.g.doubleclick.net 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	fw.adsafeprotected.com	2 redirects pcloak.blob.core.windows.net googleads.g.doubleclick.net
4	hal900010.redintelligence.net	1 redirects 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com hal900010.redintelligence.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	hal90006.redintelligence.net	hal9000.redintelligence.net hal90006.redintelligence.net
3	tags.mathtag.com	9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com tags.mathtag.com
3	hal9000.redintelligence.net	9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com pcloak.blob.core.windows.net
3	rek-n18.nktcdn.com	ye-mek.net
3	ng2.virgul.com	static.virgul.com ye-mek.net
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
2	ups.analytics.yahoo.com	2 redirects
2	cdn.doubleverify.com	s0.2mdn.net pcloak.blob.core.windows.net
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	cdn.contentspread.net	hal900010.redintelligence.net hal90006.redintelligence.net
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	ajax.googleapis.com	ye-mek.net hal90006.redintelligence.net
2	ye-mek.net	www.cloakan.co ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	bid.g.doubleclick.net	googleads.g.doubleclick.net
1	portal.o2online.de	ye-mek.net
1	www.google.com	googleads.g.doubleclick.net
1	hal900029.redintelligence.net	hal9000.redintelligence.net
1	pixel.mathtag.com	tags.mathtag.com
1	rek.izlesene.com	1 redirects
1	imasdk.googleapis.com	c1.imgiz.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	www.google-analytics.com	www.googletagmanager.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
0	tps.doubleverify.com Failed	cdn.doubleverify.com
0	dt.adsafeprotected.com Failed	googleads.g.doubleclick.net 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
307	52

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-03-30` - `2023-06-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
redintelligence.net R3	`2023-06-09` - `2023-09-07`	3 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-30` - `2024-04-29`	a year	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
*.nktcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-16` - `2023-11-06`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
contentspread.net R3	`2023-04-19` - `2023-07-18`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-07`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
portal.o2online.de E1	`2023-05-25` - `2023-08-23`	3 months	crt.sh

This page contains 39 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Frame ID: 882739D8D4A8B204FD405FF41715E354
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 4A643940DFFCB4DB55C0A74CA6B634D0
Requests: 94 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: B08E81FFE2C096B69B1AB24A5D3FD809
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 7595F24A857C75CD1031471FBCCCF4B0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230615/r20190131/zrt_lookup.html
Frame ID: 075919C6C1544E783122A12500A2F7AD
Requests: 1 HTTP requests in this frame

Frame: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: FE3F5A955E2448791789C498F90922B0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plaf=7%3A2&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288289815&bpp=4&bdt=1242&idt=387&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&nras=1&correlator=4986492756705&frm=24&ife=1&pv=2&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31074583%2C31075308%2C44788441&oid=2&pvsid=1962600687517880&tmod=881581617&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.mu2cg8x3bu8&fsb=1&dtd=404
Frame ID: 0016B5B08FE8C81FF4BA47CF2B4C5B22
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Av0BDKF0dDSeHlmPnKg4Fkh6hy_M-oVEn5FXpWhFoJWtaqDaZNtrkvVBbP1m8ebDA9MOQpko1Kl7laG0g6p_lynEH4BRtH9jh87nugZZ61Z5rl9VRIKdwpxlySKC0ZVjsGafhRoMZGHZd-ON2x4HPlLVRc1UdA91_CtHNOqXSDJ4B5ui8&cry=1&dbm_d=AKAmf-CiSqMcsB-X3GWDMpOIDGQIAk0ZzeYfxXc6Nc0DwPANF78uiTCCSSWqGLG03yUHGqUrcF2n-nvutOZVLOIs361owZrJz5CX2GBNZHTo8YeuiXX7ztk7fIJCu5Uelh6-gxRdIOBHb7vZZxayDajHGNpeiVKlzCHASxYtzvjiA7AKkgiNbiExz0-Hzdyd6ALeNYLnwr4eoPRPcq73R3Pa_q1-9mVm5denL6DTTPS_uvBF-Yamqlr6uyVnlDAfjDV2Jph0OUTpzl0sdKT_Al9zK1E5IwlNDsIRqu6DQHQDsTo4700sTruVDS1iFyCkGYTL_PAYnikJzni3jL6YnWtcwmvA7CUL7USx7dMbSn-apjB8gZT9U6LHBJZnF_dOGEQHNhQ-iMMzVXMobu1h0qZceW-HEYDONgyLCGHCqQMNUjFeZuiEXsm7XmvUt5b9DC8zCKdq5_daaapDQ5UF92pu6qEOpguk8iP9Xzvr1FBVdt6BBW0Kt3hNVue2qei7NJb_T765D4Px9pUS1gACtkKvzryF7pTzgaaRU_WE03z4kTQHJknrmO6kRw8mi3ZbxQykiphbHvu4naA_1OIdf5ZhjbJ6G2fie0m7GJ46Xc9iyjdTkH4nDdQy-0ROex2FuW1YSUr4x_pUJSZ5UZokZ-cHEKuZmg4CwLVztHZIrw6Hmo463JfSLRZZ0DfYN4SI5_1J3xUN4osTnCG8LjSer7oQsi13YcxqnuoSOmEFdSfS3xRiQsu2atjy6yFXMCWQ54wOzHFz7P2bAjQbzoNOKGEav1Wl_GDLRX9w7Uu-krvJ5Nti5yRElx3bNQPFOl7A6BJUzeFXUXT_nVCbGL46pckCXsLuKygPt3E7lLGCWbpfwD6nKt2gedx3014wlcwQLc1Qf5pz6e1qH1XlTKtOhDQNcgSONa72TleFLQztxp6igvkzZ5P33vMy657WWaariqs2jryJr1apaIA7SQo3fmldZS4fzgB01m162IGu2skI4h3-CeLVSl_Jym_uxOl4LnWF1RrEARPLVya0Y3ouqyBWuG7cAyGzsFwt9t45T67riDUHdERDwJs_YmGQ80SrhZQ6hZMdASaJ8OqsO1wWk3B34YhU4ZMq3EIGXaVV_Srxa68xVU6OlGd5ljNPjRRIp4a4xH0vf5vDX3rJc2tsCpcsYc96F6tMVsdfEBG0WrPejZt5VUlWEvd3kzSGD32LxigX3ETAAGZbM2e-xU_QZJaJU-1KViUDkQBuLKeCJaf7MhQZnvTEtgtpcI3GcTH4uCo7e7wS7fvbACJ0kBnNzG_29-Xx-MnbWzr9xAwWpxK2b1f3qtE9fIpaPlWf5mj7xhZL6MPeeD1frd6kflSc_LdIqUTb_3Qx0I-Cu-dDlmt8fum4OymfHC5u6AtENxYcQtQVxS5gYU32cIJcyoTjytbqyqsHq6HHrkcumfpUlHVoPZ-HoKaunIMl7dF6PYRw_3PAoZgLQ21T2hnhSzCvIeV3ojrYpv2J5axEGzkKXN82Y7yXQWfkpwrRWOOlp2aKB4AU2P2WlnnfQG270RC1lr87VmDRXtrzm6MuEdL5IXPS8m5-fykgWwefUL9uJhdut3qJx9OcxB5A1tm5X2QZjUC1yZOp9ygGYwCOqFBJB98cErThoWRol5FRIxoUJh-Ec9i9gE2f0kujndKGAQSrorgtGuhZOpHRu-lv5yxQrXoE_bIcVxXLKGp_WN7SLoGsmv89xwlDPDwV8ExACvWA6MInT5LAz9BAb9Swq7KknZ1cZHQSyS40f2PvunvXjMwR_BR7qzhtCYGMxtfBL-DJc0AqTk-bRs8BNDfzxZNPb4ZarysqEmhcUR9P-etypT9paQukmrwIR-veoxCVh8SmI3Q-T79oBgQ_x6SpzPyMJ_LbcjoHvMXrZ87Cy6KgaKmfiDKDtLbJ0KEfcooAJhxIwQQB2WD39VuFBKHiQVFI9wu6HynWfejE9wn_OYEopvgxG3VdwXfUW3312y5RRTweVx-Tq4SS7M3Av6Hgsu0Tu9ITyR9xL_9LJl2FyKsEiEMkYHxG1CwiGHxyTpdNMNVOwHQY1d1zrAV4WNkHjkSU9ypC8cWcJkPWlQ-OwBiVZNq-ILaNa1MvC00S2Kd1opN_fe4rbuDFVudfMw-Kywqm62WmXvRq7eVnouVQp5IDYGbuMCoS6imhB3ywLZ-91ucuDLRbvDOmWFca1KG-3Hiu5lC7nRmF7h9bvIo-4RQzB7iptP20J8lsJZ-EG1BApGBxLTYfv2xyv9_x3G2W89c_XS19laQQKD5a32Hnb9gYY9gHOO5_N-AheQflMjSY6eAmXipWMrdaHcF3H5lp_LR4VPZ2-pgjDFRZ1AMjVyAnSx5oseqQdQkypHKaU1-PVW_9g_GYYjRFH2Tc89ZIQGUNHdhN0u8AoMGalnbAVYVVispZbbFkahhKDZS5ZpWSfpN8VexDJyKJincvv9VogB5hO5gNMxhm_h0TaMdwM0ZuHPy31queoESPvJr1SoKrvocPBaU5RgIxACXnlRXFyOuq9Fr7tKrRJU27IiHrWK7qQremLufehr_PC6aM41J4UK7x84zkXmCwEdnbOTco2lz9POsyP60ok8YPr1Vz40224MxW-7KhYFE6exthmUnlLMS2m5eFys9mClL1MA1cFY-YKXR7uiH6TsxNwstyg1KQxXd207897eYSMy3YFNTq-Y6LtaW9Gvli47kGKlGjERHylvKXv1UrLolFDcDiNBQpn9JRXpQv5P3cdVh4mnuv3r7FWmG1tbBBj5e41LsdOgEdkz5WUGpDHVrkNgGAkBeqxX2knUUuNOR1doQ4Y_WWhJ7qyXYmthuo5a6FmxcozIixwvU2bGin6yz4SyVsYqAWFBfAlHcR7zJ8oR6Dp7rjdn3vlWxWRPsoR72zPJPUKbzxLigiDvgq5j9UCC84FkwpQCPVOx2MRINLsHkMmIxL-2kffJ_bJ2g5FA1zmula27qDGDSBzoJ5S8TYQM9X-fi3Aa98yRsJ45_k3HL_maeRdExzGxwF_vq8S4P3HZhsn05_j5i-M6Hy_G47I5kIkkwKCZM3H2Q4lsiFExDI5rGxvh22iDCTN-gp5XgVHwXrrWhHPjV5nAVKqO2A9fVp386O1R3lhyDY9EJRkZnQqlDgSi7Uwjye5DkKRy-61eJDhPJfOvFy9saYR9BdPa-sAkbddOlWwe2akF7SF4mehrNAYiBZEPVpMpPP9mJu-RpVKzKYZWGWdhz-KSsdlRRabLK4dJ6Q2XVPG1mTzkkhO4ooeFRFrd2jLXjM1_4ZutpkHmAr8D5I660ibZoXYgmCGAx0QBBfhUGLvYONo4c0JW1DuQpzIm3Ck8o_8c6sQqCrFwR6Xbxh_EgV-BXWx_MmkXvUtKt0sWzWfqoIq60oBer5IiTYoC1EIX03oZI5-nv-LdIl6BGav2jb67YXMrmOsR_mNEjEkTL2V1FY57b12TuAdCF6SjBvut8ETa7ZJ-XAHvRTNaJixLPpvh435VN_B5iqEtsnZH2tKyzJ5ozEWvx3vzw-Neo2UBzPlxuyNkI8NTrMfObl9KAbL9hvSpykMbiskBNnIlG_Cg2TUWVM5sbGAMGu5JYD9c3CRGT0_xctcqJj56xInNWROLDAjQTdctwIdRql2FAioS2OhJ9j0qB6sJHq0vE017Ubqu6wFr1vKYzjooleYQRlxkZl3essy-EO-TmWzp3IAUkErTPCvmGv8qnkp_a7DYZgX37q_0CHjiTAzynadyQK30GcirJFZVMRUSOdkFWcnqMeSnxZRcVynL3xY9QHq_CwIDhTETYKAiNG4ySV_k5kvpob_Z4t_cGRgNuNmVj-d3rLr2UnmXSSyNbhGEfj9q6nojZEEYwDedRcfsM-kLmuUCvMDmhS2olhbXWJXFXjO8K9t5ak97pKCYb2h3CHE5__oNY-eHb8VZmob1-a60FPeQh5idsERBXktKA_e641FxisKyBMACPqf7yauNV0eu3ncHrGNHdf9UoI54jPH5M0sfmc-pVRKQm60FVCH-9eEcXHotLrhnkQdsP6J8ZGj5wO5i0pTv1dXtd9UlAA8o5idEuKb-PIGeCEDlJI4AMXs_8lMlQnBn0kLA-F9Yh7lInTMkh-yRSttiGb5EZa80dmLY5ZWXzcMYyrtEBvcS-jStdEjzkL8uIpLqQH8E8sBOSdS5oFzA&cid=CAQSLQBygQiDclwvLqS4ELpLw8c0EEeh1h47XVKnOCD5f4hepR6HuqzFgxPFBD8HIRgB
Frame ID: F71734CF29CA94A2B12E12B88487F92B
Requests: 5 HTTP requests in this frame

Frame: https://ng2.virgul.com/adview?a=60b91f99e4b0b65b3ce7bc5b&t=pageskin:153493&r=153493@site_geneli@yemek_net:site_geneli&l=&mt=1687288289347&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd&vmn=60b91f99e4b0b65b3ce7bc5b___153493-1851625587
Frame ID: DC54267BBE3C913121FFD1029424B435
Requests: 2 HTTP requests in this frame

Frame: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B5A6DF2AFE58DFFD604A251F62DEEBF0
Requests: 8 HTTP requests in this frame

Frame: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 63CC83E1ECEC39F4A9E16FCBA49F94F2
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW4zQ_fyyrVh8wkYAZQncg9EGHd73IzH_eU0rg3VUmTqe3_jkeX4wHnkhedpnrtNpiXyHse2hYLCLVThMoDov28dj7X5hBzlCJnK2Bsn6YCDEn8fJwaQ4J02X0GwqOXI7afZcJvzucJUZCVHZMGPfOdwYueyk8Wo6WEtcbSSYUKqzIMVhE
Frame ID: F970BC729E113D44EAD989839DBCB104
Requests: 5 HTTP requests in this frame

Frame: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 0DEF6BF86F223BDB080EE3CB657B4143
Requests: 18 HTTP requests in this frame

Frame: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 209E5A777011C8F58A0EF1D0057EEE5C
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNVwkvYkIG-gOc98PQqOdyq0S-pV5UmGvIFMCztNOXD0blwL5SuMRw5xDSn2e0RU0A2RmfO5rZqb7UqFmWFJQpN-bXB8AtoV0HYY0cWbOgH_VoDkwFsgmv1DrW3T6SQgM_rI_XnDqmXmCQg4CoIEVw21KLI26r38phHkKhqjkj4Rk4bqz_I
Frame ID: 707CAAF4ED3CB6D6A5B604BB4CCC86E1
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0908A9B79AD11ED4504AE3157E0A8A18
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407280060&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290877&bpp=2&bdt=303&idt=228&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&nras=1&correlator=374892577277&frm=8&ife=1&pv=2&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.aq1qt5jkv7bz&fsb=1&dtd=246
Frame ID: 4F66668BD9BF0959B2ED1822383BF4FA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290879&bpp=2&bdt=305&idt=249&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=374892577277&frm=8&ife=1&pv=1&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.pjkovxnwj8f6&fsb=1&dtd=260
Frame ID: 8FCEE937D07F2AC213D483A4549C9CD1
Requests: 17 HTTP requests in this frame

Frame: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B8326579E4932B8F7C1A4CCB54F56AE0
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUYV6BtFpXJ3ky4s7ACWC0wVfRrzD4ykJo2jvf4yR3GegJRVhWBQ92GkoITSvTaOni2F6PzugMMNMAPTdEh_bsz7WmXnkZ6NHkNhLZvsZm_KyEmNoWzCRPa2kMxVG5F9i6S50Do54kDRxTWqxIm3piUvXLjlMB6p-AAry4_xVFKduSr3nQ
Frame ID: 6E012B647754A4A286D3C89D91473227
Requests: 5 HTTP requests in this frame

Frame: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: F89D4E12DBC129092AA4AE333EA7FE59
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNX5gP7qKxLluQkEmctnCg5cHyosYYLrubo5AfXxmqFTL1cOiwM0hvhF9wbt2kX6LXLBUibXA2GwZwaqSmS24vAw6ZDYADNhtX9N1T9TSClbEdJ34FK2RfWiQaF_A6PVba16bMPqYd1AFp6iG0kBHFwoas6T31i3i2zb3fY0rfP9yZNDQfk
Frame ID: 4419B7A624349D37085FF994E7B52747
Requests: 5 HTTP requests in this frame

Frame: https://hal900010.redintelligence.net/request_content.php?s=49689900114510704444554012361010&a=09b9c55f
Frame ID: DE29F72ACDA87DE2FEC89555CF0B5C38
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C205CB856B3CD098D6C8DAC8B1E4E208
Requests: 3 HTTP requests in this frame

Frame: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 0A5EC298D5408B097650543A7315CA33
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNWyD93E0llWBEIsQx3yUNf8B5-l6f5nRA6t9JMyIl69hfTFL-bcH0qta-1RmdYHr6tv5-z8oipewqVkbLTSU7JzcO6OK7Mq4vaoMyP59vhDZzbQC4_GRCwATf62DcnUTszVGc7i85Fq0g5uSIor7uAU_9-D8l7CRBqZXufcGvU0YbpaK0I
Frame ID: 9FA9FC55DA2FC9344B4882815D8498AB
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250
Frame ID: B1DC157C6BEC9BEF3494D1200C69D0D6
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 601A7F63F8A77C75F658D4D71061800F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXEJVxkXj2hz5Gcq4_kHzg5Fkeke0vrCHlF8Rh2sESVuGvIBNSfNuDZYUiF4Du_kdenWZZAFFuyISLJ9MPxUiIFawAMek4NlSw2b6Q9nEvugdBzghfAFEu1HeQEioLNd7Fbxgmmr_NS6jAvSP6FyYrZ_wN1vT9B-Z-Ep1_sW8h6tFea7jw
Frame ID: 389D85FC7D8A39EF9694BAC3CE8259C6
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: ACBF6E16E60805209E4707A7B53C9BDC
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250
Frame ID: 90200E12657521487118125B0D758E27
Requests: 7 HTTP requests in this frame

Frame: https://hal90006.redintelligence.net/request_content.php?s=84621600121546704444550012361006&a=6c5093e3
Frame ID: 85F7C04C113D627C954F91198BB3F7FA
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B9EC4AB3D3B7D0234902E8B607693728
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=2Ag6AKTjhr&t=1&renderingType=2&ev=01_250
Frame ID: EA8D726634AE40AE0CAECD1909D27A99
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: AE3852ECADE5A34E548841633F41FB56
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3941.js
Frame ID: 9C1690346D5B5E4F0B88D8B99CC5CD00
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 27604469752DFC85C55BE096872F7A00
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 58CA5DF298E11D2E6D8A80441DD57F7B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js
Frame ID: E8BB742D773255138ABA4963892891D3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

307
Requests

89 %
HTTPS

35 %
IPv6

32
Domains

52
Subdomains

47
IPs

5
Countries

4315 kB
Transfer

13938 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 99

https://rek.izlesene.com/mockups/philips/Philips_utu_DB.mp4 HTTP 302
https://rek-n18.nktcdn.com/data/ads/mockups/philips/Philips_utu_DB.mp4

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

Request Chain 115

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJH54hJYL5K9sBrBhMALKwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

Request Chain 116

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

Request Chain 117

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

Request Chain 144

https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=fab8f966e2&subid=&uid=f5b78403d2092dcd&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVw74vmRZM-NDvGj9u8Pt4CniAem5b2gaa2VnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpArJnLxtrSbI-qAMBqgTdAU_QZcbRNo4TG_MKVtUggRUvo7-SO2Nt3hpft39QXxiWNXSwaEEU1INKyJhTmB-fkkkHR8N4sFNtqzHSlw5uVyTWpU4Z8Y-etiYJQdYKpqbW5y76dhXc4hu_3f19KJqyy-6xR0B6vzpMlI0N2sJXZiF8D2IVfJIotk4um_5j2oxIvBHcEtFB4RZKmVs3w3W2NTsTNuT9AvfpLccOpXbZso0nqW1gcHU7jE9ggs8zCmx76BUWjCZHkiyNIzjYwm2TxaP-TbpbCuePYA2cQVYBxqM_hdNDl5f7OuV_xfj7wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGiDAgqBgoEw7CxArATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD7fO3vghAvWc9IAAQha7oqDGP92gX6i0dYudvxrDuAShJ_MfEs1_nzt9_FUqP5KEeYetkgHEaB1RDVoiOHNJGiySV6gqu_Y2i1d_qeV2s-2YA6afQk6XO0wyQZdQjWxkha28Z_4opHN8YAQ%26sig%3DAOD64_0iZW8Aqj8F4ECW8A1tFrja6jWcAA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-AxDZGLTcLZfyPtqtbXJlIOOjrx4AMCiZbtygDnMfPacQ_wQ0oPcFENsiCpBdAg29JdtKLs07tokg4n3lnNbAmj4jhUDX1enYWQPEcojEIpGV2Rrb3FjMtJnWdVoWmY8k3IeGcDznJUUshRYzz0sxZAt7u63dRsKbgcebUvVdlCL8VcPa8%26cry%3D1%26dbm_d%3DAKAmf-Cm9OsjrHir-pf-tezHz_eTb-o9_g5VPAxKeC83xTC7wI2dneX51eaa_fIYhn7a5CtMXbnTFvbFHJ_rkZ767ZI1hna6yaRJaIhcvu5ZiS2kIntqc84Tj95RWpxGd0qPYNOSp5c8Wrt7LutI3_M1o4r8g6uHuf0rKa29eWQ1T0CU_oBAJoK-8YD1C13usHur5qWO0DPxfiv99xbUBdXIUGX-hWqriZQwjGIPF7m1OfORG87-CC4z-6hPJaRGoaw83wow-hl90J5982h1v7IXmCGXC3aTKSumfptOTQ9yn7TrCLYr--4LgywlunkSaqZj9i-LM-Fuuq57KCNPEVew3ck6BOiMlOSkBpK36QXhyL18POJIZvMAWBhVa7Iay2_OS8kZeo7zCOl6iuHDtTeY-A6n2AdAGqByq9RcGFXdstu4-wu2K9yJRqgWX1FwR8xWiKLvJRulaGcTiNId73cIHcfCvkUdeQeEAd42oLzw-kM_Nd3lPMQybYmgBsnTkXs24WDzsmi2NoeXFGqbZBueEW_SIzF7vKECSekD4piQ3vM5YIGpTc4%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=3319256647040&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=fab8f966e2&subid=&uid=f5b78403d2092dcd&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVw74vmRZM-NDvGj9u8Pt4CniAem5b2gaa2VnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpArJnLxtrSbI-qAMBqgTdAU_QZcbRNo4TG_MKVtUggRUvo7-SO2Nt3hpft39QXxiWNXSwaEEU1INKyJhTmB-fkkkHR8N4sFNtqzHSlw5uVyTWpU4Z8Y-etiYJQdYKpqbW5y76dhXc4hu_3f19KJqyy-6xR0B6vzpMlI0N2sJXZiF8D2IVfJIotk4um_5j2oxIvBHcEtFB4RZKmVs3w3W2NTsTNuT9AvfpLccOpXbZso0nqW1gcHU7jE9ggs8zCmx76BUWjCZHkiyNIzjYwm2TxaP-TbpbCuePYA2cQVYBxqM_hdNDl5f7OuV_xfj7wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGiDAgqBgoEw7CxArATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD7fO3vghAvWc9IAAQha7oqDGP92gX6i0dYudvxrDuAShJ_MfEs1_nzt9_FUqP5KEeYetkgHEaB1RDVoiOHNJGiySV6gqu_Y2i1d_qeV2s-2YA6afQk6XO0wyQZdQjWxkha28Z_4opHN8YAQ%26sig%3DAOD64_0iZW8Aqj8F4ECW8A1tFrja6jWcAA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-AxDZGLTcLZfyPtqtbXJlIOOjrx4AMCiZbtygDnMfPacQ_wQ0oPcFENsiCpBdAg29JdtKLs07tokg4n3lnNbAmj4jhUDX1enYWQPEcojEIpGV2Rrb3FjMtJnWdVoWmY8k3IeGcDznJUUshRYzz0sxZAt7u63dRsKbgcebUvVdlCL8VcPa8%26cry%3D1%26dbm_d%3DAKAmf-Cm9OsjrHir-pf-tezHz_eTb-o9_g5VPAxKeC83xTC7wI2dneX51eaa_fIYhn7a5CtMXbnTFvbFHJ_rkZ767ZI1hna6yaRJaIhcvu5ZiS2kIntqc84Tj95RWpxGd0qPYNOSp5c8Wrt7LutI3_M1o4r8g6uHuf0rKa29eWQ1T0CU_oBAJoK-8YD1C13usHur5qWO0DPxfiv99xbUBdXIUGX-hWqriZQwjGIPF7m1OfORG87-CC4z-6hPJaRGoaw83wow-hl90J5982h1v7IXmCGXC3aTKSumfptOTQ9yn7TrCLYr--4LgywlunkSaqZj9i-LM-Fuuq57KCNPEVew3ck6BOiMlOSkBpK36QXhyL18POJIZvMAWBhVa7Iay2_OS8kZeo7zCOl6iuHDtTeY-A6n2AdAGqByq9RcGFXdstu4-wu2K9yJRqgWX1FwR8xWiKLvJRulaGcTiNId73cIHcfCvkUdeQeEAd42oLzw-kM_Nd3lPMQybYmgBsnTkXs24WDzsmi2NoeXFGqbZBueEW_SIzF7vKECSekD4piQ3vM5YIGpTc4%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=3319256647040&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

Request Chain 149

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJH54hJYL5K9sBrBhMALKwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

Request Chain 151

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

Request Chain 176

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJH54hJYL5K9sBrBhMALKwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

Request Chain 178

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

Request Chain 192

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

Request Chain 193

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJH54hJYL5K9sBrBhMALKwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

Request Chain 194

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

Request Chain 195

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

Request Chain 230

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI2ZSB79ZZBUlTu1g6a1XnU&google_cver=1

Request Chain 232

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIsZUryw9oCVQnEG6C3IaEM&google_cver=1

Request Chain 254

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFdV6B47HosJLhb8DVmHSUI&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFdV6B47HosJLhb8DVmHSUI&google_cver=1&__user_check__=1&sync_id=448811fe-0f9e-11ee-84eb-16877d160206

Request Chain 255

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=4487f579-0f9e-11ee-9e1f-1024185a0406 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDQ4N2Y1MmYtMGY5ZS0xMWVlLTllMWYtMTAyNDE4NWEwNDA2

Request Chain 256

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1KdW5kaGRoRTJ1RjAwZU5oT2hYRjBuczZVUEJpXzBqZ35B

Request Chain 288

https://fw.adsafeprotected.com/rfw/bgd/1364558/69645137/xbbe/creative/adj?p=APEucNUH0emwR3M5itGpWOPzhSN09mw5vplNS105p7oxS09ZNXAka1E&d=CokBAKAmf-ABQR5RyRCK4cN3JCrSOzBAIDI5EsgEk13azXRwaq7MLjpEsbFOcc2R4tNFaZrSH_SY-CVv9POoLVxl2cIxsnEfunngiPmjtXvt00qnJkJ5KQp5lMwcoHwH6i31Oj-pBWhPNDDxyj8dLetxnz-FKh8BD_S8lBxYpskyNGi2RgDcscd9FyESmRMAoCZ_4GGsQaeECuxvX0BzPRSVbVgEHuwf_nh_65BID5fR-4muedJdfaEvIqJtRBxRemet8pq7IV_EqN8OQYvfJvRpc-LSoGYi2vueWLRhaf_THM9fY5HHknNtrEHpxoMU-2J4P2qPyQ1KnKonowY3_sDGMYSXAXCGDwJhcDCLcfZLfVKaf6fYjPh-oMFpCcbOvtZ2AlXprlw15SU4PaYTfXFZarnf7szmNqeWnWyRfGGnB0WOLCm46U_KdyyzUCaGg67Gq71L_7oGjDZc3DcaRvPOGvzZ0tn7TwKaMvBKMzGEVB77rt9GIHFrwxwjHScVLr7cx4MyDYZR13PutQgakTOb0xufuFc5WcBvToL6x7D9aC5SAtGF649nB77-_dMajYawj7Skk7UE_7YjK1hd80b7Rl_gUXw7nrGP0nofYBSBIIcyk1Me7ZYbedCuUrZZkwgJi6de9ka-n2qZ-PYwUX3LMqiPZ7IHOqlEtJQC8WS7IveyKmT-wre0H2Z9ZTZgs6SruJ7WYK5XsD_UDPfbEJvaTnhgTYCaDxOwOvV5u8LRYv0QgiG_bSm9sJzi1n3qS5zHqa0vtTzYn7rGZXCvD3FzCzmYotjubDfL-sEyf3sxp1YuOey2EfWmIPEuK00CPzn4E9AaYt8lkN-pm44uRmcsTlUEwBPYUplxkvh6T3h1MyCNRZjZor25EUnK_nIDZjbFzRgAKMGLevCnTsNbf5ZjcWMnJxcdFMfhfpA8ZtssZtzCy9oi8BUJ6dIcUTFJTS8hpXPiMEDqSs6GTbWEDWU6cKk4AQXsS5cbM-eaBDXifLzHxA-OQzxIVPIEA3XFWMUfQ6V7e7LI9rtMKhtyqP6E2j8OVMVlE2c9U-uBIj9ZKpsdY6jO3PpGQm32ZQ8vwi0irnDAxrqSGoLIGwNT48LrnU92jRDQd2K6wHBFiGXMbn20NhXIDJKPKBuYFXEpU_uhTOXuWDeM4PWt1MnOfAONRvVXYa7CdS4ugAg2tbegqUSXofaKyV__jrbG-CLYN5ezW5oo3_TLcJ942HU1nwZav-Sx0HiEq1IHIrFqydnAPHbZFe2b0obbt_t_DdBk9ntQDI7_EA1M_lPy95aF1XuvU0uRso29Jai-m2UTRfcceMidyZEkOFlYKhNwiJ3_gklEk3nmfeXw_Rd6kgq3wB2uQKIfkm_PfRdpFC8ECAyzu3uIB4zWXhhtKMryXroVPGwBczevS8QFbtYtzga5PZfjbUqcpAzvyFVK7Ux5ogKw8NByZvXzZgvR7jkyv1NmbiTz7mKWm7ScmKf_NFG_piAjs-BPsJ0HHtI2i15E_76iFAIfhktNdsQfL9GbM1M7ocnoJpnX474LQ07OWf8HdwzPK24ccG8cJEDl9k-EljgDYizZ6OBDBbRmkD8luiqZwaUoUPFuhyKJJ345zyI5Q-m8l2tUDvPaUzIfm7_CsgpLtorxRPfur_R18tMCPhup1CJddZIeaNtU9fFqALDny80B-lLRbRVfBO7nBceGs5wSdowRGg8UN5RXfCaOVYW0YCvTx6_u4MEVXsBbBENluahKPz1sWKNUObstQVAkukltNQGdsSTLpSfy5YK_V7Cvyio9d3httcWZBgpw0q1JZOF1Gh_V7-h7xeOO3jMc4lvDBeRVu2FSoecSBQi1VLzlRiWGB8YNCHhqr9-L3Zop_QS9Ob5IpLWxCkNZSc7aB_VVzpQV3-HhKMhC2bLXAb1crOrWdNU7S0d4dNJ9Bk43yKncOgYLzAQmSdReNMYfHewBEe8uEJ3ZtNp5fDAyvlOSmtgbxEjTEvtaWp0xAIjlEx-ikbHW-BjEIcflxghyTBYW9xCAbbXDKY9zoGHOfjdVnVtzqG6aVXpOo6dU8fLdb1DixDHGCLdK5FOb96w0dx2iMibcfN9IgrwGnsYGNILhchQjPYRCvD5PAx5kX94bi3qq20SuMH142FXB1qQU4qiCYDg0kwE2PSgRi7XMTUCJNeCa-22nH1g4JfjNhCAfQ-BPKDWJa8_JwHrxMtZWPudMSBSYgmxQUXeQ6vOh0-RmgLF1aqXZkrLUxwl-VfJ1T4LxFPXmoZIuCiy4KPLORPYGjeVLNeJXl47noyOVB-46JM43d2zC1rKhsUsEYQYbOYxSf_6SfV3-NgmEWbdbTh2VnrjBRVicE4Oj2J7vp1t8TkJMDn-H4sVuIv0ukbXV5FEN-YD5WyoJcKBSt-1Ft8pmMVB1Z150IX6gPtw3TPkSZI7xxM2xZ9A-VjOe71Awyi3CZGHTJP-A7Z7O8dbabvX4UuZZkRlnojX79VzYe4riCXm1vsC5FJC0e9TbcwId4Fk1IeNHVxv609J8aHNIXLigEQNQzmROH8R9H6pGCp5cbOtX1KfvZN9L6bLnZ6s1f0CTThoLnohwuxHbVMQUPbjTQUYTEhPtppCfO3HtjUX7ennfvU9GOYwBMc5C5zdjKWQsZV3sCr2fhVH3sbiLbmnhLQuNdZfdYsw-h8cYlAzeWnKi7Ehwx9GXoQoblxbuXMDxleuY1eVY7dQu2OKLsj4j4c82rAO-7V4rfM4ROUGYCRFnrfb3bOJQL1YIXX1pTj5crauDiRCzfdiHY29EHtqrm-Xtj6FhmBlbc6Fd76A6IGpDiBDPcajSTW7TOnbmg3eAfZprf5oEkQN9pUNOMl8po0gNCF7lH4Jhh1ISjuo87JdIeNcp3Ejf9A7Uf9xXgAGLuseS_Sa7JmoDP0_trmhb7TsgZW7a_A8twVVezj8Fm2tgszsrX1EhUtOS_tB618xUTeOWVVMyp42hp9jymUUWxhMIsfVsIkG6w2AYkCJtmzBMdn3A-ewAStAsgK4Ltyn84EIfO5Fn_QMV5mNdirgRi_vt5YThVg-fsGYEt5JXsB9_jAoqKs9kWlhXrNbGAgWWrI6HU05yu0kbI0_7KjbDP2q2rr9hOpJtJAM7bKldoXGU_ZhO6xM74UOhgRG83v7DGRyLr65ViV4bOnPAmJL83XPjz1ShxS7YIMu9y6gJxc7uQXchUzGYhWl-Me6El3yS7BFojyLH815BzJGEn0J0LEEgk_ge8pDOBneLFU6Eh8Z4eTZ4Nez8vNNQgL3IgXlIlOMF4fLsXhcvLFMwvQ9aHEn36jwRJ4wU6_6Y5wsOWWeRVYHpw5ksDibAS-3R3DCPX6YBpfmbLm30Ke-HTLvxUKcEirgSkHQ5XZO2gdds7SADIPPfkp88VQICv9FrnOa9zNeTSaTEqr4XgwMTwMMEZZo5eiRZ71ZTwy0ZR9jdLGVFReTGalMaLwgEEikAcoEIg2n4ddoE7ahCHpMzFdQex_4wA1kVXob_3cq3eWeTnOu0dEKqoBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=1009843003&ias_pubId=pub-6593523210010154&ias_chanId=1&ias_placementId=18940094076&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0icq9P3CCmFxZX0hc13S7l8&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6593523210010154%26output%3Dhtml%26h%3D90%26slotname%3D9586219513%26adk%3D1165138949%26adf%3D4198791085%26pi%3Dt.ma~as.9586219513%26w%3D728%26format%3D728x90%26url%3Dhttps%253A%252F%252Fye-mek.net%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..%26dt%3D1687288290879%26bpp%3D2%26bdt%3D305%26idt%3D249%26shv%3Dr20230615%26mjsv%3Dm202306080101%26ptt%3D9%26saldr%3Daa%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D374892577277%26frm%3D8%26ife%3D1%26pv%3D1%26ga_vid%3D893504434.1687288291%26ga_sid%3D1687288291%26ga_hid%3D377147997%26ga_fc%3D0%26nhd%3D2%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D728%26ish%3D90%26ifk%3D2104189389%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D44759875%252C44759926%252C44759842%252C42532277%252C42532279%252C44788442%252C21065725%26oid%3D2%26pvsid%3D370641181149796%26tmod%3D503052504%26uas%3D0%26nvt%3D1%26top%3Dhttps%253A%252F%252Fpcloak.blob.core.windows.net%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C728%252C90%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D2%26uci%3D2.pjkovxnwj8f6%26fsb%3D1%26dtd%3D260&adsafe_type=d&adsafe_jsinfo=,id:1c01e538-9506-d745-e2e9-c6a87559a230,c:g6HfTP,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-x2chk,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:4,mot:0,app:0,maw:0,fm:tHKxISH+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172*.1364558-69645137%7C11721%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b1%7C11b21%7C11b3%7C11c1%7C11c21%7C11c3%7C11d1%7C11d2%7C11d3,idMap:1172*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:rjss,et:35,oid:445a6c78-0f9e-11ee-97aa-921677f1a5e0,v:19.8.417,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUH0emwR3M5itGpWOPzhSN09mw5vplNS105p7oxS09ZNXAka1E&d=CokBAKAmf-ABQR5RyRCK4cN3JCrSOzBAIDI5EsgEk13azXRwaq7MLjpEsbFOcc2R4tNFaZrSH_SY-CVv9POoLVxl2cIxsnEfunngiPmjtXvt00qnJkJ5KQp5lMwcoHwH6i31Oj-pBWhPNDDxyj8dLetxnz-FKh8BD_S8lBxYpskyNGi2RgDcscd9FyESmRMAoCZ_4GGsQaeECuxvX0BzPRSVbVgEHuwf_nh_65BID5fR-4muedJdfaEvIqJtRBxRemet8pq7IV_EqN8OQYvfJvRpc-LSoGYi2vueWLRhaf_THM9fY5HHknNtrEHpxoMU-2J4P2qPyQ1KnKonowY3_sDGMYSXAXCGDwJhcDCLcfZLfVKaf6fYjPh-oMFpCcbOvtZ2AlXprlw15SU4PaYTfXFZarnf7szmNqeWnWyRfGGnB0WOLCm46U_KdyyzUCaGg67Gq71L_7oGjDZc3DcaRvPOGvzZ0tn7TwKaMvBKMzGEVB77rt9GIHFrwxwjHScVLr7cx4MyDYZR13PutQgakTOb0xufuFc5WcBvToL6x7D9aC5SAtGF649nB77-_dMajYawj7Skk7UE_7YjK1hd80b7Rl_gUXw7nrGP0nofYBSBIIcyk1Me7ZYbedCuUrZZkwgJi6de9ka-n2qZ-PYwUX3LMqiPZ7IHOqlEtJQC8WS7IveyKmT-wre0H2Z9ZTZgs6SruJ7WYK5XsD_UDPfbEJvaTnhgTYCaDxOwOvV5u8LRYv0QgiG_bSm9sJzi1n3qS5zHqa0vtTzYn7rGZXCvD3FzCzmYotjubDfL-sEyf3sxp1YuOey2EfWmIPEuK00CPzn4E9AaYt8lkN-pm44uRmcsTlUEwBPYUplxkvh6T3h1MyCNRZjZor25EUnK_nIDZjbFzRgAKMGLevCnTsNbf5ZjcWMnJxcdFMfhfpA8ZtssZtzCy9oi8BUJ6dIcUTFJTS8hpXPiMEDqSs6GTbWEDWU6cKk4AQXsS5cbM-eaBDXifLzHxA-OQzxIVPIEA3XFWMUfQ6V7e7LI9rtMKhtyqP6E2j8OVMVlE2c9U-uBIj9ZKpsdY6jO3PpGQm32ZQ8vwi0irnDAxrqSGoLIGwNT48LrnU92jRDQd2K6wHBFiGXMbn20NhXIDJKPKBuYFXEpU_uhTOXuWDeM4PWt1MnOfAONRvVXYa7CdS4ugAg2tbegqUSXofaKyV__jrbG-CLYN5ezW5oo3_TLcJ942HU1nwZav-Sx0HiEq1IHIrFqydnAPHbZFe2b0obbt_t_DdBk9ntQDI7_EA1M_lPy95aF1XuvU0uRso29Jai-m2UTRfcceMidyZEkOFlYKhNwiJ3_gklEk3nmfeXw_Rd6kgq3wB2uQKIfkm_PfRdpFC8ECAyzu3uIB4zWXhhtKMryXroVPGwBczevS8QFbtYtzga5PZfjbUqcpAzvyFVK7Ux5ogKw8NByZvXzZgvR7jkyv1NmbiTz7mKWm7ScmKf_NFG_piAjs-BPsJ0HHtI2i15E_76iFAIfhktNdsQfL9GbM1M7ocnoJpnX474LQ07OWf8HdwzPK24ccG8cJEDl9k-EljgDYizZ6OBDBbRmkD8luiqZwaUoUPFuhyKJJ345zyI5Q-m8l2tUDvPaUzIfm7_CsgpLtorxRPfur_R18tMCPhup1CJddZIeaNtU9fFqALDny80B-lLRbRVfBO7nBceGs5wSdowRGg8UN5RXfCaOVYW0YCvTx6_u4MEVXsBbBENluahKPz1sWKNUObstQVAkukltNQGdsSTLpSfy5YK_V7Cvyio9d3httcWZBgpw0q1JZOF1Gh_V7-h7xeOO3jMc4lvDBeRVu2FSoecSBQi1VLzlRiWGB8YNCHhqr9-L3Zop_QS9Ob5IpLWxCkNZSc7aB_VVzpQV3-HhKMhC2bLXAb1crOrWdNU7S0d4dNJ9Bk43yKncOgYLzAQmSdReNMYfHewBEe8uEJ3ZtNp5fDAyvlOSmtgbxEjTEvtaWp0xAIjlEx-ikbHW-BjEIcflxghyTBYW9xCAbbXDKY9zoGHOfjdVnVtzqG6aVXpOo6dU8fLdb1DixDHGCLdK5FOb96w0dx2iMibcfN9IgrwGnsYGNILhchQjPYRCvD5PAx5kX94bi3qq20SuMH142FXB1qQU4qiCYDg0kwE2PSgRi7XMTUCJNeCa-22nH1g4JfjNhCAfQ-BPKDWJa8_JwHrxMtZWPudMSBSYgmxQUXeQ6vOh0-RmgLF1aqXZkrLUxwl-VfJ1T4LxFPXmoZIuCiy4KPLORPYGjeVLNeJXl47noyOVB-46JM43d2zC1rKhsUsEYQYbOYxSf_6SfV3-NgmEWbdbTh2VnrjBRVicE4Oj2J7vp1t8TkJMDn-H4sVuIv0ukbXV5FEN-YD5WyoJcKBSt-1Ft8pmMVB1Z150IX6gPtw3TPkSZI7xxM2xZ9A-VjOe71Awyi3CZGHTJP-A7Z7O8dbabvX4UuZZkRlnojX79VzYe4riCXm1vsC5FJC0e9TbcwId4Fk1IeNHVxv609J8aHNIXLigEQNQzmROH8R9H6pGCp5cbOtX1KfvZN9L6bLnZ6s1f0CTThoLnohwuxHbVMQUPbjTQUYTEhPtppCfO3HtjUX7ennfvU9GOYwBMc5C5zdjKWQsZV3sCr2fhVH3sbiLbmnhLQuNdZfdYsw-h8cYlAzeWnKi7Ehwx9GXoQoblxbuXMDxleuY1eVY7dQu2OKLsj4j4c82rAO-7V4rfM4ROUGYCRFnrfb3bOJQL1YIXX1pTj5crauDiRCzfdiHY29EHtqrm-Xtj6FhmBlbc6Fd76A6IGpDiBDPcajSTW7TOnbmg3eAfZprf5oEkQN9pUNOMl8po0gNCF7lH4Jhh1ISjuo87JdIeNcp3Ejf9A7Uf9xXgAGLuseS_Sa7JmoDP0_trmhb7TsgZW7a_A8twVVezj8Fm2tgszsrX1EhUtOS_tB618xUTeOWVVMyp42hp9jymUUWxhMIsfVsIkG6w2AYkCJtmzBMdn3A-ewAStAsgK4Ltyn84EIfO5Fn_QMV5mNdirgRi_vt5YThVg-fsGYEt5JXsB9_jAoqKs9kWlhXrNbGAgWWrI6HU05yu0kbI0_7KjbDP2q2rr9hOpJtJAM7bKldoXGU_ZhO6xM74UOhgRG83v7DGRyLr65ViV4bOnPAmJL83XPjz1ShxS7YIMu9y6gJxc7uQXchUzGYhWl-Me6El3yS7BFojyLH815BzJGEn0J0LEEgk_ge8pDOBneLFU6Eh8Z4eTZ4Nez8vNNQgL3IgXlIlOMF4fLsXhcvLFMwvQ9aHEn36jwRJ4wU6_6Y5wsOWWeRVYHpw5ksDibAS-3R3DCPX6YBpfmbLm30Ke-HTLvxUKcEirgSkHQ5XZO2gdds7SADIPPfkp88VQICv9FrnOa9zNeTSaTEqr4XgwMTwMMEZZo5eiRZ71ZTwy0ZR9jdLGVFReTGalMaLwgEEikAcoEIg2n4ddoE7ahCHpMzFdQex_4wA1kVXob_3cq3eWeTnOu0dEKqoBgBYAE&cry=1&bundleId=

Request Chain 295

https://fw.adsafeprotected.com/rfw/st/1484055/72040526/skeleton.js?ias_dspID=64&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:9a6e5d95-ecfc-1575-c7ea-571a7c184212,c:g6HfWr,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-8ps7v,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:404,mot:0,app:0,maw:0,fm:tHKxIOL+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C11721%7C11722%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b1%7C11b21%7C11b3%7C11c*.1484055-72040526%7C11c1%7C11c21%7C11c3%7C11c4%7C11d1%7C11d2%7C11d3,idMap:11c*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:441,oid:445a92e3-0f9e-11ee-94a2-b638e44ade4b,v:19.8.417,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

307 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x6uf5z9e3262.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 474ms
114ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1324
Content-MD5: XPHdOVCmWyxrVVstkB9xGw==
Content-Type: text/html
Date: Tue, 20 Jun 2023 19:11:26 GMT
ETag: 0x8DB5ED08476F0C5
Last-Modified: Sat, 27 May 2023 16:36:27 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 279c7433-401e-003f-3dab-a38aae000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 113ms
113ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-request-id: 279c74d6-401e-003f-4eab-a38aae000000
Date: Tue, 20 Jun 2023 19:11:26 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 342ms
114ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 20 Jun 2023 19:11:26 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 279c75ed-401e-003f-49ab-a38aae000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 227ms
114ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 20 Jun 2023 19:11:26 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 279c755a-401e-003f-43ab-a38aae000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 411ms
218ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x6uf5z9e3262
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:24 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 330ms
163ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:24 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 4A64 76 KB
76 KB 300ms
93ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e9ade4f3a42218ad913097d090fa7bafc5e71ee52aeb0446d7a096102c93a0b4

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 77476
content-type: text/html; charset=utf-8
date: Tue, 20 Jun 2023 19:11:27 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 4A64 90 KB
33 KB 185ms
57ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:18:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 438755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 17:18:53 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 4A64 10 KB
2 KB 141ms
140ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Tue, 20 Jun 2023 19:11:28 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 4A64 40 KB
12 KB 100ms
32ms Stylesheet
text/css 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 5478846
x-accel-date: 1681809442
x-77-nzt: AcO1rydGoTP/vplTAA
x-accel-expires: @1713345442
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 25b021312d440a7de0f9916400083027
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 4A64 120 KB
47 KB 189ms
66ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

78c0c2a61e6ac3635a969f3ca763bd5bb824df6388101a3647b2c219e25d714a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47665
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 20 Jun 2023 19:11:28 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 4A64 542 B
895 B 43ms
42ms Image
image/png 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478888
x-accel-date: 1681809400
content-length: 542
x-77-nzt: AcO1rycxuCz/6JlTAA
x-accel-expires: @1713345400
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 25b021312d440a7de0f99164c4a7c832
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 4A64 2 KB
2 KB 37ms
31ms Image
image/png 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478847
x-accel-date: 1681809441
content-length: 1651
x-77-nzt: AcO1rydgMfT/v5lTAA
x-accel-expires: @1713345441
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 25b021312d440a7de0f9916443221834
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 seftalili-magnolia-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 4A64 11 KB
12 KB 46ms
39ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/seftalili-magnolia-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e200e1462094eecba53812ae0d8063ebaf38162d7cde36194b196df1da860ab2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 73079
x-accel-date: 1687215209
content-length: 11651
x-77-nzt: AcO1rydtW0r/dx0BAA
x-accel-expires: @1718751209
last-modified: Mon, 19 Jun 2023 22:31:31 GMT
server: CDN77-Turbo
etag: "6490d743-2d83"
x-77-nzt-ray: 25b021312d440a7de0f991644f763a34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yufkasiz-pirasa-boregi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 4A64 15 KB
15 KB 54ms
46ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/yufkasiz-pirasa-boregi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5a74bd20eb2f78f5a088be7f2c5afe1b623a98f6bf5cbe2537e5c187d393afc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 161583
x-accel-date: 1687126705
content-length: 15139
x-77-nzt: AcO1ryckbmr/L3cCAA
x-accel-expires: @1718662705
last-modified: Sun, 18 Jun 2023 21:55:21 GMT
server: CDN77-Turbo
etag: "648f7d49-3b23"
x-77-nzt-ray: 25b021312d440a7de0f991642e234134
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 semizotlu-kasik-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 4A64 16 KB
17 KB 75ms
68ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/semizotlu-kasik-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e83e8632256c5072bcc9d126fd31fc4e8bfa323231f1d212e745dab97d90895c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 248647
x-accel-date: 1687039641
content-length: 16634
x-77-nzt: AcO1rycwaAP/R8sDAA
x-accel-expires: @1718575641
last-modified: Sat, 17 Jun 2023 21:43:42 GMT
server: CDN77-Turbo
etag: "648e290e-40fa"
x-77-nzt-ray: 25b021312d440a7de0f99164248a4734
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-citir-tavuk-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 4A64 14 KB
14 KB 83ms
76ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/firinda-citir-tavuk-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6e517f1f2da440c36103d61ae698974db84ded6b3ac8635a8c24d8ac8652c10d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 333836
x-accel-date: 1686954452
content-length: 14117
x-77-nzt: AcO1ryeprqn/DBgFAA
x-accel-expires: @1718490452
last-modified: Fri, 16 Jun 2023 22:14:46 GMT
server: CDN77-Turbo
etag: "648cded6-3725"
x-77-nzt-ray: 25b021312d440a7de0f991643c624c34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hasanpasa-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/03/ Frame 4A64 11 KB
11 KB 83ms
76ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/03/hasanpasa-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bcd5fa5d7dbca071d56d8dbd96ea4b73018dabd55ba191b2cd111719765f384c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478185
x-accel-date: 1681810103
content-length: 11290
x-77-nzt: AcO1ryeoidv/KZdTAA
x-accel-expires: @1713346103
last-modified: Wed, 01 May 2019 23:32:07 GMT
server: CDN77-Turbo
etag: "5cca2c77-2c1a"
x-77-nzt-ray: 25b021312d440a7de0f99164eb734f34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-sebzeli-tavuk-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/11/ Frame 4A64 13 KB
14 KB 83ms
77ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/11/firinda-sebzeli-tavuk-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b2ecd92de7982ef4ffd3778b02d62aaef7341b3c9ac5f4e53e749a9bde702119

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5477960
x-accel-date: 1681810328
content-length: 13621
x-77-nzt: AcO1ryfPHYz/SJZTAA
x-accel-expires: @1713346328
last-modified: Sat, 16 Nov 2019 21:54:33 GMT
server: CDN77-Turbo
etag: "5dd07019-3535"
x-77-nzt-ray: 25b021312d440a7de0f9916451ac5334
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-tavuk-pirzola-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/08/ Frame 4A64 14 KB
15 KB 83ms
77ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/08/terbiyeli-tavuk-pirzola-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a8f7c822ad63a849206f187b5b4d812340f1b9a6b276d4b65d5510d7eea52657

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478522
x-accel-date: 1681809766
content-length: 14639
x-77-nzt: AcO1ryfNdjD/ephTAA
x-accel-expires: @1713345766
last-modified: Thu, 26 Aug 2021 20:42:20 GMT
server: CDN77-Turbo
etag: "6127fcac-392f"
x-77-nzt-ray: 25b021312d440a7de0f991646cd15c34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-pirzola-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/06/ Frame 4A64 12 KB
13 KB 83ms
77ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/06/firinda-tavuk-pirzola-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 09d46eb1397a55833670832dcac4edf7f7e1d2b170b3eb7c11557cadcfe0a784

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5476793
x-accel-date: 1681811495
content-length: 12609
x-77-nzt: AcO1ryf3MN7/uZFTAA
x-accel-expires: @1713347495
last-modified: Wed, 01 May 2019 23:19:17 GMT
server: CDN77-Turbo
etag: "5cca2975-3141"
x-77-nzt-ray: 25b021312d440a7de0f99164063f6034
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 acem-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/03/ Frame 4A64 14 KB
14 KB 84ms
77ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/03/acem-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b0a9edd9406b9e846d2613b16def49dca3d2307816622cb274acc4d0d2314245

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478774
x-accel-date: 1681809514
content-length: 14065
x-77-nzt: AcO1ryfSWHv/dplTAA
x-accel-expires: @1713345514
last-modified: Sun, 15 Mar 2020 20:02:10 GMT
server: CDN77-Turbo
etag: "5e6e89c2-36f1"
x-77-nzt-ray: 25b021312d440a7de0f991642f726b34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mengen-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 4A64 12 KB
13 KB 84ms
77ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/mengen-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1bb1649700c382552132ddf0dda42a9728d1d27c424cc5f589a71a446e26e8a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478649
x-accel-date: 1681809639
content-length: 12650
x-77-nzt: AcO1rydr0EX/+ZhTAA
x-accel-expires: @1713345639
last-modified: Tue, 26 Apr 2022 00:25:36 GMT
server: CDN77-Turbo
etag: "62673c00-316a"
x-77-nzt-ray: 25b021312d440a7de0f991643af96e34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-dugun-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/07/ Frame 4A64 14 KB
15 KB 84ms
78ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/07/tavuklu-dugun-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9caa075c2e4aa7e1cc9ea4031a8a4b9c1811512422be8851cd9b7e8814756ab0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478395
x-accel-date: 1681809893
content-length: 14507
x-77-nzt: AcO1rye8Hob/+5dTAA
x-accel-expires: @1713345893
last-modified: Wed, 01 May 2019 23:01:47 GMT
server: CDN77-Turbo
etag: "5cca255b-38ab"
x-77-nzt-ray: 25b021312d440a7de0f9916474877234
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tas-kebabi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/10/ Frame 4A64 11 KB
11 KB 84ms
78ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/10/tas-kebabi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8c47b44c2eb52f803ff7faa3cc7043d75a2814f83cf9c1dd66a1c669184e68f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5477369
x-accel-date: 1681810919
content-length: 10807
x-77-nzt: AcO1ryeR5RX/+ZNTAA
x-accel-expires: @1713346919
last-modified: Wed, 01 May 2019 23:24:41 GMT
server: CDN77-Turbo
etag: "5cca2ab9-2a37"
x-77-nzt-ray: 25b021312d440a7de0f991649fa87634
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tire-sis-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 4A64 16 KB
16 KB 84ms
78ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/tire-sis-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 89529d02905772e8146d7e1ff9addc92072c23e60bb3dc84b8d61c4e898e93d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478825
x-accel-date: 1681809463
content-length: 16300
x-77-nzt: AcO1ryeS4HH/qZlTAA
x-accel-expires: @1713345463
last-modified: Fri, 01 Apr 2022 17:34:02 GMT
server: CDN77-Turbo
etag: "6247378a-3fac"
x-77-nzt-ray: 25b021312d440a7de0f991645cd07d34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 avci-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame 4A64 16 KB
16 KB 84ms
78ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/avci-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ab4e508196dcd381bf58b00d34232b2cc43f46c8ce6f43eea31b6d1f6b400983

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478853
x-accel-date: 1681809435
content-length: 16070
x-77-nzt: AcO1rydrY1f/xZlTAA
x-accel-expires: @1713345435
last-modified: Mon, 27 Apr 2020 01:54:10 GMT
server: CDN77-Turbo
etag: "5ea63b42-3ec6"
x-77-nzt-ray: 25b021312d440a7de0f9916467a18034
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 beyti-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/06/ Frame 4A64 13 KB
14 KB 84ms
78ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/06/beyti-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 10a53c815898ee13fa3584ffc789a348963965f77264875937a1e7941538c572

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478581
x-accel-date: 1681809707
content-length: 13533
x-77-nzt: AcO1ryfAe6f/tZhTAA
x-accel-expires: @1713345707
last-modified: Wed, 01 May 2019 23:01:16 GMT
server: CDN77-Turbo
etag: "5cca253c-34dd"
x-77-nzt-ray: 25b021312d440a7de0f991643dc98334
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kavurma-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/07/ Frame 4A64 15 KB
15 KB 84ms
78ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/07/kavurma-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: fd9c564f74ab84b3ce42cea0e3293696eb8d75ce32e562beb2b9c8f50cda095e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478521
x-accel-date: 1681809767
content-length: 15501
x-77-nzt: AcO1ryfp5IX/eZhTAA
x-accel-expires: @1713345767
last-modified: Thu, 21 Jul 2022 23:12:29 GMT
server: CDN77-Turbo
etag: "62d9dd5d-3c8d"
x-77-nzt-ray: 25b021312d440a7de0f99164bd328a34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 baharatli-tavuk-sogus-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame 4A64 16 KB
16 KB 84ms
79ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/baharatli-tavuk-sogus-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 935047a1d73e19fc544d4b60ef6332708fc62549be853f0ef54a8072d7a50397

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5477849
x-accel-date: 1681810439
content-length: 16413
x-77-nzt: AcO1ryeYXsn/2ZVTAA
x-accel-expires: @1713346439
last-modified: Thu, 04 Mar 2021 22:47:39 GMT
server: CDN77-Turbo
etag: "6041638b-401d"
x-77-nzt-ray: 25b021312d440a7de0f99164dd168e34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-koftesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/03/ Frame 4A64 15 KB
16 KB 84ms
79ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/03/tavuk-koftesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0c11b03310697eb339a3c0f099a4c7e503ba6b526ecd8d29a6705fae8445a750

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478190
x-accel-date: 1681810098
content-length: 15601
x-77-nzt: AcO1ryeOhoX/LpdTAA
x-accel-expires: @1713346098
last-modified: Thu, 24 Mar 2022 21:00:10 GMT
server: CDN77-Turbo
etag: "623cdbda-3cf1"
x-77-nzt-ray: 25b021312d440a7de0f99164076f9534
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-fajita-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/04/ Frame 4A64 12 KB
12 KB 84ms
79ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/04/tavuk-fajita-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d966ecd46380ed5fdc36aadcd4b5a4bbd65ba852833ce5e834a4e37380ac9535

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5475296
x-accel-date: 1681812992
content-length: 12005
x-77-nzt: AcO1rydD+aX/4ItTAA
x-accel-expires: @1713348992
last-modified: Wed, 01 May 2019 23:32:42 GMT
server: CDN77-Turbo
etag: "5cca2c9a-2ee5"
x-77-nzt-ray: 25b021312d440a7de0f99164bcaa9834
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-soslu-tavuk-yemegi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame 4A64 16 KB
16 KB 84ms
79ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/sebzeli-soslu-tavuk-yemegi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 680026f318b1fd16bc8e7b24ba4e32073bc98978f5bd67f19c1b30019a6decf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478780
x-accel-date: 1681809508
content-length: 16450
x-77-nzt: AcO1ryeGzyj/fJlTAA
x-accel-expires: @1713345508
last-modified: Mon, 22 Mar 2021 22:09:22 GMT
server: CDN77-Turbo
etag: "60591592-4042"
x-77-nzt-ray: 25b021312d440a7de0f991641c76a134
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/02/ Frame 4A64 13 KB
13 KB 85ms
79ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/02/nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5477651
x-accel-date: 1681810637
content-length: 13272
x-77-nzt: AcO1ryehNTf/E5VTAA
x-accel-expires: @1713346637
last-modified: Wed, 01 May 2019 22:22:18 GMT
server: CDN77-Turbo
etag: "5cca1c1a-33d8"
x-77-nzt-ray: 25b021312d440a7de0f991645667a534
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kiymali-mercimek-koftesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/07/ Frame 4A64 16 KB
16 KB 85ms
79ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/07/kiymali-mercimek-koftesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1bf509fa995f35559f8d228ae444406c31b99b3b2a85bf8babd00d98b25717bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5472228
x-accel-date: 1681816060
content-length: 16054
x-77-nzt: AcO1ryfP2IX/5H9TAA
x-accel-expires: @1713352060
last-modified: Thu, 09 Jul 2020 22:15:39 GMT
server: CDN77-Turbo
etag: "5f07970b-3eb6"
x-77-nzt-ray: 25b021312d440a7de0f99164f287a934
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pirasali-mantarli-makarna-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame 4A64 14 KB
15 KB 85ms
80ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/pirasali-mantarli-makarna-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a773a7c063a19dbc2ba90c03cef5b584130aacf919bb40da7e890d19913daa68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5477125
x-accel-date: 1681811163
content-length: 14712
x-77-nzt: AcO1rydkQrP/BZNTAA
x-accel-expires: @1713347163
last-modified: Sun, 31 Oct 2021 22:08:44 GMT
server: CDN77-Turbo
etag: "617f13ec-3978"
x-77-nzt-ray: 25b021312d440a7de0f99164b26cb334
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 falafel-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame 4A64 13 KB
13 KB 85ms
80ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/falafel-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 25b0fc18fa46dfcb28fdab9b486f78a11dc35790fdfc410b1af2c062410e14d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478508
x-accel-date: 1681809780
content-length: 13336
x-77-nzt: AcO1ryfGyEL/bJhTAA
x-accel-expires: @1713345780
last-modified: Wed, 07 Oct 2020 22:28:47 GMT
server: CDN77-Turbo
etag: "5f7e411f-3418"
x-77-nzt-ray: 25b021312d440a7de0f991647d65b734
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hamursuz-arabasi-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/03/ Frame 4A64 12 KB
13 KB 85ms
80ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/03/hamursuz-arabasi-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ddca793a0c3e61d5b777f2de473dc7625c26665dd45bed5348dab90003638b8f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478815
x-accel-date: 1681809473
content-length: 12668
x-77-nzt: AcO1ryd5PHT/n5lTAA
x-accel-expires: @1713345473
last-modified: Wed, 01 May 2019 23:32:09 GMT
server: CDN77-Turbo
etag: "5cca2c79-317c"
x-77-nzt-ray: 25b021312d440a7de0f991644617bf34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kuskus-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/05/ Frame 4A64 12 KB
12 KB 85ms
80ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/05/kuskus-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 36794ae84504e6bfa050dde2ec9efda663e1c8a09253ad4fdb57dfe398a1e249

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5470450
x-accel-date: 1681817838
content-length: 12176
x-77-nzt: AcO1rydQ0XT/8nhTAA
x-accel-expires: @1713353838
last-modified: Wed, 01 May 2019 23:34:29 GMT
server: CDN77-Turbo
etag: "5cca2d05-2f90"
x-77-nzt-ray: 25b021312d440a7de0f9916491dec234
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kome-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 4A64 14 KB
14 KB 85ms
80ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/kome-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9ceeba566bbaa52fe84c356900a5eace57adf5179b1fc8b40c91e30f24939338

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5473398
x-accel-date: 1681814890
content-length: 14040
x-77-nzt: AcO1rydoBVv/doRTAA
x-accel-expires: @1713350890
last-modified: Mon, 27 Mar 2023 23:05:40 GMT
server: CDN77-Turbo
etag: "64222144-36d8"
x-77-nzt-ray: 25b021312d440a7de0f991645fc4c634
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pirinc-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/10/ Frame 4A64 12 KB
12 KB 85ms
81ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/10/pirinc-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 79b38a235f327e607a6f59ab735cd78b4105a2e4164e2dd3f2c0415331e2d301

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5475413
x-accel-date: 1681812875
content-length: 12082
x-77-nzt: AcO1ryd3ie3/VYxTAA
x-accel-expires: @1713348875
last-modified: Wed, 01 May 2019 23:24:49 GMT
server: CDN77-Turbo
etag: "5cca2ac1-2f32"
x-77-nzt-ray: 25b021312d440a7de0f991645754ca34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 biskuvili-yas-pasta-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/10/ Frame 4A64 13 KB
13 KB 85ms
81ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/10/biskuvili-yas-pasta-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 25a120a3830417d169351a3985042dc4bcf6e490fbbe75794190d73794836ebe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5474647
x-accel-date: 1681813641
content-length: 13265
x-77-nzt: AcO1rycRT1j/V4lTAA
x-accel-expires: @1713349641
last-modified: Wed, 01 May 2019 22:49:27 GMT
server: CDN77-Turbo
etag: "5cca2277-33d1"
x-77-nzt-ray: 25b021312d440a7de0f99164b183ce34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tarcinli-havuclu-kek-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame 4A64 15 KB
15 KB 85ms
81ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/tarcinli-havuclu-kek-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6b91c314a391f29f536508c1d0fe320e16a71c187c49a6e56b70f5d5f46baeef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 1321032
x-accel-date: 1685967256
content-length: 15017
x-77-nzt: AcO1ryeu7/P/SCgUAA
x-accel-expires: @1717503256
last-modified: Mon, 31 Jan 2022 23:35:35 GMT
server: CDN77-Turbo
etag: "61f87247-3aa9"
x-77-nzt-ray: 25b021312d440a7de0f99164d627d634
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 alman-pastasi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/09/ Frame 4A64 10 KB
11 KB 85ms
81ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/09/alman-pastasi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 690fca14cfec3446c6987b26b03ce4308c280b6c62435486b73be10fe4e1b511

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478819
x-accel-date: 1681809469
content-length: 10614
x-77-nzt: AcO1ryfSxKP/o5lTAA
x-accel-expires: @1713345469
last-modified: Wed, 01 May 2019 23:05:32 GMT
server: CDN77-Turbo
etag: "5cca263c-2976"
x-77-nzt-ray: 25b021312d440a7de0f99164ff2dde34
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 porsiyonluk-nevzine-tatlisi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/11/ Frame 4A64 15 KB
16 KB 85ms
81ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/11/porsiyonluk-nevzine-tatlisi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cceaefa11d508877297b9b93f70539f977ad02aaeb66130920493e11d670fa1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478521
x-accel-date: 1681809767
content-length: 15671
x-77-nzt: AcO1ryfVOB3/eZhTAA
x-accel-expires: @1713345767
last-modified: Wed, 18 Nov 2020 23:14:09 GMT
server: CDN77-Turbo
etag: "5fb5aac1-3d37"
x-77-nzt-ray: 25b021312d440a7de0f991643d140836
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 milfoylu-biber-dolma-sarma-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/07/ Frame 4A64 12 KB
13 KB 85ms
82ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/07/milfoylu-biber-dolma-sarma-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 89ed4e12076b5eded37d4463f6fffca0b3f23f5bf60a3981859a8edb28e269b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5476470
x-accel-date: 1681811818
content-length: 12652
x-77-nzt: AcO1rycUO9f/dpBTAA
x-accel-expires: @1713347818
last-modified: Wed, 01 May 2019 22:44:51 GMT
server: CDN77-Turbo
etag: "5cca2163-316c"
x-77-nzt-ray: 25b021312d440a7de0f99164926a0d36
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-patatesli-yumurta-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame 4A64 16 KB
16 KB 86ms
82ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/firinda-patatesli-yumurta-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e9673ca3b0535583388ed1d9ef9155833cc4fea22742618a10718d4b38a633aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5476446
x-accel-date: 1681811842
content-length: 16218
x-77-nzt: AcO1rye84CT/XpBTAA
x-accel-expires: @1713347842
last-modified: Tue, 16 Mar 2021 23:14:20 GMT
server: CDN77-Turbo
etag: "60513bcc-3f5a"
x-77-nzt-ray: 25b021312d440a7de0f99164efb81136
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cizik-zeytin-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/09/ Frame 4A64 13 KB
14 KB 86ms
82ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/09/cizik-zeytin-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ef6ef605112a4b884fe31244e615f9de178415bed7b39e359dbfd89d1ead1656

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5476985
x-accel-date: 1681811303
content-length: 13739
x-77-nzt: AcO1ryeDjrX/eZJTAA
x-accel-expires: @1713347303
last-modified: Sat, 24 Sep 2022 21:24:24 GMT
server: CDN77-Turbo
etag: "632f7588-35ab"
x-77-nzt-ray: 25b021312d440a7de0f99164ff392336
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 patates-pizzasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/01/ Frame 4A64 13 KB
13 KB 86ms
82ms Image
image/jpeg 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/01/patates-pizzasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1a620f0fd7ba14c02c24648452b038ebf5e597390925e62b47f04d308bd44fbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5477620
x-accel-date: 1681810668
content-length: 13048
x-77-nzt: AcO1rydXN7n/9JRTAA
x-accel-expires: @1713346668
last-modified: Sun, 12 Jan 2020 19:38:03 GMT
server: CDN77-Turbo
etag: "5e1b759b-32f8"
x-77-nzt-ray: 25b021312d440a7de0f991646bb02636
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 4A64 5 KB
6 KB 109ms
32ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:28 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1687288288.cds291.am5.hn,1687288288.cds292.am5.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 4A64 56 B
360 B 149ms
40ms Script
text/javascript 2.19.224.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.224.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-19-224-115.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 20 Jun 2023 19:11:28 GMT
server: Oracle API Gateway
opc-request-id: /BACE88D7DB0081CB88D8760265BA7378/174AA1D65AF57A7131565B84078C27C8
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 4A64 465 B
585 B 115ms
38ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:28 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1687288288.cds291.am5.hn,1687288288.cds214.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 4A64 75 KB
26 KB 406ms
73ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 704a70e745cff94e4cc43046e5918dceace2f1234b2e0b4b8f4df872f9e574f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 07:42:53 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 4A64 3 KB
2 KB 104ms
31ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

950f3de19f40a0f96c28d413a8f22e4f75451582b679450053570e497da7053b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 20 Jun 2023 19:11:28 GMT
content-md5: xSrDFqU5MS9Ey7DXlxhMmw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-debug: tygO4mC2nVcf1ZPe+GwesBdC+JwQFAyGSNl5YVkwrMjWPnHoLnYPsSb1t5lIul8cqoFYBQfyTbV4ENS+Vebreg==
x-fb-trip-id: 1679558926
x-fb-content-md5: c2bf2bc0bb43c2ddf9922ff1b68486f2
cross-origin-opener-policy: same-origin-allow-popups
etag: "95d5a3e7c6841085fe0a30f19642464d"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:25:27 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 4A64 21 KB
21 KB 82ms
81ms Image
image/png 2a02:6ea0:c700::11
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 20 Jun 2023 19:11:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5478846
x-accel-date: 1681809442
content-length: 21525
x-77-nzt: AcO1rycN9PL/vplTAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 25b021312d440a7de0f99164374f3236
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 4A64 307 KB
87 KB 59ms
29ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=7c9533eb9c2464f778dc2ad17e53cc95

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c2c1db7d95cd76072cb0d0b651204504779df80340c69eff85da7db62f174a1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 20 Jun 2023 19:11:29 GMT
content-md5: WQmcPPOmDflEQxdobYvoXg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88819
x-fb-debug: BBO6lpa/ieLH3tVjJSxPM1HWd9dY+WngyMravqr5UY0K/GXUc51ODenApqEhzUzAD43CUdxu/dQnqUZNTiPdpg==
x-fb-content-md5: 4b8e1765def30aaa8d21da5617bc6f7e
cross-origin-opener-policy: same-origin-allow-popups
etag: "1202e1a4e27521683d013fba70eb64a4"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Wed, 19 Jun 2024 17:28:24 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 4A64 51 KB
21 KB 181ms
57ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 20 Jun 2023 19:04:42 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 407
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Tue, 20 Jun 2023 21:04:42 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 4A64 77 KB
26 KB 394ms
131ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16fb4f8fd6f584c7b9bccedeecffba928e28690e969bdb8c6eb9c04b336c3336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26345
x-xss-protection: 0
server: cafe
etag: 368 / 19528 / m202306140101 / config-hash: 16396063179614486054
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:29 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 4A64 120 B
306 B 70ms
70ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame B08E 891 B
1 KB 70ms
69ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Tue, 20 Jun 2023 19:11:29 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4A64 135 KB
47 KB 375ms
114ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d05027ef52d91b0c3225fe19f9eb53d7d1ea611a9a4128972bbfcb21f14d5c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47276
x-xss-protection: 0
server: cafe
etag: 1717492696616006378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:29 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 4A64 489 KB
182 KB 76ms
75ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 4A64 236 KB
58 KB 119ms
34ms Script
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 18:28:57 GMT
content-encoding: gzip
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f4.cloudfront.net (CloudFront), 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jun 2023 18:14:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA2-C1
age: 2553
etag: W/"9352f20e556bff9fea6fd0461aac850d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: dn_E3I5ybAssvIwZg1hnFaFMhmyvWv-iWvcEGrsgdKPPq-73nH5stw==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 4A64 40 KB
7 KB 213ms
153ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1687288289347&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.9964610067584765
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: fe91b565adb8b2f02df4d8556a5b09317cf4ecbc92bb3085e9b7d8d45bdd0f5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 4A64 12 KB
2 KB 70ms
69ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19528
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 799fa2d9a7dbabd396de4251e3dc003031c9bab5a3ac35514055e9284da2c73d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 07:45:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 4A64 50 KB
5 KB 139ms
84ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468691
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3bcf526a9c1083ace4eb9eab74713cd5b003e3edc160f2dc907849172aa0f0f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 4A64 10 KB
3 KB 72ms
70ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 4A64 0
307 B 33ms
33ms XHR
text/plain 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:57:54 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
age: 11614
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: OgtNyDUhOA3qHurI_H0XIeE9BEqxSLrGJVqFMIt5z0wH_B7mOFQ5rw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 4A64 6 KB
3 KB 89ms
29ms XHR
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding: gzip
via: 1.1 9568a708c8ab21597698ebe7dce6c42e.cloudfront.net (CloudFront)
date: Tue, 20 Jun 2023 06:04:02 GMT
x-amz-cf-pop: FRA2-C1
age: 56453
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 26 May 2023 01:35:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: IdfFiFmuQCrWbr1d7MmSAgAQodi3knz_tmdPRjK1ADDAD4KphEyRog==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 4A64 11 KB
5 KB 71ms
70ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468691
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 4A64 17 KB
5 KB 100ms
31ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 18:44:13 GMT
content-encoding: gzip
age: 1636
x-guploader-uploadid: ADPycdvjd8tSjeff-F2P-bnK1y0cwJTEWzAP4n6y1efW9lPKZWfy2Q7XQIk103NRpbBCf75GOB2yr13bqTJ1aPkIWAcPAd6e-9A1
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 4A64 0
209 B 70ms
70ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687288289571&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.06702210827106625
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 20 Jun 2023 19:11:29 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 4A64 7 KB
3 KB 491ms
71ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19528
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 27 Jun 2023 19:11:30 GMT

GET
H2 200 zoneview
ng.virgul.com/ Frame 4A64 0
209 B 70ms
70ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687288289651&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.7874001961110118
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 20 Jun 2023 19:11:29 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame 7595 13 B
257 B 378ms
40ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Tue, 20 Jun 2023 19:11:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/ Frame 4A64 408 KB
126 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b70d8eb19ca32d244e29e759e816c343be893232978532c9d5943f838e60e0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 18:26:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2693
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129045
x-xss-protection: 0
server: cafe
etag: 16806126990728334555
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 19 Jun 2024 18:26:36 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/ Frame 4A64 352 KB
118 KB 249ms
134ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570b73ee2a2aaba8d2e205a8fe0996caef6f0f92ffbf2b9ad38490b8047137c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120776
x-xss-protection: 0
server: cafe
etag: 14816800319911102398
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:29 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230615/r20190131/ Frame 0759 10 KB
5 KB 189ms
56ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230615/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 78329
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 19 Jun 2023 21:26:01 GMT
etag: 15057649708203361565
expires: Mon, 03 Jul 2023 21:26:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 4A64 23 B
459 B 197ms
132ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=uSIxlwZE0MSoi&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 ab68583a58d574d6a9e5fca1fb1e6316.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: FMFWQ719G8BEP2HYCAG1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: wmEsO_RU619el1cgr3EJftHNrE8lhXcBvmRjjH9DOvKJaGACLVjZkg==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4A64 107 B
456 B 191ms
67ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 27 KB
11 KB 364ms
364ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=2118392471826551&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290109&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=60tmd4jgna8e&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0fa31ceaaa2eed6d1eb9fe3e5bd078bc29dc7344de15fd59f250a30105d0e654

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11663
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583933
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 36 KB
17 KB 270ms
270ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=4180136465454170&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_pageskin&enc_prev_ius=%2F0%2F1&prev_iu_szs=1920x1051%7C100x100%7C100x400&ifi=3&adks=3698513385&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290117&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=-12245933&adys=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=w2dkwbykooix&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=0x0&msz=0x-1&fws=900&ohw=0&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2da4a836d0abf4067b8f13811a16d4a7edddb52ddc1f90ff60bfddfbcc683d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16898
x-xss-protection: 0
google-lineitem-id: 6271164171
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138430115743
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FE3F 6 KB
3 KB 245ms
92ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Wed, 19 Jun 2024 19:11:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 31 KB
13 KB 808ms
808ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=2732482501399015&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=4&adks=1115696786&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290146&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=qmv2rw1t1ks&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da492ce0022167296e5134b72415b02d352caceaf01a5bfbf50bd95389351263

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12880
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 24 KB
11 KB 389ms
388ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=2732482501399015&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=5&adks=1711847772&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290150&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=349&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=d7c3qurgyaqv&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5d93be20aa741e93b93dfc5eab4197a17d4d2b96424c1a786a31dbb354cc2d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10844
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 21 KB
10 KB 1096ms
1096ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=2732482501399015&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=6&adks=1492616582&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290154&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=985&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=t7roxsnk11d5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6c0db6781da4d7fba1db1a682bb7e9dd659cf6dd9522e8eadc1246c007f5751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9736
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 4A64 361 KB
121 KB 230ms
91ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19528

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 4A64 398 KB
128 KB 75ms
75ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/20/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19528
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 27 Jun 2023 19:11:30 GMT

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0016 603 B
218 B 363ms
362ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plaf=7%3A2&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288289815&bpp=4&bdt=1242&idt=387&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&nras=1&correlator=4986492756705&frm=24&ife=1&pv=2&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31074583%2C31075308%2C44788441&oid=2&pvsid=1962600687517880&tmod=881581617&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.mu2cg8x3bu8&fsb=1&dtd=404

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4A64 107 B
165 B 67ms
66ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 21 KB
10 KB 513ms
513ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=638106798534912&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=7&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290311&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=pghidwaatqey&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

174910c319fcd71a4da71779aab75aa22b11447c13faaea91d6a585a60365a1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9872
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 21 KB
10 KB 1174ms
1173ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=1880161590524556&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=8&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290315&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=w2z51tfeanu9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

223f47fb22a2d02deec9da9bef5354fac8d67ca7f488eb68b993e064efc65644

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9872
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 21 KB
10 KB 445ms
444ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=698337206799269&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=9&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290319&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=jqbu4skl31qd&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be385a4535d5710444d7312df3b981205061d3a9d48e3fdde6faa61e6e214045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9874
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 21 KB
10 KB 577ms
576ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=2635531973803788&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=10&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290322&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=kpgqtget17rc&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49a520539be80edb22430fb4b7def87b0478556fd3a2bada6ddf065d0eb69f8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9761
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A64 24 KB
11 KB 782ms
781ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1962600687517880&correlator=1599432350046004&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=11&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687288289347%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet1d711418-a5e4-4a41-ba17-291b1198a5fd%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet1d711418a5e44a41ba17291b1198a5fd&sc=1&cdm=ye-mek.net&abxe=1&dt=1687288290326&lmt=1687288290&dlt=1687288288572&idt=1475&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=dctbkkyzqzof&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9684502778d8b5ddaf9e9eede35ce35dc22267b60dd5f36c044858cf33bce52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10835
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F717 42 B
65 B 87ms
87ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Av0BDKF0dDSeHlmPnKg4Fkh6hy_M-oVEn5FXpWhFoJWtaqDaZNtrkvVBbP1m8ebDA9MOQpko1Kl7laG0g6p_lynEH4BRtH9jh87nugZZ61Z5rl9VRIKdwpxlySKC0ZVjsGafhRoMZGHZd-ON2x4HPlLVRc1UdA91_CtHNOqXSDJ4B5ui8&cry=1&dbm_d=AKAmf-CiSqMcsB-X3GWDMpOIDGQIAk0ZzeYfxXc6Nc0DwPANF78uiTCCSSWqGLG03yUHGqUrcF2n-nvutOZVLOIs361owZrJz5CX2GBNZHTo8YeuiXX7ztk7fIJCu5Uelh6-gxRdIOBHb7vZZxayDajHGNpeiVKlzCHASxYtzvjiA7AKkgiNbiExz0-Hzdyd6ALeNYLnwr4eoPRPcq73R3Pa_q1-9mVm5denL6DTTPS_uvBF-Yamqlr6uyVnlDAfjDV2Jph0OUTpzl0sdKT_Al9zK1E5IwlNDsIRqu6DQHQDsTo4700sTruVDS1iFyCkGYTL_PAYnikJzni3jL6YnWtcwmvA7CUL7USx7dMbSn-apjB8gZT9U6LHBJZnF_dOGEQHNhQ-iMMzVXMobu1h0qZceW-HEYDONgyLCGHCqQMNUjFeZuiEXsm7XmvUt5b9DC8zCKdq5_daaapDQ5UF92pu6qEOpguk8iP9Xzvr1FBVdt6BBW0Kt3hNVue2qei7NJb_T765D4Px9pUS1gACtkKvzryF7pTzgaaRU_WE03z4kTQHJknrmO6kRw8mi3ZbxQykiphbHvu4naA_1OIdf5ZhjbJ6G2fie0m7GJ46Xc9iyjdTkH4nDdQy-0ROex2FuW1YSUr4x_pUJSZ5UZokZ-cHEKuZmg4CwLVztHZIrw6Hmo463JfSLRZZ0DfYN4SI5_1J3xUN4osTnCG8LjSer7oQsi13YcxqnuoSOmEFdSfS3xRiQsu2atjy6yFXMCWQ54wOzHFz7P2bAjQbzoNOKGEav1Wl_GDLRX9w7Uu-krvJ5Nti5yRElx3bNQPFOl7A6BJUzeFXUXT_nVCbGL46pckCXsLuKygPt3E7lLGCWbpfwD6nKt2gedx3014wlcwQLc1Qf5pz6e1qH1XlTKtOhDQNcgSONa72TleFLQztxp6igvkzZ5P33vMy657WWaariqs2jryJr1apaIA7SQo3fmldZS4fzgB01m162IGu2skI4h3-CeLVSl_Jym_uxOl4LnWF1RrEARPLVya0Y3ouqyBWuG7cAyGzsFwt9t45T67riDUHdERDwJs_YmGQ80SrhZQ6hZMdASaJ8OqsO1wWk3B34YhU4ZMq3EIGXaVV_Srxa68xVU6OlGd5ljNPjRRIp4a4xH0vf5vDX3rJc2tsCpcsYc96F6tMVsdfEBG0WrPejZt5VUlWEvd3kzSGD32LxigX3ETAAGZbM2e-xU_QZJaJU-1KViUDkQBuLKeCJaf7MhQZnvTEtgtpcI3GcTH4uCo7e7wS7fvbACJ0kBnNzG_29-Xx-MnbWzr9xAwWpxK2b1f3qtE9fIpaPlWf5mj7xhZL6MPeeD1frd6kflSc_LdIqUTb_3Qx0I-Cu-dDlmt8fum4OymfHC5u6AtENxYcQtQVxS5gYU32cIJcyoTjytbqyqsHq6HHrkcumfpUlHVoPZ-HoKaunIMl7dF6PYRw_3PAoZgLQ21T2hnhSzCvIeV3ojrYpv2J5axEGzkKXN82Y7yXQWfkpwrRWOOlp2aKB4AU2P2WlnnfQG270RC1lr87VmDRXtrzm6MuEdL5IXPS8m5-fykgWwefUL9uJhdut3qJx9OcxB5A1tm5X2QZjUC1yZOp9ygGYwCOqFBJB98cErThoWRol5FRIxoUJh-Ec9i9gE2f0kujndKGAQSrorgtGuhZOpHRu-lv5yxQrXoE_bIcVxXLKGp_WN7SLoGsmv89xwlDPDwV8ExACvWA6MInT5LAz9BAb9Swq7KknZ1cZHQSyS40f2PvunvXjMwR_BR7qzhtCYGMxtfBL-DJc0AqTk-bRs8BNDfzxZNPb4ZarysqEmhcUR9P-etypT9paQukmrwIR-veoxCVh8SmI3Q-T79oBgQ_x6SpzPyMJ_LbcjoHvMXrZ87Cy6KgaKmfiDKDtLbJ0KEfcooAJhxIwQQB2WD39VuFBKHiQVFI9wu6HynWfejE9wn_OYEopvgxG3VdwXfUW3312y5RRTweVx-Tq4SS7M3Av6Hgsu0Tu9ITyR9xL_9LJl2FyKsEiEMkYHxG1CwiGHxyTpdNMNVOwHQY1d1zrAV4WNkHjkSU9ypC8cWcJkPWlQ-OwBiVZNq-ILaNa1MvC00S2Kd1opN_fe4rbuDFVudfMw-Kywqm62WmXvRq7eVnouVQp5IDYGbuMCoS6imhB3ywLZ-91ucuDLRbvDOmWFca1KG-3Hiu5lC7nRmF7h9bvIo-4RQzB7iptP20J8lsJZ-EG1BApGBxLTYfv2xyv9_x3G2W89c_XS19laQQKD5a32Hnb9gYY9gHOO5_N-AheQflMjSY6eAmXipWMrdaHcF3H5lp_LR4VPZ2-pgjDFRZ1AMjVyAnSx5oseqQdQkypHKaU1-PVW_9g_GYYjRFH2Tc89ZIQGUNHdhN0u8AoMGalnbAVYVVispZbbFkahhKDZS5ZpWSfpN8VexDJyKJincvv9VogB5hO5gNMxhm_h0TaMdwM0ZuHPy31queoESPvJr1SoKrvocPBaU5RgIxACXnlRXFyOuq9Fr7tKrRJU27IiHrWK7qQremLufehr_PC6aM41J4UK7x84zkXmCwEdnbOTco2lz9POsyP60ok8YPr1Vz40224MxW-7KhYFE6exthmUnlLMS2m5eFys9mClL1MA1cFY-YKXR7uiH6TsxNwstyg1KQxXd207897eYSMy3YFNTq-Y6LtaW9Gvli47kGKlGjERHylvKXv1UrLolFDcDiNBQpn9JRXpQv5P3cdVh4mnuv3r7FWmG1tbBBj5e41LsdOgEdkz5WUGpDHVrkNgGAkBeqxX2knUUuNOR1doQ4Y_WWhJ7qyXYmthuo5a6FmxcozIixwvU2bGin6yz4SyVsYqAWFBfAlHcR7zJ8oR6Dp7rjdn3vlWxWRPsoR72zPJPUKbzxLigiDvgq5j9UCC84FkwpQCPVOx2MRINLsHkMmIxL-2kffJ_bJ2g5FA1zmula27qDGDSBzoJ5S8TYQM9X-fi3Aa98yRsJ45_k3HL_maeRdExzGxwF_vq8S4P3HZhsn05_j5i-M6Hy_G47I5kIkkwKCZM3H2Q4lsiFExDI5rGxvh22iDCTN-gp5XgVHwXrrWhHPjV5nAVKqO2A9fVp386O1R3lhyDY9EJRkZnQqlDgSi7Uwjye5DkKRy-61eJDhPJfOvFy9saYR9BdPa-sAkbddOlWwe2akF7SF4mehrNAYiBZEPVpMpPP9mJu-RpVKzKYZWGWdhz-KSsdlRRabLK4dJ6Q2XVPG1mTzkkhO4ooeFRFrd2jLXjM1_4ZutpkHmAr8D5I660ibZoXYgmCGAx0QBBfhUGLvYONo4c0JW1DuQpzIm3Ck8o_8c6sQqCrFwR6Xbxh_EgV-BXWx_MmkXvUtKt0sWzWfqoIq60oBer5IiTYoC1EIX03oZI5-nv-LdIl6BGav2jb67YXMrmOsR_mNEjEkTL2V1FY57b12TuAdCF6SjBvut8ETa7ZJ-XAHvRTNaJixLPpvh435VN_B5iqEtsnZH2tKyzJ5ozEWvx3vzw-Neo2UBzPlxuyNkI8NTrMfObl9KAbL9hvSpykMbiskBNnIlG_Cg2TUWVM5sbGAMGu5JYD9c3CRGT0_xctcqJj56xInNWROLDAjQTdctwIdRql2FAioS2OhJ9j0qB6sJHq0vE017Ubqu6wFr1vKYzjooleYQRlxkZl3essy-EO-TmWzp3IAUkErTPCvmGv8qnkp_a7DYZgX37q_0CHjiTAzynadyQK30GcirJFZVMRUSOdkFWcnqMeSnxZRcVynL3xY9QHq_CwIDhTETYKAiNG4ySV_k5kvpob_Z4t_cGRgNuNmVj-d3rLr2UnmXSSyNbhGEfj9q6nojZEEYwDedRcfsM-kLmuUCvMDmhS2olhbXWJXFXjO8K9t5ak97pKCYb2h3CHE5__oNY-eHb8VZmob1-a60FPeQh5idsERBXktKA_e641FxisKyBMACPqf7yauNV0eu3ncHrGNHdf9UoI54jPH5M0sfmc-pVRKQm60FVCH-9eEcXHotLrhnkQdsP6J8ZGj5wO5i0pTv1dXtd9UlAA8o5idEuKb-PIGeCEDlJI4AMXs_8lMlQnBn0kLA-F9Yh7lInTMkh-yRSttiGb5EZa80dmLY5ZWXzcMYyrtEBvcS-jStdEjzkL8uIpLqQH8E8sBOSdS5oFzA&cid=CAQSLQBygQiDclwvLqS4ELpLw8c0EEeh1h47XVKnOCD5f4hepR6HuqzFgxPFBD8HIRgB

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F717 178 KB
56 KB 241ms
110ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H2 200 adview Show response
ng2.virgul.com/ Frame DC54 1 KB
1 KB 203ms
70ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/adview?a=60b91f99e4b0b65b3ce7bc5b&t=pageskin:153493&r=153493@site_geneli@yemek_net:site_geneli&l=&mt=1687288289347&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd&vmn=60b91f99e4b0b65b3ce7bc5b___153493-1851625587
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19528
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 7fb9f92176f339906a366ebee543c4f300e16fbb20063e7e23fb7effbdc16ae4

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://ye-mek.net
content-length: 1129
content-type: text/html
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Tue, 04 Jan 2022 10:49:40 GMT
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
server: openresty/1.15.8.3

GET
H2 200 mobile_sound_on.gif
static.virgul.com/theme/mockups/icons/ Frame 4A64 19 KB
19 KB 70ms
70ms Image
image/gif 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.virgul.com/theme/mockups/icons/mobile_sound_on.gif
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d3b45b06882fe1aa9b47a8d88df978f19ce55a249840cc1b44eed3974a0fcd6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 20 Jun 2023 19:11:30 GMT
last-modified: Fri, 29 Jan 2021 08:57:46 GMT
server: openresty/1.15.8.3
accept-ranges: bytes
content-length: 19674
content-type: image/gif

GET
H2 200 mobile_sound_off.png
static.virgul.com/theme/mockups/icons/ Frame 4A64 18 KB
18 KB 71ms
71ms Image
image/png 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.virgul.com/theme/mockups/icons/mobile_sound_off.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5aa2370fd272d30acd5cb39f9b191a243d55a2adab6f0d7ff1950c39f028d331

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 20 Jun 2023 19:11:30 GMT
last-modified: Fri, 29 Jan 2021 08:57:44 GMT
server: openresty/1.15.8.3
accept-ranges: bytes
content-length: 17986
content-type: image/png

GET
H2

206

Philips_utu_DB.mp4
rek-n18.nktcdn.com/data/ads/mockups/philips/ Frame 4A64
Redirect Chain

https://rek.izlesene.com/mockups/philips/Philips_utu_DB.mp4
https://rek-n18.nktcdn.com/data/ads/mockups/philips/Philips_utu_DB.mp4

80 KB
0

335ms
138ms

Media
video/mp4

185.7.176.218
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://rek-n18.nktcdn.com/data/ads/mockups/philips/Philips_utu_DB.mp4
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Server: 185.7.176.218 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
last-modified: Wed, 19 Apr 2023 06:23:17 GMT
server: openresty/1.15.8.3
x-amz-request-id: tx00000000000000c6ef474-00649156f7-9e2f20a7-default
content-type: video/mp4
Content-Range: bytes 0-2913708/2913709
cache-control: max-age=5184000
Content-Length: 2913709

Redirect headers

location: https://rek-n18.nktcdn.com/data/ads/mockups/philips/Philips_utu_DB.mp4
date: Tue, 20 Jun 2023 19:11:30 GMT
cache-control: max-age=0
content-type: text/html
server: openresty/1.15.8.3
content-length: 151
expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H2 200 container.html Show response
9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B5A6 6 KB
3 KB 58ms
57ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Wed, 19 Jun 2024 19:11:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/imp/ Frame 4A64 0
209 B 71ms
71ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/6363a944e4b0125bde9e6739?g=1&t=cpc_annotation&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687288289347&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 20 Jun 2023 19:11:30 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 container.html Show response
9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 63CC 6 KB
3 KB 57ms
57ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Wed, 19 Jun 2024 19:11:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame B5A6 24 KB
7 KB 187ms
58ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 23:46:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 415514
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 14 Jun 2024 23:46:16 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B5A6 134 KB
46 KB 105ms
104ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0372044edc0d82b76b40f9d8803b1a4275e76d02fc67ffa6e45f6f82aab7405a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Origin: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47086
x-xss-protection: 0
server: cafe
etag: 51156729078014336
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B5A6 178 KB
56 KB 172ms
172ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F970 624 B
245 B 100ms
99ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW4zQ_fyyrVh8wkYAZQncg9EGHd73IzH_eU0rg3VUmTqe3_jkeX4wHnkhedpnrtNpiXyHse2hYLCLVThMoDov28dj7X5hBzlCJnK2Bsn6YCDEn8fJwaQ4J02X0GwqOXI7afZcJvzucJUZCVHZMGPfOdwYueyk8Wo6WEtcbSSYUKqzIMVhE

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Tue, 20 Jun 2023 19:11:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 63CC 78 KB
27 KB 167ms
165ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CC 42 B
63 B 92ms
91ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ARn1rkWoro1ZIMFDS7nqf34wNEX6PkFByxDcs1OomB-8FFrd5phhME93H7V2ORADPx-CVQwbbaUSunxwB0hJCF6SHKC1cdYwM_9kbb3CpN7meReyA

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CC 0
20 B 92ms
91ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15949492164146486144&x=1&ct=77

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 63CC 3 KB
1 KB 155ms
70ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10560
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 63CC 19 KB
8 KB 147ms
63ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10560
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 63CC 178 KB
56 KB 175ms
174ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H2 200 60b91f99e4b0b65b3ce7bc5b
ng.virgul.com/tck/imp/ Frame DC54 0
212 B 70ms
70ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/60b91f99e4b0b65b3ce7bc5b?userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd&mt=1687288289347&sdr=&et=&r=153493@site_geneli@yemek_net:site_geneli&l=&info=&t=banner:153493@site_geneli@yemek_net:site_geneli&os=&c=&cs=1687288290602
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=60b91f99e4b0b65b3ce7bc5b&t=pageskin:153493&r=153493@site_geneli@yemek_net:site_geneli&l=&mt=1687288289347&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd&vmn=60b91f99e4b0b65b3ce7bc5b___153493-1851625587
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ng2.virgul.com
date: Tue, 20 Jun 2023 19:11:30 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F970
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

43 B
766 B

32ms
32ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW4zQ_fyyrVh8wkYAZQncg9EGHd73IzH_eU0rg3VUmTqe3_jkeX4wHnkhedpnrtNpiXyHse2hYLCLVThMoDov28dj7X5hBzlCJnK2Bsn6YCDEn8fJwaQ4J02X0GwqOXI7afZcJvzucJUZCVHZMGPfOdwYueyk8Wo6WEtcbSSYUKqzIMVhE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:30 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F970
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJH54hJYL5K9sBrBhMALKwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

43 B
766 B

33ms
32ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW4zQ_fyyrVh8wkYAZQncg9EGHd73IzH_eU0rg3VUmTqe3_jkeX4wHnkhedpnrtNpiXyHse2hYLCLVThMoDov28dj7X5hBzlCJnK2Bsn6YCDEn8fJwaQ4J02X0GwqOXI7afZcJvzucJUZCVHZMGPfOdwYueyk8Wo6WEtcbSSYUKqzIMVhE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame F970
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

43 B
1 KB

33ms
33ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW4zQ_fyyrVh8wkYAZQncg9EGHd73IzH_eU0rg3VUmTqe3_jkeX4wHnkhedpnrtNpiXyHse2hYLCLVThMoDov28dj7X5hBzlCJnK2Bsn6YCDEn8fJwaQ4J02X0GwqOXI7afZcJvzucJUZCVHZMGPfOdwYueyk8Wo6WEtcbSSYUKqzIMVhE

Protocol

HTTP/1.1

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:30 GMT
AN-X-Request-Uuid: b45dc175-bdd6-4867-a307-c677f2732539
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 193.32.248.225; 193.32.248.225; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F970
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

170 B
243 B

68ms
68ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 20 Jun 2023 19:11:30 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.32.248.225; 193.32.248.225; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 2e95ea13-1dab-4e1c-89d6-7222996269aa
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame F717 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99abc3b4c55610c13d41b043baf7d2b14e53c7f0d4866453e85cca5cbf5f288b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F717 0
0 212ms
96ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstNTqBJXXWJYurmMgjucD66FQkNpAhQyxv-bMriccnvP3ap-hErauaXOAXfxn-9UMSYim9WqmjAfdbhw-MtvVdLdXNS8XHviZi76z8sR5CbQ21CAWqZpTuUa0iNtPuDpO1_IstQ2ybUOAhgWJSyUjE1nD0rrarXaLZL19U6dV7Na-5BMx2gKOQVrXh3V9fJuBh-nPJwLOLLS8Li8fwLZ1pByQaDgIkhAEHxLikRZtWVyz0Dh3MJwVypOUgWqklHFSwbGX438FRgaW4peY3xKgJ-J_1pGLlhciZkuKD1oBhO83Nrl_zRN_a1zC8eYP202TTyNIc_iYBabgqHwYeZ-PKOHpEgjNGAsp4J8Q&sai=AMfl-YSXOGWnagfHsQEWZ1ZL2q2gZtqYQs8J-GqAN_bFCBs_gG6Ldmqju0JMAbh9dqXXX0DpuG0vLDxwcIRRfN15AMxRey2HBryWbDgeaH1rNag&sig=Cg0ArKJSzFkkXbWTXImvEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B5A6 0
0 101ms
100ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqJikYvuUokOB_Qx9Nuu_QupbfinATmjUa2eQ8Ej7ojHDkiK7BOIMat01N-h9GdUT8j580HpdKBGv9wxSlRUAR1MQBWpsg8ANYiqSfWpTGO0i2H7SYpvudjZJ48r168afSfOgwKYPXeYOAFvHm2riFzk9rsuxt1MFvMk8bN4qONXbyW7DqklDoUXNQK6VW8_lpKO-OBGdGhVrxQQ2pWcac6iHzq2elmUJR1L-tZOKAUP0XQxivRNFnVZAKF-IeWMjKzfRfbrf_5hs_YAZALsF0Z2XMrQD_5RmB_Im68hzWGzCViDXGLvw6grNYlTvOuRCiNDWHlLZjIvRmB4ThEPohKjCl40fTHOPKtu3T1Z-0hdDK0AdbI4Kx1A&sai=AMfl-YRD_X8hW6HiPw0zPtTT54VTJjl_i-4otkZzCN1ilthFqSY90b3wFW-mj5pLoEVWmNvFhpUjcr03mx8wlH_1hMYhxJOGekGt1_CXhdb8d8I&sig=Cg0ArKJSzN9nTStLtoL7EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CC 0
20 B 90ms
90ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6623754300&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CC 0
20 B 91ms
90ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6623754300&version=m202301230201&ct=77&x=1&cor=15949492164146485000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 63CC 15 KB
11 KB 95ms
95ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CePpeNDEevzH5ynIDm5jSJ9URTPFxCS8MnkUDXn-IOQYg8gGSb2wlPZq0E27fKxr5w4NTnqyQMHz02bvLKkbfQ47kqL67JYdETlf7-9bCo7KA0kkOQrigu5OrEqNejYpD_lMJBlO-TgmZZFsCYgYZWnBB-XC9keqKi4uAY3RPc-1u7Rb0&cry=1&dbm_d=AKAmf-CVlm3V0qr07XZ2UMXg8mHRsxiU5a6j9NthLFIOy0ODVaaE0xTEDb-RQSjPUPXOnDchOt_mfO881Yey8_iJFEgN541PzNR2aRFYajwZwzTIGWd9o7MYB5W9CVbb_u1l09lMTOU12cr7DfFV6Vjnbf4Ktlycw9KDaTxo35nP8NBv36hLF5ZzP4-vBvw7YPWHhaIyQv9A92o-b99unJCEeGJw6LK9nV2BLNfr7mlBgmPPhEMP2iN6F9JOiEF1vGllO0Vqo1m7j44olUuRF2g8VUG-qOOQBKIYqEwBGIqH2zQ6EpBsSaNEUsuq-TI3rtEmbvsCFebWZcllEk2ee9Byxr7d7KQn66OORSCjiPaC630bAsdG3LHk40J5zQs3eNojQ2UdfLKq7-hAwpsGSmMD3cbz4FN0Q8j6oVfMwEZGEYKCB8DOdQ5kN3pA3UOvwJg_CdnfixfuTuho2vZB04ZrD2EmS67bwTr09JkBrm9laZhgDi0_gFKtXTQlklwH4_EQbNEbp2f9j-JZSceTgjpoeaEukzJ0yYd02k0VD-VUnZmmK_hjJWXDgW9TiG9fBrLL7nzTsGTjsBKihJlMMdpZEsvw7gEiVcjeAJw6qoDwt5bv6OZldeNz1yY7z78R_jE8e8L2Q3GgEsboJECBSus_2ALhMz4phNjUVYPzLWCBsdA-wBUoP68a2HW50GXtLqZQactEiosCImIuogQaWFHg6rLcMLjnORjTfK_a9NOArcfyq0_S95t6ClEt0LwbU9TM-NWkxctZrUdHVYaPk6Qcjfgxz4_GpWBqvNZaJTzQM11_HVvQvQkyBIaiHa5w9WdTvRxIDa-igaXWPTdiIH3oJu5g7E54Y0cAb7rMCUXSNVEdgTZG0eCyloGaUkOQ9V8dZGSpYxsSNcWVo775aws_0a-7tYJf2-QtKeZ-IqUgufpHvuKyix6Pjg93IOrzJGLzKuuEfrozypWWetD7jRL9XvyDKp4vG9Yo4dS7OgTVgsz95g3owJKxYizwHG-fJoaD8WTeF6vPEhvRE52SYJ-8lzdEfUsLmLBpZtC_o5gVoGrdKnKm9eBmPgURvFiWFC4CV8XiDidHudRVZVbRDT1I9fwzInUvJAFbFVbVJ2EzRqtG5NJvygJz7sbUlb9pzgDU18L8AhACX00V3dSvThkt-2Q7b580IVmg1AaaEDykq4GdQidoDEZF98Z2iiVoVLGJ015b2zaP1oQEzechTbG9XWIdA2OrhRb-RQKlcEMwcTQWyaUI78hBgjXbyaTdH9MFnawIWPlgFUHc7Ifl5u3ZHCqCPsnyqllmDO_Djf0sPlOgMAIzvhIRJMqeTibH8kkZKhHaA9mJJcxyjVKUwsNtGU3RWPjUUpYR2padHkQUlsjFfvYAI26G02UFTOyjog8iqtpAHAEwUc2ymdyqCu4W9Z0K6H0pp_XuakzL36J0_MlVgkRvdjGdC9qj18Zlsg4t5i_RQTTjYauOWe3va-aFlL2p7B9oGJZFcmyrnKjD4xJatSP4ACU8pXdfWtwqhN58tXLIQtFayJ9lhPVDmrptd9uKjTwlWw6zbUMf6_9IGKXrBHV5FKqvhtp12rydmSge0StBnIEcAGQWTK5yGSXLWUe_mMR7zjlhLL77TgJ1S-5vCqq_plxfPHngEz1Yar4M4JEOQcivDQ0I0Y0HHoSAERMw5pR3pyKA9aXAEyOdv27LV3--Nc3HzKWXN3CJaNTKUzcYxwv2XVmBAZ38wdaSQl1ioJf4mnjfVBHmBCjKOrwW45Bu0rR1ImXPEDEjx6XxSUqI16F1S-W_B7kZM-ePl6UfJQPymPfYWfQFelNQQAvw9Kfe0pyCMUQqJr9bIbnSEFug6oae6qtSwry94RunagLtQW72ssoeOWnW0fOXOk4eUHvyI70wua_e1UR9HI636fc5yC_1vIlEUkTOUBoHyPm4TvDw5JlM05qvb3nWRSnx2RORgi2uf-EIqzJWLsCf4fnCcK2uAL0ogf8TzHaHgOj9syfvhhTWGeFc7L5A8zLd19nPEEUbK_TZG3YDLsvtCGKkjkDoEUQi235775Z11IqgtXWtVJ8ue8RSOKU8RTjiI8rpy15Gy5xfwnqdWwj8D1gfV_Cos2ypyCS4d19sgzpopa4cAFXxqoCHUiwpw-KoXTxarskR294adWUGRLEgJjdCzZ71APEUWfScu0Z1bTw6P7DaJYwzfVQoo6-aJ1HPYR1Q3iTbECEX3r5f1qzrta40pdt85a1Gk1J8aT6usCdUJaIUcvu6EqJV6yIjX6Se6wAL2N1NgCa5cbFQo-YdvMpyN2Fs_VX5BmF4G6vHQqSlN4QUc4UfK7AuSqjHG6OzOtqk1zzfHe8siZyIr5PTtnDVvdaKsodLr0IM1Ga_VtwBETE2FA4sHicrLAig6MTVmQUHAeoafHMmtm4tkgPctEcEi7aZpwWrvbNdQAK0t5WvN5c47EaOSUwwmdXDQEvmu0KnVd2tCrfuU7NNLfg4NT216708Brg_YxEwQPaXAWe3usbxGjx9EY-ki-hedgcxrTcR8tjXSmfC8YlujZBXlFEIBEdy4EdbOQ360Xfg5OKHM7Q_cJndsAWnnVhm-GbzeGD0bu-ZcXcz6hIzsdpJTY4HYzkt-DaBeIxOhbySz-IrfEHQrO8OYv-psjoTREY68YCIcpM1ui3BY-8bhoGQJiPFPso1hldVPKjE99RFbicY9G_1fGOFkKv-4TmhalK4JvhevSNcf5UNcDdf6y32FBoL2fI1T5p-96fY93t-Rd4pKc6pY5dQerT_Q3L_yxVTMKMW8AVDvBAXTy6beYsuLrYyMZRLq9Jr1C6rS51sEZzUe31op0uimBq540353Kd0EyZs0SihWkxBTmZZ8s18qmTEJQSZSp7HbcTSeIyiJd03V0tW2qm--7vKHM-CZp0xnbJERZmdkDW6wbTLXiZsMikk-YDKP_mf0OJYfkWqzOForvEVXy96pl8gD2YC6LtRDY62Y6uaX-iv3Zphae_3QY8JynU0xS6fN88htqlC-6ZgPNzImNeHs_SJ8IW4icw1hk2wNxsnQgkm3MnLmh2IKhHGHF_FOmagsJvOKFRXZeF-urzdutinzkn-RipWVyolgwYj-U-p_0F9ViSqgRSitxULVRe1E61n6mOAiIdEmIKGOlw7reGBHzdm16K69virnjcH6B5KwblVcUMW7LzIgN2bIcjhi6wb2WdPJseAoY8oVf-uURYfnUhWIBRNJmCkZMj7SJc47ekMiZjd0TNW9FtwaH3tvsyca03uUqd4e1UzsvGtQXdXZs8xVPek3ROYIqeGR6E76FC9zL0WbR56It_0oUlMoFdYEAVGxVWLWxn7kcxxNYxWNxGeKlr4Ki53_JM5yy7DUkXAxMi8blwZdmbIAw_NtWci0oLOF5sEqukJzUAudpzYbR9KEHucFjz3mA61jTv9TaLGC8qEG6y5s2pFvbNsjzzKViJswng5xvZKLN8A172uVjt4ARhZPOzJF6yDi0MlQG7UCIlXu6ZZfFk0Plt_18hBZE7qtLa20iyUvNeEt4M-he2Gvn1UqOiOYAhJI7qhp6ZskL8q5GzGRELYlJFWxahh11MDACVLpVkG8ZDgkja6vSpWYwVeEMBlZMc8Jb8gs2T9h4xTF83h0pkBHHIikMTnHayNBnDKWk2O2JhPLfb-M4wXTxKuUjBtrf2KHn7dnB0Q3VctDP6AORFzjHjSsYx4cPXhFsNQ5S3u8WkwuHx7WF9siw_Es1i40NUcvutd7-V9AOL7BT7ue3gq2vaCYPCoOjrPW1Bt4RzTGFWJu7iAbHDS6vOjSCGljM6rnl2Iqs5BTcxOFPQ7DNYc0dg4wFnK9aVcvMroJC2F79KoDg&cid=CAQSbQBygQiD7fO3vghAvWc9IAAQha7oqDGP92gX6i0dYudvxrDuAShJ_MfEs1_nzt9_FUqP5KEeYetkgHEaB1RDVoiOHNJGiySV6gqu_Y2i1d_qeV2s-2YA6afQk6XO0wyQZdQjWxkha28Z_4opHN8YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=15949492164146485000&adk=1599433117&idt=175&cac=0&dtd=20

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2332baaf34608971d7a57ff4012d8c26dc28baf1f7f0d8a4eeb1fd1fd50a6884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11226
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/ Frame B5A6 352 KB
118 KB 130ms
130ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f760b404bc46983af14d8236e2584b9d53c0c64b0806cd14244300cd4d1796de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120777
x-xss-protection: 0
server: cafe
etag: 15498231961810337414
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
DATA 200
OK truncated
/ Frame B5A6 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e50b92c915b26a12f0d3c62bea2867d9cbaadf84442629f6784632e2f8f7880

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0DEF 6 KB
3 KB 59ms
59ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Wed, 19 Jun 2024 19:11:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 63CC 41 KB
15 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CePpeNDEevzH5ynIDm5jSJ9URTPFxCS8MnkUDXn-IOQYg8gGSb2wlPZq0E27fKxr5w4NTnqyQMHz02bvLKkbfQ47kqL67JYdETlf7-9bCo7KA0kkOQrigu5OrEqNejYpD_lMJBlO-TgmZZFsCYgYZWnBB-XC9keqKi4uAY3RPc-1u7Rb0&cry=1&dbm_d=AKAmf-CVlm3V0qr07XZ2UMXg8mHRsxiU5a6j9NthLFIOy0ODVaaE0xTEDb-RQSjPUPXOnDchOt_mfO881Yey8_iJFEgN541PzNR2aRFYajwZwzTIGWd9o7MYB5W9CVbb_u1l09lMTOU12cr7DfFV6Vjnbf4Ktlycw9KDaTxo35nP8NBv36hLF5ZzP4-vBvw7YPWHhaIyQv9A92o-b99unJCEeGJw6LK9nV2BLNfr7mlBgmPPhEMP2iN6F9JOiEF1vGllO0Vqo1m7j44olUuRF2g8VUG-qOOQBKIYqEwBGIqH2zQ6EpBsSaNEUsuq-TI3rtEmbvsCFebWZcllEk2ee9Byxr7d7KQn66OORSCjiPaC630bAsdG3LHk40J5zQs3eNojQ2UdfLKq7-hAwpsGSmMD3cbz4FN0Q8j6oVfMwEZGEYKCB8DOdQ5kN3pA3UOvwJg_CdnfixfuTuho2vZB04ZrD2EmS67bwTr09JkBrm9laZhgDi0_gFKtXTQlklwH4_EQbNEbp2f9j-JZSceTgjpoeaEukzJ0yYd02k0VD-VUnZmmK_hjJWXDgW9TiG9fBrLL7nzTsGTjsBKihJlMMdpZEsvw7gEiVcjeAJw6qoDwt5bv6OZldeNz1yY7z78R_jE8e8L2Q3GgEsboJECBSus_2ALhMz4phNjUVYPzLWCBsdA-wBUoP68a2HW50GXtLqZQactEiosCImIuogQaWFHg6rLcMLjnORjTfK_a9NOArcfyq0_S95t6ClEt0LwbU9TM-NWkxctZrUdHVYaPk6Qcjfgxz4_GpWBqvNZaJTzQM11_HVvQvQkyBIaiHa5w9WdTvRxIDa-igaXWPTdiIH3oJu5g7E54Y0cAb7rMCUXSNVEdgTZG0eCyloGaUkOQ9V8dZGSpYxsSNcWVo775aws_0a-7tYJf2-QtKeZ-IqUgufpHvuKyix6Pjg93IOrzJGLzKuuEfrozypWWetD7jRL9XvyDKp4vG9Yo4dS7OgTVgsz95g3owJKxYizwHG-fJoaD8WTeF6vPEhvRE52SYJ-8lzdEfUsLmLBpZtC_o5gVoGrdKnKm9eBmPgURvFiWFC4CV8XiDidHudRVZVbRDT1I9fwzInUvJAFbFVbVJ2EzRqtG5NJvygJz7sbUlb9pzgDU18L8AhACX00V3dSvThkt-2Q7b580IVmg1AaaEDykq4GdQidoDEZF98Z2iiVoVLGJ015b2zaP1oQEzechTbG9XWIdA2OrhRb-RQKlcEMwcTQWyaUI78hBgjXbyaTdH9MFnawIWPlgFUHc7Ifl5u3ZHCqCPsnyqllmDO_Djf0sPlOgMAIzvhIRJMqeTibH8kkZKhHaA9mJJcxyjVKUwsNtGU3RWPjUUpYR2padHkQUlsjFfvYAI26G02UFTOyjog8iqtpAHAEwUc2ymdyqCu4W9Z0K6H0pp_XuakzL36J0_MlVgkRvdjGdC9qj18Zlsg4t5i_RQTTjYauOWe3va-aFlL2p7B9oGJZFcmyrnKjD4xJatSP4ACU8pXdfWtwqhN58tXLIQtFayJ9lhPVDmrptd9uKjTwlWw6zbUMf6_9IGKXrBHV5FKqvhtp12rydmSge0StBnIEcAGQWTK5yGSXLWUe_mMR7zjlhLL77TgJ1S-5vCqq_plxfPHngEz1Yar4M4JEOQcivDQ0I0Y0HHoSAERMw5pR3pyKA9aXAEyOdv27LV3--Nc3HzKWXN3CJaNTKUzcYxwv2XVmBAZ38wdaSQl1ioJf4mnjfVBHmBCjKOrwW45Bu0rR1ImXPEDEjx6XxSUqI16F1S-W_B7kZM-ePl6UfJQPymPfYWfQFelNQQAvw9Kfe0pyCMUQqJr9bIbnSEFug6oae6qtSwry94RunagLtQW72ssoeOWnW0fOXOk4eUHvyI70wua_e1UR9HI636fc5yC_1vIlEUkTOUBoHyPm4TvDw5JlM05qvb3nWRSnx2RORgi2uf-EIqzJWLsCf4fnCcK2uAL0ogf8TzHaHgOj9syfvhhTWGeFc7L5A8zLd19nPEEUbK_TZG3YDLsvtCGKkjkDoEUQi235775Z11IqgtXWtVJ8ue8RSOKU8RTjiI8rpy15Gy5xfwnqdWwj8D1gfV_Cos2ypyCS4d19sgzpopa4cAFXxqoCHUiwpw-KoXTxarskR294adWUGRLEgJjdCzZ71APEUWfScu0Z1bTw6P7DaJYwzfVQoo6-aJ1HPYR1Q3iTbECEX3r5f1qzrta40pdt85a1Gk1J8aT6usCdUJaIUcvu6EqJV6yIjX6Se6wAL2N1NgCa5cbFQo-YdvMpyN2Fs_VX5BmF4G6vHQqSlN4QUc4UfK7AuSqjHG6OzOtqk1zzfHe8siZyIr5PTtnDVvdaKsodLr0IM1Ga_VtwBETE2FA4sHicrLAig6MTVmQUHAeoafHMmtm4tkgPctEcEi7aZpwWrvbNdQAK0t5WvN5c47EaOSUwwmdXDQEvmu0KnVd2tCrfuU7NNLfg4NT216708Brg_YxEwQPaXAWe3usbxGjx9EY-ki-hedgcxrTcR8tjXSmfC8YlujZBXlFEIBEdy4EdbOQ360Xfg5OKHM7Q_cJndsAWnnVhm-GbzeGD0bu-ZcXcz6hIzsdpJTY4HYzkt-DaBeIxOhbySz-IrfEHQrO8OYv-psjoTREY68YCIcpM1ui3BY-8bhoGQJiPFPso1hldVPKjE99RFbicY9G_1fGOFkKv-4TmhalK4JvhevSNcf5UNcDdf6y32FBoL2fI1T5p-96fY93t-Rd4pKc6pY5dQerT_Q3L_yxVTMKMW8AVDvBAXTy6beYsuLrYyMZRLq9Jr1C6rS51sEZzUe31op0uimBq540353Kd0EyZs0SihWkxBTmZZ8s18qmTEJQSZSp7HbcTSeIyiJd03V0tW2qm--7vKHM-CZp0xnbJERZmdkDW6wbTLXiZsMikk-YDKP_mf0OJYfkWqzOForvEVXy96pl8gD2YC6LtRDY62Y6uaX-iv3Zphae_3QY8JynU0xS6fN88htqlC-6ZgPNzImNeHs_SJ8IW4icw1hk2wNxsnQgkm3MnLmh2IKhHGHF_FOmagsJvOKFRXZeF-urzdutinzkn-RipWVyolgwYj-U-p_0F9ViSqgRSitxULVRe1E61n6mOAiIdEmIKGOlw7reGBHzdm16K69virnjcH6B5KwblVcUMW7LzIgN2bIcjhi6wb2WdPJseAoY8oVf-uURYfnUhWIBRNJmCkZMj7SJc47ekMiZjd0TNW9FtwaH3tvsyca03uUqd4e1UzsvGtQXdXZs8xVPek3ROYIqeGR6E76FC9zL0WbR56It_0oUlMoFdYEAVGxVWLWxn7kcxxNYxWNxGeKlr4Ki53_JM5yy7DUkXAxMi8blwZdmbIAw_NtWci0oLOF5sEqukJzUAudpzYbR9KEHucFjz3mA61jTv9TaLGC8qEG6y5s2pFvbNsjzzKViJswng5xvZKLN8A172uVjt4ARhZPOzJF6yDi0MlQG7UCIlXu6ZZfFk0Plt_18hBZE7qtLa20iyUvNeEt4M-he2Gvn1UqOiOYAhJI7qhp6ZskL8q5GzGRELYlJFWxahh11MDACVLpVkG8ZDgkja6vSpWYwVeEMBlZMc8Jb8gs2T9h4xTF83h0pkBHHIikMTnHayNBnDKWk2O2JhPLfb-M4wXTxKuUjBtrf2KHn7dnB0Q3VctDP6AORFzjHjSsYx4cPXhFsNQ5S3u8WkwuHx7WF9siw_Es1i40NUcvutd7-V9AOL7BT7ue3gq2vaCYPCoOjrPW1Bt4RzTGFWJu7iAbHDS6vOjSCGljM6rnl2Iqs5BTcxOFPQ7DNYc0dg4wFnK9aVcvMroJC2F79KoDg&cid=CAQSbQBygQiD7fO3vghAvWc9IAAQha7oqDGP92gX6i0dYudvxrDuAShJ_MfEs1_nzt9_FUqP5KEeYetkgHEaB1RDVoiOHNJGiySV6gqu_Y2i1d_qeV2s-2YA6afQk6XO0wyQZdQjWxkha28Z_4opHN8YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=15949492164146485000&adk=1599433117&idt=175&cac=0&dtd=20

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19135
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 63CC 11 KB
4 KB 117ms
33ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1687288290231119&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVw74vmRZM-NDvGj9u8Pt4CniAem5b2gaa2VnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpArJnLxtrSbI-qAMBqgTdAU_QZcbRNo4TG_MKVtUggRUvo7-SO2Nt3hpft39QXxiWNXSwaEEU1INKyJhTmB-fkkkHR8N4sFNtqzHSlw5uVyTWpU4Z8Y-etiYJQdYKpqbW5y76dhXc4hu_3f19KJqyy-6xR0B6vzpMlI0N2sJXZiF8D2IVfJIotk4um_5j2oxIvBHcEtFB4RZKmVs3w3W2NTsTNuT9AvfpLccOpXbZso0nqW1gcHU7jE9ggs8zCmx76BUWjCZHkiyNIzjYwm2TxaP-TbpbCuePYA2cQVYBxqM_hdNDl5f7OuV_xfj7wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGiDAgqBgoEw7CxArATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD7fO3vghAvWc9IAAQha7oqDGP92gX6i0dYudvxrDuAShJ_MfEs1_nzt9_FUqP5KEeYetkgHEaB1RDVoiOHNJGiySV6gqu_Y2i1d_qeV2s-2YA6afQk6XO0wyQZdQjWxkha28Z_4opHN8YAQ%26sig%3DAOD64_0iZW8Aqj8F4ECW8A1tFrja6jWcAA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-AxDZGLTcLZfyPtqtbXJlIOOjrx4AMCiZbtygDnMfPacQ_wQ0oPcFENsiCpBdAg29JdtKLs07tokg4n3lnNbAmj4jhUDX1enYWQPEcojEIpGV2Rrb3FjMtJnWdVoWmY8k3IeGcDznJUUshRYzz0sxZAt7u63dRsKbgcebUvVdlCL8VcPa8%26cry%3D1%26dbm_d%3DAKAmf-Cm9OsjrHir-pf-tezHz_eTb-o9_g5VPAxKeC83xTC7wI2dneX51eaa_fIYhn7a5CtMXbnTFvbFHJ_rkZ767ZI1hna6yaRJaIhcvu5ZiS2kIntqc84Tj95RWpxGd0qPYNOSp5c8Wrt7LutI3_M1o4r8g6uHuf0rKa29eWQ1T0CU_oBAJoK-8YD1C13usHur5qWO0DPxfiv99xbUBdXIUGX-hWqriZQwjGIPF7m1OfORG87-CC4z-6hPJaRGoaw83wow-hl90J5982h1v7IXmCGXC3aTKSumfptOTQ9yn7TrCLYr--4LgywlunkSaqZj9i-LM-Fuuq57KCNPEVew3ck6BOiMlOSkBpK36QXhyL18POJIZvMAWBhVa7Iay2_OS8kZeo7zCOl6iuHDtTeY-A6n2AdAGqByq9RcGFXdstu4-wu2K9yJRqgWX1FwR8xWiKLvJRulaGcTiNId73cIHcfCvkUdeQeEAd42oLzw-kM_Nd3lPMQybYmgBsnTkXs24WDzsmi2NoeXFGqbZBueEW_SIzF7vKECSekD4piQ3vM5YIGpTc4%26adurl%3D
Requested by: Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 0047a816cc080715ba587a8401d5ed00e8a32c680046b4ab2c00996f1b5da810

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4184
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 container.html Show response
9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 209E 6 KB
3 KB 61ms
59ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Wed, 19 Jun 2024 19:11:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 707C 624 B
245 B 101ms
98ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNVwkvYkIG-gOc98PQqOdyq0S-pV5UmGvIFMCztNOXD0blwL5SuMRw5xDSn2e0RU0A2RmfO5rZqb7UqFmWFJQpN-bXB8AtoV0HYY0cWbOgH_VoDkwFsgmv1DrW3T6SQgM_rI_XnDqmXmCQg4CoIEVw21KLI26r38phHkKhqjkj4Rk4bqz_I

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:31 GMT
expires: Tue, 20 Jun 2023 19:11:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0DEF 78 KB
27 KB 163ms
160ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0DEF 42 B
63 B 94ms
91ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AyIU_w9XWOVUtvyq8Si1FvPKDaGPsMbTv43co4Hiet54U8miYoCSqPu8VCBcmhQCXYumjq5jf8IYFrR8HSt2MZGzI_TCnxFaQn3YlC7mX2Gu7AFCo

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0DEF 0
20 B 93ms
90ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=8560350861175501960&x=1&ct=76

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 0DEF 3 KB
1 KB 69ms
65ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 0DEF 19 KB
8 KB 60ms
57ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0DEF 178 KB
56 KB 95ms
92ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:31 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0908 22 KB
8 KB 58ms
57ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19104
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 209E 0
0 102ms
101ms Fetch
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C32ZF4vmRZNfcHu289u8PhP2VyATPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgT0AU_QvHJsRPbFcOX0rdtiUdWNhiBn4IqFAV_o1r7SV832E_uHiK5DI85eANWaPCzfAHO70YIwNckjTDgVAE0dek6Gk5AJOEBZf73s5obad2pb5vPGW77l3ZyNGG1WIpNIc0LFgkTU8eMdsOhzzP0KFEfbIlulimROuzUdi8bFUCPgschtwe4mxpTdw27rs_Yfth5FsftsEwqq952yGsZPhVoho_RsbDEXnLRztbqY-2bftB6PtMkSIX41CjhouKpoGllQyD9NtWFwCxOqRScF8fpSI7Sb-54idnP1iSdTGPEEsMPP_2VlLdSAFHu0n213jKOpIUjgBAGABrz2rs3nwIiOD6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=9SjXv_REopA&uach_m=[UACH]&cid=CAQSbQBygQiD0VDs5uHQZTm8wlfzbD5AXoPpoEnTMS0a8XL5fp-np9WH9ULaHeSkuo6kDdLXw_cqF9quwcHBEBTugV3autkmOmx-_f0Khg650yA4pMG9XkNVHIthv3rJAqh8VMiaZ5GrKly_GOU-qj4YAQ&tpd=AGWhJmuuK2VeZffNesf9yhmvSEzQkeSRy2dVSkENsSuOWDjgouvDGQXcrkA89xgAEggN6RZgDm3GnjBz67MTRa-iIg_MsbWcTWJ0OySaUFAIr0cMh4k81Mw1LSP3vl_3w6l_565xgty31A_yRO1qawxO-f5TItiz77m4zwqpXestY48cQ83BCzT3SoAenz1YU5BiyRbAlVGiBShHV2v8zBYRym3lA4T-Or4RbTUtJ5IUnnUSHfFAEya8lsPLPNOHNsiSEePaDOb-RgcvfWiK9wcPdFNr6RdrdBTuMwIG0xW0f76VQWvFpsXRXVbmIfk4CNxB9jT2H0eF2-pvQDC9I-ksF8yyx1cxscdQKYV3Bc2WmzZuXCHILv3EpKkjkQGeUzQSliimU_DYIgQ0chx0EU2UTUjJWR289d4DBaSLiCCSyhwP2DqA_VJup8qMp-LL62drpjbeVbaILmIJeWncTS8Mr9Nn6C6E3eASkaWxECfrLrUbcKdiDFFk0G2DXKYCaGDw1IzV6eHtd5HVFGSPnbKz7tWEKwAM_Ku0brhBiVjSZbCD63gdRuv_YeHjiM-zD1hvIUeMAZY4EwAHYzTbFFhhFyUL1QTcoodKQk8WP15smyqHbJ9k8AUVg99XRCod-xS0p_i-B1ShzY5JCqKeNZ53lsVlLZUotfey2EyqmNDHWpzcLTzKJ3iWUr0lXIZBlybUqHZj9bdngeKH0nElroRXqHFQtxyNd0Ort-88MIw8UHWpAKsj2KGY1A3hS61eNlyM49MaTOFt3ccFUrglr9sneB2NZZrbKILp7yblgBj0hMawgR7tfHK_VUqpS2inGtQ6mfFVzMfu1uV21kYYKZDfQLswuiJXKk1R08ASdZs-BrngJdg97kts3IlRCKp8nyEwXIJiVuPT6FJk-jEdNIByTF8FbivMMQ9F2o4ZbxRT82UeZADz8_EFOCWRXjkul014Z8ryEt-Nq5WZjizI9JD03ukuGMhfGyQ1sTYkdZFAJj9WaBlAx6z1DQijaVN-Hvx-DwkGzmSAsx76pclt__7kqInEx0WgwAlLEomKZSMZnw4XwV3xDUdnDIoFmNxmzVRt2Q8fdCopg1X-ae9s6ZgU7rjsACCJ2EfgSzH5i2wbXRk
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 209E 3 KB
2 KB 110ms
34ms Script
application/x-javascript 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRRMll6WXlZelV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzY3MjM3MjEyNjA1NDU2NjU5OS82NjIyMzI2LzQ1NjIzMDYvNC9ESFNDM3Nsb1NycWg5enJyUjFEdTU2THBwVXJaZzNVN1U2RTlEc0sxa3NJLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzY3MjM3MjEyNjA1NDU2NjU5OS96cmgvMC80MTcvODgvOTk5LzE2Mi8yYTAzOjFiMjA6Yjo6LzAuMDAwLzE2ODcyODgyOTAvMTY4NzMwMDg5MC80L3B1Yi03OTgzNjUxMjU3ODM4MjgyLw/XLxJC-I_WDMqTBldkQuCzyy1sbo&nodeid=4826&group=zrh&auctionid=672372126054566599&pbs_auctionid=672372126054566599&shardkey=672372126054566599&sid=4562306&cid=6622326&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.229&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHgF-4vmRZNfcHu289u8PhP2VyATPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgT3AU_QvHJsRPbFcOX0rdtiUdWNhiBn4IqFAV_o1r7SV832E_uHiK5DI85eANWaPCzfAHO70YIwNckjTDgVAE0dek6Gk5AJOEBZf73s5obad2pb5vPGW77l3ZyNGG1WIpNIc0LFgkTU8eMdsOhzzP0KFEfbIlulimROuzUdi8bFUCPgschtwe4mxpTdw27rs_Yfth5FsftsEwqq952yGsZPhVoho_RsbDEXnLRztbqY-2bftB6PtMkSIX41CjhouKpoGllQyD9NtWFwCxOqRScFs_hzsRgnX5mv0jteUWf86OwQun_F0X2EkBTAu4EVgUFvIjoVJsVn5lngBAGABrz2rs3nwIiOD6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3vWCGo6jrGqBN2vJJswkeTonAk9w%26client%3Dca-pub-7983651257838282%26adurl%3D
Requested by: Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.392.3 /
Resource Hash: 9474117b134ad31332a715c7e37d1dc02de17c20d8cc6ebc473fdc2eda01e2b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
x-mm-nodeid: 4826
Content-Encoding: gzip
x-mm-bid-request-time: 1687288290
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Tue, 20 Jun 2023 19:11:30 GMT
Server: MMBD/3.392.3
x-mm-latency: 1 (0)
x-mm-notify-action-done: LD5wfw
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: zrh-router-x22, zrh-bidder-x1
x-mm-lag: 1
Expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 209E 3 KB
1 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 209E 19 KB
8 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 209E 24 KB
6 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 23:46:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 415515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 14 Jun 2024 23:46:16 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 209E 178 KB
56 KB 94ms
94ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:31 GMT

GET
H/1.1

200
OK

request.php Show response
hal900010.redintelligence.net/ Frame 63CC
Redirect Chain

https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=fab8f966e2&subid=&uid=f5b78403d2092dcd&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=fab8f966e2&subid=&uid=f5b78403d2092dcd&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

613 B
937 B

186ms
112ms

Script
application/x-javascript

138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=fab8f966e2&subid=&uid=f5b78403d2092dcd&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVw74vmRZM-NDvGj9u8Pt4CniAem5b2gaa2VnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpArJnLxtrSbI-qAMBqgTdAU_QZcbRNo4TG_MKVtUggRUvo7-SO2Nt3hpft39QXxiWNXSwaEEU1INKyJhTmB-fkkkHR8N4sFNtqzHSlw5uVyTWpU4Z8Y-etiYJQdYKpqbW5y76dhXc4hu_3f19KJqyy-6xR0B6vzpMlI0N2sJXZiF8D2IVfJIotk4um_5j2oxIvBHcEtFB4RZKmVs3w3W2NTsTNuT9AvfpLccOpXbZso0nqW1gcHU7jE9ggs8zCmx76BUWjCZHkiyNIzjYwm2TxaP-TbpbCuePYA2cQVYBxqM_hdNDl5f7OuV_xfj7wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGiDAgqBgoEw7CxArATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD7fO3vghAvWc9IAAQha7oqDGP92gX6i0dYudvxrDuAShJ_MfEs1_nzt9_FUqP5KEeYetkgHEaB1RDVoiOHNJGiySV6gqu_Y2i1d_qeV2s-2YA6afQk6XO0wyQZdQjWxkha28Z_4opHN8YAQ%26sig%3DAOD64_0iZW8Aqj8F4ECW8A1tFrja6jWcAA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-AxDZGLTcLZfyPtqtbXJlIOOjrx4AMCiZbtygDnMfPacQ_wQ0oPcFENsiCpBdAg29JdtKLs07tokg4n3lnNbAmj4jhUDX1enYWQPEcojEIpGV2Rrb3FjMtJnWdVoWmY8k3IeGcDznJUUshRYzz0sxZAt7u63dRsKbgcebUvVdlCL8VcPa8%26cry%3D1%26dbm_d%3DAKAmf-Cm9OsjrHir-pf-tezHz_eTb-o9_g5VPAxKeC83xTC7wI2dneX51eaa_fIYhn7a5CtMXbnTFvbFHJ_rkZ767ZI1hna6yaRJaIhcvu5ZiS2kIntqc84Tj95RWpxGd0qPYNOSp5c8Wrt7LutI3_M1o4r8g6uHuf0rKa29eWQ1T0CU_oBAJoK-8YD1C13usHur5qWO0DPxfiv99xbUBdXIUGX-hWqriZQwjGIPF7m1OfORG87-CC4z-6hPJaRGoaw83wow-hl90J5982h1v7IXmCGXC3aTKSumfptOTQ9yn7TrCLYr--4LgywlunkSaqZj9i-LM-Fuuq57KCNPEVew3ck6BOiMlOSkBpK36QXhyL18POJIZvMAWBhVa7Iay2_OS8kZeo7zCOl6iuHDtTeY-A6n2AdAGqByq9RcGFXdstu4-wu2K9yJRqgWX1FwR8xWiKLvJRulaGcTiNId73cIHcfCvkUdeQeEAd42oLzw-kM_Nd3lPMQybYmgBsnTkXs24WDzsmi2NoeXFGqbZBueEW_SIzF7vKECSekD4piQ3vM5YIGpTc4%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=3319256647040&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 8f90a860475d599e6557da3e2bb2b5457fd61904ef200f5b42743ddbcb88b6ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 49689900114510704444554012361010
Connection: close
Content-Length: 331
Expires: Tue, 20 Jun 2023 20:11:31 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=fab8f966e2&subid=&uid=f5b78403d2092dcd&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVw74vmRZM-NDvGj9u8Pt4CniAem5b2gaa2VnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpArJnLxtrSbI-qAMBqgTdAU_QZcbRNo4TG_MKVtUggRUvo7-SO2Nt3hpft39QXxiWNXSwaEEU1INKyJhTmB-fkkkHR8N4sFNtqzHSlw5uVyTWpU4Z8Y-etiYJQdYKpqbW5y76dhXc4hu_3f19KJqyy-6xR0B6vzpMlI0N2sJXZiF8D2IVfJIotk4um_5j2oxIvBHcEtFB4RZKmVs3w3W2NTsTNuT9AvfpLccOpXbZso0nqW1gcHU7jE9ggs8zCmx76BUWjCZHkiyNIzjYwm2TxaP-TbpbCuePYA2cQVYBxqM_hdNDl5f7OuV_xfj7wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGiDAgqBgoEw7CxArATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD7fO3vghAvWc9IAAQha7oqDGP92gX6i0dYudvxrDuAShJ_MfEs1_nzt9_FUqP5KEeYetkgHEaB1RDVoiOHNJGiySV6gqu_Y2i1d_qeV2s-2YA6afQk6XO0wyQZdQjWxkha28Z_4opHN8YAQ%26sig%3DAOD64_0iZW8Aqj8F4ECW8A1tFrja6jWcAA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-AxDZGLTcLZfyPtqtbXJlIOOjrx4AMCiZbtygDnMfPacQ_wQ0oPcFENsiCpBdAg29JdtKLs07tokg4n3lnNbAmj4jhUDX1enYWQPEcojEIpGV2Rrb3FjMtJnWdVoWmY8k3IeGcDznJUUshRYzz0sxZAt7u63dRsKbgcebUvVdlCL8VcPa8%26cry%3D1%26dbm_d%3DAKAmf-Cm9OsjrHir-pf-tezHz_eTb-o9_g5VPAxKeC83xTC7wI2dneX51eaa_fIYhn7a5CtMXbnTFvbFHJ_rkZ767ZI1hna6yaRJaIhcvu5ZiS2kIntqc84Tj95RWpxGd0qPYNOSp5c8Wrt7LutI3_M1o4r8g6uHuf0rKa29eWQ1T0CU_oBAJoK-8YD1C13usHur5qWO0DPxfiv99xbUBdXIUGX-hWqriZQwjGIPF7m1OfORG87-CC4z-6hPJaRGoaw83wow-hl90J5982h1v7IXmCGXC3aTKSumfptOTQ9yn7TrCLYr--4LgywlunkSaqZj9i-LM-Fuuq57KCNPEVew3ck6BOiMlOSkBpK36QXhyL18POJIZvMAWBhVa7Iay2_OS8kZeo7zCOl6iuHDtTeY-A6n2AdAGqByq9RcGFXdstu4-wu2K9yJRqgWX1FwR8xWiKLvJRulaGcTiNId73cIHcfCvkUdeQeEAd42oLzw-kM_Nd3lPMQybYmgBsnTkXs24WDzsmi2NoeXFGqbZBueEW_SIzF7vKECSekD4piQ3vM5YIGpTc4%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=3319256647040&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 20 Jun 2023 20:11:31 +0200

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame B5A6 107 B
122 B 66ms
66ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4F66 0
16 B 424ms
422ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407280060&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290877&bpp=2&bdt=303&idt=228&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&nras=1&correlator=374892577277&frm=8&ife=1&pv=2&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.aq1qt5jkv7bz&fsb=1&dtd=246

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8FCE 33 KB
13 KB 617ms
616ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290879&bpp=2&bdt=305&idt=249&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=374892577277&frm=8&ife=1&pv=1&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.pjkovxnwj8f6&fsb=1&dtd=260

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0dae36ea77e38910aca83e96b2c09986433604fb9011e2121dec6f6890c2fd9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 13759
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 707C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

43 B
766 B

35ms
35ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNVwkvYkIG-gOc98PQqOdyq0S-pV5UmGvIFMCztNOXD0blwL5SuMRw5xDSn2e0RU0A2RmfO5rZqb7UqFmWFJQpN-bXB8AtoV0HYY0cWbOgH_VoDkwFsgmv1DrW3T6SQgM_rI_XnDqmXmCQg4CoIEVw21KLI26r38phHkKhqjkj4Rk4bqz_I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 707C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJH54hJYL5K9sBrBhMALKwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

43 B
766 B

32ms
32ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNVwkvYkIG-gOc98PQqOdyq0S-pV5UmGvIFMCztNOXD0blwL5SuMRw5xDSn2e0RU0A2RmfO5rZqb7UqFmWFJQpN-bXB8AtoV0HYY0cWbOgH_VoDkwFsgmv1DrW3T6SQgM_rI_XnDqmXmCQg4CoIEVw21KLI26r38phHkKhqjkj4Rk4bqz_I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 707C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

43 B
1 KB

61ms
60ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNVwkvYkIG-gOc98PQqOdyq0S-pV5UmGvIFMCztNOXD0blwL5SuMRw5xDSn2e0RU0A2RmfO5rZqb7UqFmWFJQpN-bXB8AtoV0HYY0cWbOgH_VoDkwFsgmv1DrW3T6SQgM_rI_XnDqmXmCQg4CoIEVw21KLI26r38phHkKhqjkj4Rk4bqz_I

Protocol

HTTP/1.1

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
AN-X-Request-Uuid: 70cad898-018b-4731-a9de-8d19866a8720
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 193.32.248.225; 193.32.248.225; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 707C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

170 B
232 B

71ms
70ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.32.248.225; 193.32.248.225; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 249f4641-a813-4a82-a25d-0fdd4fdf2d1e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 container.html Show response
9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B832 6 KB
3 KB 58ms
57ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Wed, 19 Jun 2024 19:11:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 0908 37 KB
14 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104176
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Jun 2024 14:15:15 GMT

GET
H/1.1 200
OK 01qrvgnrrbds Show response
hal9000.redintelligence.net/zone/ Frame 209E 10 KB
4 KB 99ms
34ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/01qrvgnrrbds?subid=&gdpr=1&gdpr_consent=li&rnd=672372126054566599&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D5v4MSXmdlipJiPT5rCksuA%26exch_seat%3D20035004448%26mt_aid%3D672372126054566599%26mt_id%3D6622326%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D58246491-f9e3-4801-9479-0dd33de65782%26mt_cid%3D58246491-f9e3-4801-9479-0dd33de65782%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCHgF-4vmRZNfcHu289u8PhP2VyATPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgT3AU_QvHJsRPbFcOX0rdtiUdWNhiBn4IqFAV_o1r7SV832E_uHiK5DI85eANWaPCzfAHO70YIwNckjTDgVAE0dek6Gk5AJOEBZf73s5obad2pb5vPGW77l3ZyNGG1WIpNIc0LFgkTU8eMdsOhzzP0KFEfbIlulimROuzUdi8bFUCPgschtwe4mxpTdw27rs_Yfth5FsftsEwqq952yGsZPhVoho_RsbDEXnLRztbqY-2bftB6PtMkSIX41CjhouKpoGllQyD9NtWFwCxOqRScFs_hzsRgnX5mv0jteUWf86OwQun_F0X2EkBTAu4EVgUFvIjoVJsVn5lngBAGABrz2rs3nwIiOD6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3vWCGo6jrGqBN2vJJswkeTonAk9w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ca5c3fb19daf70bf5b201ab41fd5739384d818ca3c935e2566990d9d09d08210

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3452
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 209E 49 B
328 B 102ms
36ms Image
image/gif 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=672372126054566599&node_id=4826&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRRMll6WXlZelV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzY3MjM3MjEyNjA1NDU2NjU5OS82NjIyMzI2LzQ1NjIzMDYvNC9ESFNDM3Nsb1NycWg5enJyUjFEdTU2THBwVXJaZzNVN1U2RTlEc0sxa3NJLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzY3MjM3MjEyNjA1NDU2NjU5OS96cmgvMC80MTcvODgvOTk5LzE2Mi8yYTAzOjFiMjA6Yjo6LzAuMDAwLzE2ODcyODgyOTAvMTY4NzMwMDg5MC80L3B1Yi03OTgzNjUxMjU3ODM4MjgyLw/XLxJC-I_WDMqTBldkQuCzyy1sbo&nodeid=4826&group=zrh&auctionid=672372126054566599&pbs_auctionid=672372126054566599&shardkey=672372126054566599&sid=4562306&cid=6622326&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.229&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHgF-4vmRZNfcHu289u8PhP2VyATPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgT3AU_QvHJsRPbFcOX0rdtiUdWNhiBn4IqFAV_o1r7SV832E_uHiK5DI85eANWaPCzfAHO70YIwNckjTDgVAE0dek6Gk5AJOEBZf73s5obad2pb5vPGW77l3ZyNGG1WIpNIc0LFgkTU8eMdsOhzzP0KFEfbIlulimROuzUdi8bFUCPgschtwe4mxpTdw27rs_Yfth5FsftsEwqq952yGsZPhVoho_RsbDEXnLRztbqY-2bftB6PtMkSIX41CjhouKpoGllQyD9NtWFwCxOqRScFs_hzsRgnX5mv0jteUWf86OwQun_F0X2EkBTAu4EVgUFvIjoVJsVn5lngBAGABrz2rs3nwIiOD6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3vWCGo6jrGqBN2vJJswkeTonAk9w%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.392.3 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: MMBD/3.392.3
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x66, zrh-bidder-x1
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 209E 43 B
418 B 162ms
68ms Image
image/gif 95.101.148.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=672372126054566599&v3=651871&v4=4562306&v5=6622326&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRRMll6WXlZelV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzY3MjM3MjEyNjA1NDU2NjU5OS82NjIyMzI2LzQ1NjIzMDYvNC9ESFNDM3Nsb1NycWg5enJyUjFEdTU2THBwVXJaZzNVN1U2RTlEc0sxa3NJLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzY3MjM3MjEyNjA1NDU2NjU5OS96cmgvMC80MTcvODgvOTk5LzE2Mi8yYTAzOjFiMjA6Yjo6LzAuMDAwLzE2ODcyODgyOTAvMTY4NzMwMDg5MC80L3B1Yi03OTgzNjUxMjU3ODM4MjgyLw/XLxJC-I_WDMqTBldkQuCzyy1sbo&nodeid=4826&group=zrh&auctionid=672372126054566599&pbs_auctionid=672372126054566599&shardkey=672372126054566599&sid=4562306&cid=6622326&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.229&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHgF-4vmRZNfcHu289u8PhP2VyATPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgT3AU_QvHJsRPbFcOX0rdtiUdWNhiBn4IqFAV_o1r7SV832E_uHiK5DI85eANWaPCzfAHO70YIwNckjTDgVAE0dek6Gk5AJOEBZf73s5obad2pb5vPGW77l3ZyNGG1WIpNIc0LFgkTU8eMdsOhzzP0KFEfbIlulimROuzUdi8bFUCPgschtwe4mxpTdw27rs_Yfth5FsftsEwqq952yGsZPhVoho_RsbDEXnLRztbqY-2bftB6PtMkSIX41CjhouKpoGllQyD9NtWFwCxOqRScFs_hzsRgnX5mv0jteUWf86OwQun_F0X2EkBTAu4EVgUFvIjoVJsVn5lngBAGABrz2rs3nwIiOD6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3vWCGo6jrGqBN2vJJswkeTonAk9w%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.148.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-148-198.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master cdg cdg-pixel-x25 config_version:"1438" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x25 config_version:"1438"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Tue, 20 Jun 2023 19:11:30 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 209E 49 B
328 B 102ms
34ms Image
image/gif 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=672372126054566599&st=4562306&time=1687288291&nodeid=4826
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWkRRMll6WXlZelV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzY3MjM3MjEyNjA1NDU2NjU5OS82NjIyMzI2LzQ1NjIzMDYvNC9ESFNDM3Nsb1NycWg5enJyUjFEdTU2THBwVXJaZzNVN1U2RTlEc0sxa3NJLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzY3MjM3MjEyNjA1NDU2NjU5OS96cmgvMC80MTcvODgvOTk5LzE2Mi8yYTAzOjFiMjA6Yjo6LzAuMDAwLzE2ODcyODgyOTAvMTY4NzMwMDg5MC80L3B1Yi03OTgzNjUxMjU3ODM4MjgyLw/XLxJC-I_WDMqTBldkQuCzyy1sbo&nodeid=4826&group=zrh&auctionid=672372126054566599&pbs_auctionid=672372126054566599&shardkey=672372126054566599&sid=4562306&cid=6622326&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.229&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHgF-4vmRZNfcHu289u8PhP2VyATPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgT3AU_QvHJsRPbFcOX0rdtiUdWNhiBn4IqFAV_o1r7SV832E_uHiK5DI85eANWaPCzfAHO70YIwNckjTDgVAE0dek6Gk5AJOEBZf73s5obad2pb5vPGW77l3ZyNGG1WIpNIc0LFgkTU8eMdsOhzzP0KFEfbIlulimROuzUdi8bFUCPgschtwe4mxpTdw27rs_Yfth5FsftsEwqq952yGsZPhVoho_RsbDEXnLRztbqY-2bftB6PtMkSIX41CjhouKpoGllQyD9NtWFwCxOqRScFs_hzsRgnX5mv0jteUWf86OwQun_F0X2EkBTAu4EVgUFvIjoVJsVn5lngBAGABrz2rs3nwIiOD6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3vWCGo6jrGqBN2vJJswkeTonAk9w%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.392.3 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: MMBD/3.392.3
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x74, zrh-bidder-x1
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 20 Jun 2023 19:11:30 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0DEF 0
20 B 91ms
90ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2873456379397&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0DEF 0
20 B 91ms
91ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2873456379397&version=m202301230201&ct=76&x=1&cor=8560350861175502000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0DEF 93 KB
37 KB 101ms
100ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bqt9Y_d0ftpHRBMWfDvoNttWVv6Gb2W5IrLpy1TK4nK4NsiHovDwMSy71d2tB0cyE5uAbd9QpKw7a8FgHP55nkdby3HmMPlC_QhS9_q46h0227Sfg&cry=1&dbm_d=AKAmf-D8YAo_yjRvJ1KBmdkrwqt_KL132biEHlS7Y0xKL7nFgOEatbPR41WNKobHTsQejsJ9Y5_4eFSONU72lScIL_6PEviYGrY6wOhRU0xyfY757-1wxWM2kxyKukWH_QmZ3QsVEC99fzl0lkRXlNL1hDczEOO6W0Srw8RjSPPruqei0g1SogG_5Zb2X9eqYUMKtm1QpmNILoIEOwOdo3VTWrK6lJmifsaLEl893q-b-FNB_X-KIETP0ddAbm2SMyVwnMjlRFAQereZy6cj_FBQfpBy3dvoybIIAbMkwLDylBGhi1epJ0lDDlON9iZz7W9BVW3zela6YjFGSl34HcvrmF0TG5sdGZmxKen-h0mLrWKTT_CHWw877nnU0_rNAOq6fTkAP9oUqrtyyWuy3bz2VzeAGVVegS2I-K3UVDTpG4LIVJLJxIA4NQxWxDLRK20SxdG305--TvOwG9-NeZ1366NLZL_pm8m4izmkyvnbpamdFUcHfNntKJeBTZJI-0kE59kK5ja2ujbbWqIkQAH4QCCr9bhyikPl7zwH4DBu40TluXUmbfZ86AXAJRvsN0jLbV_6_CJqwbNOjPbaStG9dCwMlpNZU0-Ove7xiwhY35Nf_isKz1kGhlxJZCa5_7RWWGIkbhI_tNhAiFk8fU_RUVghvpSNP27HLgd3uVtPeqd0C-5bWVH25vvtDVdK9nQkkHH8nzrAZ8JPu6C8zrIiTKfKNY5Nogbb8tJwWmAYjoajH9-WFYCMSnH1lDMFZjfx9wtdAl4Ll50BtTAO-_xA1A7KNXUv0c91vWyncrE5lAwYbXN4Lef7Z5OozNyUu6rJVrG15s5LYL_nRnln41yFxgs7rHjbPQEaOqL-6-r4bC24oZ0XOsyxUMXdl-Gx-s5xFrjohP4zTqBgTo-NUzzlMNCTMZd6yMqwIaiHe_pDzVP5Cl2WOqXfai6twwug0jsLPx85UbVORrGZmkOmhe2IlQmBDEMuYiXOlxT7frvcGLBRULZ_5OLktLLUxWYfWuVwEmxN4iUQ6V10u38e_MSszKQ6mDajO7atz3B_yZmt1HIXqU0eNxrWKDp6raRvI5rBGzZvv2sYtpgvu8tmAYgEK229gluUm8QgcZJK_3ZKXJ0wKe1g8LL45whsfRoumL88An1J2WihUNiRAFg6l6wxuCnGh9UM6L20MYleqtxyI8-35fXlENo8CniG7-dV3UO9_Ia--UCQG50yzczH1kJ-2wDbK1BxXiqPyk-I-wzlO_lLdC0K3Bn7Lc-S8uFM3VAj8eFWoilwnuO4lxxGepB2v1kpxvL0pWLmPuuV04jG5dt0vYfzEbisAq7NC9Jv0IX61ZajE4Nq1HYgjKjckZccp8LdIlLc3TApWNG7r4BYH_nY2HDdzvhz5r-u08MqHEk8sapO4C5Jta4TFQ01tqYWSZc4cgMBX_fiXBC-Q6LuWDliYDkxgbS6sclyVyYQm3nAxSqrEUYXNrgi8AhVdRSCv_TUYQheaoxudkfxJb43GsZOj9kSSW9TvOki7ZfLYEIgQbqbqprRlQFRRyWFJ9fSRwl_xgGROCAIj6qtakbqeajLwDW0tL_a_K13D5BwwK8_yIQe27GDOExa4BFgtDe1ZQV3AN7wp7jJBEjtzAcd4amB0RjcZrg3-r2aEG8lbjyPQVQFcKH49GYSCYUQ2QxCW17kFyjbC8rSYcogdPRFg-Kc321BXKDO5VXKWri51Ixh_0kSpKf1vjEduL73fB0izrhRz5iknK6RTzfR90-jqG2NyBuJ-8GxXYD-nes3EwZV7JS76xFu3qTNDpFA5OwicZXAygt7tGga8jOdzpmsMR3ov7pnmeanXCEOY9PZ_v3bOMWwbgLZW1q4lP6PTb9rxlfY2tdASHkmakAtQqWs8ePVHZC-3EEWCnsbmybQ1Uruo_LA17jXDTGKa1gumgE_hjETtxC2tVdakj_isxt7c1TsWbaeWkoV_LBsJm__gjVhTiApMMfPgiF-Zy2LB5_xjxxjgY6Zd_ZhuGc0iJGCv423V5fqur4QW4i-3qXjfNQXfkj4g7nMjz9KUDjEp7tz856HllUXUmxf9bHMADjUI4Br-wmNcf-2V4uY4NkAPpBPfe125Hd6R372i_F4ocDhyIWYRwIC_98kGy1-kSRcvts_wzN4gJXKrQauZJ1Nw3FpnAib2yw44EPQyE2oN902aFw1JCaAlne4kYIM6JiePPNV8CKz0wnDBmP7XENWmTGrCmhNgJ9A0103zF7U6gL4eO69Ss2Zw78GDoadKEWUoonoI-3u4yzWmjfjefEkuwAT5gHmZu2x6NlRVSRNsUCQPMS1PyMKXapxbUuaKH_gzHGUSX3vF8_p6rppfkX80sqs3EGgA84mA7zE4tzGoyS9LdMHI6VxfMcGFSbKWb1nenSEhy2Nwdkx3IRbJzx3kMADZOABvS-WwaoluoPJC8bVllzNPtq9nHWmljirKf7oEoKmBwk6-DIcr4NW33k_OAVR7U3lGbJt5x9dBlFwnGH7RknJZdsZR_4WgDxK42yEBGfcjvJ33ayrezevvUoCESP2qrsP14pzC99wCA1vC_hk4Lvrd9-AEKo4dgC6FYchHK-bUolKZdJ-BdVOndzoJPUiowIeaSqWWiL8p1AhGh6hoynMsVB9CojvkL7KMQ3t-dK_mBvTvrPa-KAlTb8xVJxueFseAjFmQgDT8EnwYHzgaE-3kQO1ih0sJ6KXuzdPYdU1MXYtnkKzc5PE-OadNPMEdds2vCEu1IxLakfdzJhP-Fp-edLKWm_Q6FGsGdNULe1JxAVZth-YnQ6QVRl5sVgdN_k3tiFYWwr4YY1lfOGMAST_DnlfpXemM1TGVmwfCVOKRVPvm2oOSssNH11Zbr6dvQG5pDNMEh0Zp-DrZ9tCH-JuXs55-b5EXJz4Axw46BEhtTr0T0at-ifgICOZWqrELtl5gvj05Gh7pa2ez9vMkupkJ69d8X6Kuui4_DZV-irhvDbMJmNpDV9emYLknc58wWyaNJsl8buRVoJtjw8iBdLs5kaa2F9riFFKQCxKW-5hQFo96XPRB4rU4PFHLQZ1hVS-qU6sEIijliZU5DgqPKh9lMjuBje9IQ2KrlNxeUv0rry-_h0gGMxcki4kIv_mu8tFbXVDZgyCD19MVTl6YZKM7AwaEm2i5dqDsUZ7CuGdGMcASuoSuTzrQL3kd1A8TUYoQeIJ4s9cnba-Tw77w3L8uw932Bb4i4KdcUjW20blpOfjZ6NkQqROH2gqVDdmiyolL4qjEqXBwg0NATE3KLMYXYiu_LbhrS6fOUVc1mFsM7sJrl_u6b1WtW2QXZCqjVZHGpyxw0gZrBUnlC2hNeYX-NxnpgYnF7EQwSnCPY2E-dkw5A2w_IseOOphn4le0GsnnNrbVmyO3JMSCVY9G3jR4dbNdSchM_fJyxqPV0gZP9BMcTE6MipcmOYNQjjkFLoezbqmKGr2yRwLX7VQiYS5RJuBtesbIJan1sa5iDzZJ_Igq-VGqb6rxax2CR_2vN_ZphcaLc3iZT5p9RHBSxjldoiSWv-C3rklwo6GHGHXRaLLUgiKxLI3Xc6ykG7U-w0ypbDI9PlPHbeeypeSz948oafo-kbA8VQwKbFEdqLMW3bIcvDaRa4syUbFX95Ts2_YenrJqnTzckFrBlKZ61W2fwq-3zo6859KgMx-_wVB2J7l4O-WdwHaYxz5npzIV2e23GZ6NM23JF7ac-O_k6laPRY3Mg&cid=CAQSbQBygQiDM_usm38FjDv0WRqD97qsXvXJrE-fWZBhSyIOiXs9KIPHyu_TKbEn1S1oQCv6AFgaP9tBB-0dRYOQV0UovwmtZYEv8BfRdsRrWXD98t8A0613YMs0TzxFVcdGORe-nnW88nCAT8W79ZIYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=8560350861175502000&adk=2465470143&idt=169&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b6e64fb4f7dc6e06c31450af7033ee08398836e5ed52b08d17443850d979912

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38122
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6E01 624 B
245 B 103ms
99ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUYV6BtFpXJ3ky4s7ACWC0wVfRrzD4ykJo2jvf4yR3GegJRVhWBQ92GkoITSvTaOni2F6PzugMMNMAPTdEh_bsz7WmXnkZ6NHkNhLZvsZm_KyEmNoWzCRPa2kMxVG5F9i6S50Do54kDRxTWqxIm3piUvXLjlMB6p-AAry4_xVFKduSr3nQ

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:31 GMT
expires: Tue, 20 Jun 2023 19:11:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B832 78 KB
27 KB 121ms
121ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B832 42 B
63 B 95ms
92ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C3QNIFrOzNOQRA1yZ06EHlQAXARjGPPnsIWMYXNLi5Sg4dO6AYmM20zfZ5g1YNK9lAVZQPSG3rkZWP4I8kCU_xC55Ck8Hko8T-Uh3FSm9V5fnDmd8

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B832 0
20 B 96ms
92ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16543211641003719625&x=1&ct=77

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame B832 3 KB
1 KB 60ms
57ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame B832 19 KB
8 KB 61ms
57ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B832 178 KB
56 KB 113ms
110ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:31 GMT

GET
H3 200 container.html Show response
9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F89D 6 KB
3 KB 59ms
57ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Wed, 19 Jun 2024 19:11:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request.php Show response
hal900029.redintelligence.net/ Frame 209E 0
394 B 288ms
209ms Script
application/x-javascript 88.99.219.174

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/request.php?zone=01qrvgnrrbds&nw=20&renderingType=javascript&namespace=9ed36fc99a&subid=&uid=b02aae703361affb&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D5v4MSXmdlipJiPT5rCksuA%26exch_seat%3D20035004448%26mt_aid%3D672372126054566599%26mt_id%3D6622326%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D58246491-f9e3-4801-9479-0dd33de65782%26mt_cid%3D58246491-f9e3-4801-9479-0dd33de65782%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCHgF-4vmRZNfcHu289u8PhP2VyATPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgT3AU_QvHJsRPbFcOX0rdtiUdWNhiBn4IqFAV_o1r7SV832E_uHiK5DI85eANWaPCzfAHO70YIwNckjTDgVAE0dek6Gk5AJOEBZf73s5obad2pb5vPGW77l3ZyNGG1WIpNIc0LFgkTU8eMdsOhzzP0KFEfbIlulimROuzUdi8bFUCPgschtwe4mxpTdw27rs_Yfth5FsftsEwqq952yGsZPhVoho_RsbDEXnLRztbqY-2bftB6PtMkSIX41CjhouKpoGllQyD9NtWFwCxOqRScFs_hzsRgnX5mv0jteUWf86OwQun_F0X2EkBTAu4EVgUFvIjoVJsVn5lngBAGABrz2rs3nwIiOD6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3vWCGo6jrGqBN2vJJswkeTonAk9w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=5122967705568&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/01qrvgnrrbds?subid=&gdpr=1&gdpr_consent=li&rnd=672372126054566599&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D5v4MSXmdlipJiPT5rCksuA%26exch_seat%3D20035004448%26mt_aid%3D672372126054566599%26mt_id%3D6622326%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D58246491-f9e3-4801-9479-0dd33de65782%26mt_cid%3D58246491-f9e3-4801-9479-0dd33de65782%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCHgF-4vmRZNfcHu289u8PhP2VyATPh46bXMCG2YLGAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgT3AU_QvHJsRPbFcOX0rdtiUdWNhiBn4IqFAV_o1r7SV832E_uHiK5DI85eANWaPCzfAHO70YIwNckjTDgVAE0dek6Gk5AJOEBZf73s5obad2pb5vPGW77l3ZyNGG1WIpNIc0LFgkTU8eMdsOhzzP0KFEfbIlulimROuzUdi8bFUCPgschtwe4mxpTdw27rs_Yfth5FsftsEwqq952yGsZPhVoho_RsbDEXnLRztbqY-2bftB6PtMkSIX41CjhouKpoGllQyD9NtWFwCxOqRScFs_hzsRgnX5mv0jteUWf86OwQun_F0X2EkBTAu4EVgUFvIjoVJsVn5lngBAGABrz2rs3nwIiOD6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3vWCGo6jrGqBN2vJJswkeTonAk9w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 29355400140513500951393012361029
Connection: close
Content-Length: 0
Expires: Tue, 20 Jun 2023 20:11:31 +0200

GET
H2 206 Philips_utu_DB.mp4
rek-n18.nktcdn.com/data/ads/mockups/philips/ Frame 4A64 29 KB
30 KB 136ms
136ms Media
video/mp4 185.7.176.218
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://rek-n18.nktcdn.com/data/ads/mockups/philips/Philips_utu_DB.mp4
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.218 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a9baef98a9f2b4098a8e9e4c62b30f1d89054be3b7dbca5058a7f13fe95a1887

Request headers

Referer: https://ye-mek.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Range: bytes=2883584-

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
last-modified: Wed, 19 Apr 2023 06:23:17 GMT
server: openresty/1.15.8.3
x-amz-request-id: tx00000000000000c6ef474-00649156f7-9e2f20a7-default
content-type: video/mp4
Content-Range: bytes 2883584-2913708/2913709
cache-control: max-age=5184000
Content-Length: 30125

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 0DEF 172 KB
61 KB 208ms
57ms Script
text/javascript 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Origin: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32047
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame 0DEF 11 KB
4 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bqt9Y_d0ftpHRBMWfDvoNttWVv6Gb2W5IrLpy1TK4nK4NsiHovDwMSy71d2tB0cyE5uAbd9QpKw7a8FgHP55nkdby3HmMPlC_QhS9_q46h0227Sfg&cry=1&dbm_d=AKAmf-D8YAo_yjRvJ1KBmdkrwqt_KL132biEHlS7Y0xKL7nFgOEatbPR41WNKobHTsQejsJ9Y5_4eFSONU72lScIL_6PEviYGrY6wOhRU0xyfY757-1wxWM2kxyKukWH_QmZ3QsVEC99fzl0lkRXlNL1hDczEOO6W0Srw8RjSPPruqei0g1SogG_5Zb2X9eqYUMKtm1QpmNILoIEOwOdo3VTWrK6lJmifsaLEl893q-b-FNB_X-KIETP0ddAbm2SMyVwnMjlRFAQereZy6cj_FBQfpBy3dvoybIIAbMkwLDylBGhi1epJ0lDDlON9iZz7W9BVW3zela6YjFGSl34HcvrmF0TG5sdGZmxKen-h0mLrWKTT_CHWw877nnU0_rNAOq6fTkAP9oUqrtyyWuy3bz2VzeAGVVegS2I-K3UVDTpG4LIVJLJxIA4NQxWxDLRK20SxdG305--TvOwG9-NeZ1366NLZL_pm8m4izmkyvnbpamdFUcHfNntKJeBTZJI-0kE59kK5ja2ujbbWqIkQAH4QCCr9bhyikPl7zwH4DBu40TluXUmbfZ86AXAJRvsN0jLbV_6_CJqwbNOjPbaStG9dCwMlpNZU0-Ove7xiwhY35Nf_isKz1kGhlxJZCa5_7RWWGIkbhI_tNhAiFk8fU_RUVghvpSNP27HLgd3uVtPeqd0C-5bWVH25vvtDVdK9nQkkHH8nzrAZ8JPu6C8zrIiTKfKNY5Nogbb8tJwWmAYjoajH9-WFYCMSnH1lDMFZjfx9wtdAl4Ll50BtTAO-_xA1A7KNXUv0c91vWyncrE5lAwYbXN4Lef7Z5OozNyUu6rJVrG15s5LYL_nRnln41yFxgs7rHjbPQEaOqL-6-r4bC24oZ0XOsyxUMXdl-Gx-s5xFrjohP4zTqBgTo-NUzzlMNCTMZd6yMqwIaiHe_pDzVP5Cl2WOqXfai6twwug0jsLPx85UbVORrGZmkOmhe2IlQmBDEMuYiXOlxT7frvcGLBRULZ_5OLktLLUxWYfWuVwEmxN4iUQ6V10u38e_MSszKQ6mDajO7atz3B_yZmt1HIXqU0eNxrWKDp6raRvI5rBGzZvv2sYtpgvu8tmAYgEK229gluUm8QgcZJK_3ZKXJ0wKe1g8LL45whsfRoumL88An1J2WihUNiRAFg6l6wxuCnGh9UM6L20MYleqtxyI8-35fXlENo8CniG7-dV3UO9_Ia--UCQG50yzczH1kJ-2wDbK1BxXiqPyk-I-wzlO_lLdC0K3Bn7Lc-S8uFM3VAj8eFWoilwnuO4lxxGepB2v1kpxvL0pWLmPuuV04jG5dt0vYfzEbisAq7NC9Jv0IX61ZajE4Nq1HYgjKjckZccp8LdIlLc3TApWNG7r4BYH_nY2HDdzvhz5r-u08MqHEk8sapO4C5Jta4TFQ01tqYWSZc4cgMBX_fiXBC-Q6LuWDliYDkxgbS6sclyVyYQm3nAxSqrEUYXNrgi8AhVdRSCv_TUYQheaoxudkfxJb43GsZOj9kSSW9TvOki7ZfLYEIgQbqbqprRlQFRRyWFJ9fSRwl_xgGROCAIj6qtakbqeajLwDW0tL_a_K13D5BwwK8_yIQe27GDOExa4BFgtDe1ZQV3AN7wp7jJBEjtzAcd4amB0RjcZrg3-r2aEG8lbjyPQVQFcKH49GYSCYUQ2QxCW17kFyjbC8rSYcogdPRFg-Kc321BXKDO5VXKWri51Ixh_0kSpKf1vjEduL73fB0izrhRz5iknK6RTzfR90-jqG2NyBuJ-8GxXYD-nes3EwZV7JS76xFu3qTNDpFA5OwicZXAygt7tGga8jOdzpmsMR3ov7pnmeanXCEOY9PZ_v3bOMWwbgLZW1q4lP6PTb9rxlfY2tdASHkmakAtQqWs8ePVHZC-3EEWCnsbmybQ1Uruo_LA17jXDTGKa1gumgE_hjETtxC2tVdakj_isxt7c1TsWbaeWkoV_LBsJm__gjVhTiApMMfPgiF-Zy2LB5_xjxxjgY6Zd_ZhuGc0iJGCv423V5fqur4QW4i-3qXjfNQXfkj4g7nMjz9KUDjEp7tz856HllUXUmxf9bHMADjUI4Br-wmNcf-2V4uY4NkAPpBPfe125Hd6R372i_F4ocDhyIWYRwIC_98kGy1-kSRcvts_wzN4gJXKrQauZJ1Nw3FpnAib2yw44EPQyE2oN902aFw1JCaAlne4kYIM6JiePPNV8CKz0wnDBmP7XENWmTGrCmhNgJ9A0103zF7U6gL4eO69Ss2Zw78GDoadKEWUoonoI-3u4yzWmjfjefEkuwAT5gHmZu2x6NlRVSRNsUCQPMS1PyMKXapxbUuaKH_gzHGUSX3vF8_p6rppfkX80sqs3EGgA84mA7zE4tzGoyS9LdMHI6VxfMcGFSbKWb1nenSEhy2Nwdkx3IRbJzx3kMADZOABvS-WwaoluoPJC8bVllzNPtq9nHWmljirKf7oEoKmBwk6-DIcr4NW33k_OAVR7U3lGbJt5x9dBlFwnGH7RknJZdsZR_4WgDxK42yEBGfcjvJ33ayrezevvUoCESP2qrsP14pzC99wCA1vC_hk4Lvrd9-AEKo4dgC6FYchHK-bUolKZdJ-BdVOndzoJPUiowIeaSqWWiL8p1AhGh6hoynMsVB9CojvkL7KMQ3t-dK_mBvTvrPa-KAlTb8xVJxueFseAjFmQgDT8EnwYHzgaE-3kQO1ih0sJ6KXuzdPYdU1MXYtnkKzc5PE-OadNPMEdds2vCEu1IxLakfdzJhP-Fp-edLKWm_Q6FGsGdNULe1JxAVZth-YnQ6QVRl5sVgdN_k3tiFYWwr4YY1lfOGMAST_DnlfpXemM1TGVmwfCVOKRVPvm2oOSssNH11Zbr6dvQG5pDNMEh0Zp-DrZ9tCH-JuXs55-b5EXJz4Axw46BEhtTr0T0at-ifgICOZWqrELtl5gvj05Gh7pa2ez9vMkupkJ69d8X6Kuui4_DZV-irhvDbMJmNpDV9emYLknc58wWyaNJsl8buRVoJtjw8iBdLs5kaa2F9riFFKQCxKW-5hQFo96XPRB4rU4PFHLQZ1hVS-qU6sEIijliZU5DgqPKh9lMjuBje9IQ2KrlNxeUv0rry-_h0gGMxcki4kIv_mu8tFbXVDZgyCD19MVTl6YZKM7AwaEm2i5dqDsUZ7CuGdGMcASuoSuTzrQL3kd1A8TUYoQeIJ4s9cnba-Tw77w3L8uw932Bb4i4KdcUjW20blpOfjZ6NkQqROH2gqVDdmiyolL4qjEqXBwg0NATE3KLMYXYiu_LbhrS6fOUVc1mFsM7sJrl_u6b1WtW2QXZCqjVZHGpyxw0gZrBUnlC2hNeYX-NxnpgYnF7EQwSnCPY2E-dkw5A2w_IseOOphn4le0GsnnNrbVmyO3JMSCVY9G3jR4dbNdSchM_fJyxqPV0gZP9BMcTE6MipcmOYNQjjkFLoezbqmKGr2yRwLX7VQiYS5RJuBtesbIJan1sa5iDzZJ_Igq-VGqb6rxax2CR_2vN_ZphcaLc3iZT5p9RHBSxjldoiSWv-C3rklwo6GHGHXRaLLUgiKxLI3Xc6ykG7U-w0ypbDI9PlPHbeeypeSz948oafo-kbA8VQwKbFEdqLMW3bIcvDaRa4syUbFX95Ts2_YenrJqnTzckFrBlKZ61W2fwq-3zo6859KgMx-_wVB2J7l4O-WdwHaYxz5npzIV2e23GZ6NM23JF7ac-O_k6laPRY3Mg&cid=CAQSbQBygQiDM_usm38FjDv0WRqD97qsXvXJrE-fWZBhSyIOiXs9KIPHyu_TKbEn1S1oQCv6AFgaP9tBB-0dRYOQV0UovwmtZYEv8BfRdsRrWXD98t8A0613YMs0TzxFVcdGORe-nnW88nCAT8W79ZIYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=8560350861175502000&adk=2465470143&idt=169&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19135
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame 0DEF 29 KB
11 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19135
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0DEF 41 KB
15 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19136
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6E01
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

43 B
766 B

33ms
33ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUYV6BtFpXJ3ky4s7ACWC0wVfRrzD4ykJo2jvf4yR3GegJRVhWBQ92GkoITSvTaOni2F6PzugMMNMAPTdEh_bsz7WmXnkZ6NHkNhLZvsZm_KyEmNoWzCRPa2kMxVG5F9i6S50Do54kDRxTWqxIm3piUvXLjlMB6p-AAry4_xVFKduSr3nQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=492
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6E01
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJH54hJYL5K9sBrBhMALKwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

43 B
766 B

38ms
32ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUYV6BtFpXJ3ky4s7ACWC0wVfRrzD4ykJo2jvf4yR3GegJRVhWBQ92GkoITSvTaOni2F6PzugMMNMAPTdEh_bsz7WmXnkZ6NHkNhLZvsZm_KyEmNoWzCRPa2kMxVG5F9i6S50Do54kDRxTWqxIm3piUvXLjlMB6p-AAry4_xVFKduSr3nQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=490
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6E01
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

43 B
1 KB

47ms
47ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUYV6BtFpXJ3ky4s7ACWC0wVfRrzD4ykJo2jvf4yR3GegJRVhWBQ92GkoITSvTaOni2F6PzugMMNMAPTdEh_bsz7WmXnkZ6NHkNhLZvsZm_KyEmNoWzCRPa2kMxVG5F9i6S50Do54kDRxTWqxIm3piUvXLjlMB6p-AAry4_xVFKduSr3nQ

Protocol

HTTP/1.1

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
AN-X-Request-Uuid: 3224c09f-54a4-4515-8837-0b8ee929b35f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 193.32.248.225; 193.32.248.225; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6E01
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

170 B
188 B

69ms
69ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.32.248.225; 193.32.248.225; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 1d24bb77-4eb3-4400-b747-672d6c68b564
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4419 624 B
242 B 100ms
98ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNX5gP7qKxLluQkEmctnCg5cHyosYYLrubo5AfXxmqFTL1cOiwM0hvhF9wbt2kX6LXLBUibXA2GwZwaqSmS24vAw6ZDYADNhtX9N1T9TSClbEdJ34FK2RfWiQaF_A6PVba16bMPqYd1AFp6iG0kBHFwoas6T31i3i2zb3fY0rfP9yZNDQfk

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F89D 78 KB
27 KB 153ms
153ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F89D 42 B
63 B 91ms
90ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A5o2S69tvlanQbH25acABndC5kFFD4IaxhAu0pzD1SOAv1KyuowGX7Laz3125v3b_M3gC8pr0Yu_l2-w3EPIQPIpkfWTRNyFMcb_vBwO6987ulI_Y

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F89D 0
20 B 92ms
91ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10527883180974056934&x=1&ct=76

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame F89D 3 KB
1 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame F89D 19 KB
8 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F89D 178 KB
56 KB 137ms
137ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:31 GMT

GET
DATA 200
OK truncated
/ Frame 0DEF 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb089c5a7618a9477353359ea6e6417666f0cc0b8238e95196b19e3dab57403a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 4A64 0
209 B 72ms
71ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687288289347&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 20 Jun 2023 19:11:31 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B832 0
20 B 97ms
92ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4382357742510&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B832 0
20 B 97ms
92ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4382357742510&version=m202301230201&ct=77&x=1&cor=16543211641003719000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B832 15 KB
11 KB 107ms
104ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjvMueuZU-y6Aqpi6ywA0zfPvrZomGIVl9irBYu3NPS7x1veQGxsl4_fllteIMlBB4B1FjAq-iXS9dJ150Nd6OrdE0Rk4qQHtJezXdu4SyYXo2BU7KfWmOWkbXS3GP3G18YjIKwE78Go99eaWdLUG-CCkyOjL09z3ZAgEMofA756UQ1zE&cry=1&dbm_d=AKAmf-A512OLbBOdhl39VjAEzsyrCVr38WEaBLOC7HT4mBJVkgkDkfZfWtr4mV1jX8U-DeKW4UGNXzCJLPJvg_jqhwJNvGPeYrBcMg2R_9bp_z13mueZOKt6EOUajQRDZsPnlQq3zdMgShU5Eq7I8c3joLfLEMD4qE4sQ04vPD7d76mZn50c_pXEzwJHgtopxgwn_yD6WgZZcn8bRy9V5CKKJLdUeZsCVoXozJcXE11lop4Or25nJ8gmeLJV6mXM5MFvFfQS2P04fpGYBAzLeTbV0TlPKbSl3eZCkkcjxMOALCKNVDMgy-enwVB4GVgGptGmkh2hfs9mNtgSfqYf1-ivB6Qm_G_gcuGbEqDfFwVe6RAc_PYzwzVgZLuupeQRyMnIRly-yQCNwTiya3Lz_cfbxz4z-ZbUVfnU207lR4VPfFz1aFU_yPCG-i34n5dORIrhC6BCix3N6Hbcx-dp42dzndXW0Hp1ds7InFdQqTmNBYePuH-0T7n_KFgdFOXEUolMXrIGlv2QWaHqGPOdltDfFSMSCDBemupNOLwcwgGfOsA8p9H1XqqWKNazw869uG3ROpC8WrKPzADSliHreCkLMdGF-SmyzgQyNJOhM9Uu0LFEqHA2MDwPzQyJmDhXIBU_r3vNCz8Lg90bmshDsep5CpV7naReWoud_Pue5vJkvdlWgMM2d4toZLiN7j763tB-dIErvpGZpZThgx3SHr3Fp8ob0jTD1_Lcm_jpe5MnWp6qWYVnsugC7OxM_gSTsL2m-TiGJgsNiRQqH_TE4BjCQAGMmG0mW2UI0r5QlQ7Tl-eRF42XPCN9XxXLUQtvD9XtXeA3qA3GtwlCJ2moJp3PwHbwCguNMRmSuiX7NzgdoGycokivHRH2sHsCXIyLJ7AfM1zrWl8UwvB9SQX_q5ZWjGf-zHc9o2f7iTeY8iapNvQjbM5WNSepgFN9DFrzDzWCSrcOkMQ8PWE7pM6KxLCno-iAx5NvZ86mq4XMN5ED7mlmwPUxSjbUErROef5nriSybmD2RibrdaEyYeVt19tdIqF2P4ExgghSrqYB2oRHHmnkPHZvDFjW8h3iY8P7Mvl7z_qALmDxIQ9x19RrKgJF8X1I8hMz0V0Kg6vhOBRkTl7ZIaMkcsBDO4k-TRiud3XCa0u_bJCP8S8SIVjf7FApKACpclsSrghOCCuxLGKJSL_kAucVIEUsqd8CWoMiKwzrWfY10YAipqF68Imza_JqhWMgcXEymo2OGzEhmby7j_OtXQy1YCXcLP50ZgUvCAp8f8fBgAt2-mIH8mMLT87gLisYTZXLInVVZx4IbC6j_R2M6YMviGiVVfbMvElPIaV9PzJusbyHkJd_MMzEFnUQfCq9Xu2AjG6cVBYUsdA0d1v9SQBixwdl3wnWCsHoruhp4UX6UUBL-PWchxLzZSzzoEEiZXGHsECF1kNiQDV-RBHM6ZmPvCRadwWjh3clqlzhKaTW3cKAJXwEmVvkVpauPDl3uYkPjxz5MUSlBmdo1II70UldVYRO1_MxqHDKAbkCvy2dokiwHfWipNWlevcWXiwHLumvzeH76lWC8fBzWFR0rS1-W11fZ8HObDHPoGNQaSjQQOmlwBv4MdeQzF-OJrJP_EuTNLK-mbBab_7WShjBhrsh2kYcZ4XScb0dLxJ6Kpc0Dn8PfxfGlgK5SB8uoC4A30C-fONhzgSliPrMpxd5ir8tE6_Q0Z6QYtZD3j3Xqlv00LGLA9iNd8CodN0hM223sT4xIWwwbEOugz38vgB7zDS5xuZHgnSIxukyv-Nomk2VdMlfQniqZ0LwFbYmNl3RHt6oZISVYrNcG2Fle4BYFNkppNUELp5IxkZU9E4yGA9AaYA9HJ1p0edO53La7NKoYR86MGBbMppp85kedBondJu3GmSHn1cm0xUVpYxUZN5NSNcraWDxeZtK_lum2FogNRHXt057A3KCZwHkD9jj0Vt59swEJ5ZhU7QxIkpozBUqjC2ymYhb9vKuKCYvob1r4GkKFyhlc4_1U2aNxi44EdVZpSzyxSc900iQHwiQFAf1Qb-TtdYGDMAkpz-Ub4g25C6_L7CZejcZ8ySy-yc1CZnfPCFQAffoXRzNJeiTUjiUDna1HKj3X4X9KCk69bVi-cxZyq8T_iipWP3lQU6C4Fvfu0e9fJGn9aoTVrQ7mD00bSZKL02wulDwUlfhZPg7QXYrEvg6J6GSC5ZKhpwjDN7TPJKno170HANXu4OKkO44LjMvqFPvHHjaOMuV5UQ-8IirLfES-Dg1n1RXZlnjdlXjjbyUbItJYOEMDmaXjtmZIX2XTGHYc80uKxNj2BDB7DPRFiUNvQQwz2ceBKfDlAiwUpCTpqhYq444FDc7pkMRDXrWZZ22-Hn8J2WUY0vbL8MOc72_3XGGsnH7Yv97BY-6ixM46M5jrtflTh8LuBQ7d0bVi94ZP_lkqKquDGz7kYcBaBShY3Mxr7KnBR4hQJakcox8wIA0Cx5ZcapO14aB3bX3pF2jfjRfNhX_mUGNvGW61Q_bADgF_3728xxFsjJb-gZ9zMZVy3JLO7ZFAFZ1GNVF3BvLvv3w9qKgRmiia6vyUW9FF7Mfpwgog2pYCLB-0R4aLBeZiYLBxxh1h5y-Qlsu9m7sh1QC1BSNytruENfpSbBpyOyL0Sau5Bqw4a1kgiH0YlVnsp6uC6eYKojJci05lVewIn_oe67YnEajmZ2Cl01To6qlRn7mLwKNpT8JF2Jqhda5hQQfTglmh6F0II7IrIl64lTdfMhQeaBrPfPQmnXQtEoXoqXeoyDGSy2Aa8WFB0M1J3teQnIkHz0uh-XunWqR4dR4Znzs-vaZmmSvspuevPwwp8pgoJkn1AdB-fF_ySDclFPZk5PAgSLydxQ0VSsex_4Cv0EpklawZtp4LGmLyT2nXrENjQOKCoGDSUG_rz7wD9O59tMQsy8Wqll3OkTi2N8rm3oEU4watMK1qioilHi54hXhpixCjjXK8b816xEANgMVebiJlDC2lSKQ7WosPs8Fe4E8jD4HpH97zjgPFuAvSVyxiyUPhUA6y0Q7LLYnVi0DwKY0prSkCRiZxGiWqm7u2rCtczjXYOr4nbFR2QtC8Mmmi-Rdweb7rHexUz-J5b8Nl_s-7QT9k_lIM671oSHTRTJ2SABPUfPI4WmhNdGYy8qFneWwRpRwLBgJVXTnqRLGkBCOU9U0MU5txpucXAsnwVJyg-NPfKstdRv153ZMFnK8QbVB3V_bIQ2kxB2LF6JYo1V9Ymge_LupK4YjjPICwbgvjtKXv7pBwcsYKSMJfskZRfFDQBgFiPkg_i32dPpcPm1Vkye3xDQ0JXC6QfH69d6GIgpFK6cW2seTrLmZlOaGoFNbNaVy3XGUqFq6IbH-Fvmy1xYHj8yFJLdS5tKlocNbfyIuZRG6Sg0l_PoG34Gstc9zliHsQ7PSzyvuVJOklCLghTfjFyGflg3oGWaXtlSUCisA2T9FD7gXIzgM2DAbEzBZ65q6oRPjE7talcZubWbpp6mUYjVbpLsS5UQydc3R5pTHlekm-MKPkDox7Sa6_bFFQILl-pg_wD8oSwEQl7bl-4a_AsxC8D6EHvYtS4Oq3pRfc4pQqDr3pN_67bp2AKfmKBnyEZ3wCtmqm9vstl8uprjSZ9YocnfEcshZ2LWfxna5XK-_PJeheBW0YGwPAmP1cSfNxSm_Ns-gzyk1JU6xWfuVc-tA11eZtxEniRZvsQY0j9y0RK4phQDwNO4Um4YGmquw2SWlAOEBdKamDeo0HhAF_HrX-SAPgM4XAcbZ52StVukQDy98bxQT1KygUMu6SEGu51aCk1vs_rtLOWFbLNH5YE5f&cid=CAQSbQBygQiDyAh1saSFVG_GM6BilNLMmNaurqSqTEcuFyvaVMwERAoArqKqbJchhLyf9cf9S3n48j0VHOu6p9elhlMLTrczalcYytv-z2sTlvQhP-1jMhN2xOxqRCRADqUWjsbRmogW8fQpJVtS2XMYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16543211641003719000&adk=3587751834&idt=129&cac=0&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

121b5c36bb482b2baa0a42a029a50881a6677e146f4f7ddc006df6938f13635b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11271
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900010.redintelligence.net/ Frame DE29 4 KB
2 KB 101ms
36ms Document
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/request_content.php?s=49689900114510704444554012361010&a=09b9c55f
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=fab8f966e2&subid=&uid=f5b78403d2092dcd&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVw74vmRZM-NDvGj9u8Pt4CniAem5b2gaa2VnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpArJnLxtrSbI-qAMBqgTdAU_QZcbRNo4TG_MKVtUggRUvo7-SO2Nt3hpft39QXxiWNXSwaEEU1INKyJhTmB-fkkkHR8N4sFNtqzHSlw5uVyTWpU4Z8Y-etiYJQdYKpqbW5y76dhXc4hu_3f19KJqyy-6xR0B6vzpMlI0N2sJXZiF8D2IVfJIotk4um_5j2oxIvBHcEtFB4RZKmVs3w3W2NTsTNuT9AvfpLccOpXbZso0nqW1gcHU7jE9ggs8zCmx76BUWjCZHkiyNIzjYwm2TxaP-TbpbCuePYA2cQVYBxqM_hdNDl5f7OuV_xfj7wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGiDAgqBgoEw7CxArATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD7fO3vghAvWc9IAAQha7oqDGP92gX6i0dYudvxrDuAShJ_MfEs1_nzt9_FUqP5KEeYetkgHEaB1RDVoiOHNJGiySV6gqu_Y2i1d_qeV2s-2YA6afQk6XO0wyQZdQjWxkha28Z_4opHN8YAQ%26sig%3DAOD64_0iZW8Aqj8F4ECW8A1tFrja6jWcAA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-AxDZGLTcLZfyPtqtbXJlIOOjrx4AMCiZbtygDnMfPacQ_wQ0oPcFENsiCpBdAg29JdtKLs07tokg4n3lnNbAmj4jhUDX1enYWQPEcojEIpGV2Rrb3FjMtJnWdVoWmY8k3IeGcDznJUUshRYzz0sxZAt7u63dRsKbgcebUvVdlCL8VcPa8%26cry%3D1%26dbm_d%3DAKAmf-Cm9OsjrHir-pf-tezHz_eTb-o9_g5VPAxKeC83xTC7wI2dneX51eaa_fIYhn7a5CtMXbnTFvbFHJ_rkZ767ZI1hna6yaRJaIhcvu5ZiS2kIntqc84Tj95RWpxGd0qPYNOSp5c8Wrt7LutI3_M1o4r8g6uHuf0rKa29eWQ1T0CU_oBAJoK-8YD1C13usHur5qWO0DPxfiv99xbUBdXIUGX-hWqriZQwjGIPF7m1OfORG87-CC4z-6hPJaRGoaw83wow-hl90J5982h1v7IXmCGXC3aTKSumfptOTQ9yn7TrCLYr--4LgywlunkSaqZj9i-LM-Fuuq57KCNPEVew3ck6BOiMlOSkBpK36QXhyL18POJIZvMAWBhVa7Iay2_OS8kZeo7zCOl6iuHDtTeY-A6n2AdAGqByq9RcGFXdstu4-wu2K9yJRqgWX1FwR8xWiKLvJRulaGcTiNId73cIHcfCvkUdeQeEAd42oLzw-kM_Nd3lPMQybYmgBsnTkXs24WDzsmi2NoeXFGqbZBueEW_SIzF7vKECSekD4piQ3vM5YIGpTc4%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=3319256647040&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c112c1f7de730b83ca79b9f326eea8637479d4da6bf0a0328a58bf12a648eee5

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1503
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Jun 2023 19:11:31 GMT
Expires: Tue, 20 Jun 2023 20:11:31 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4419
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

43 B
766 B

33ms
32ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNX5gP7qKxLluQkEmctnCg5cHyosYYLrubo5AfXxmqFTL1cOiwM0hvhF9wbt2kX6LXLBUibXA2GwZwaqSmS24vAw6ZDYADNhtX9N1T9TSClbEdJ34FK2RfWiQaF_A6PVba16bMPqYd1AFp6iG0kBHFwoas6T31i3i2zb3fY0rfP9yZNDQfk
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=489
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4419
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJH54hJYL5K9sBrBhMALKwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1

43 B
766 B

32ms
32ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNX5gP7qKxLluQkEmctnCg5cHyosYYLrubo5AfXxmqFTL1cOiwM0hvhF9wbt2kX6LXLBUibXA2GwZwaqSmS24vAw6ZDYADNhtX9N1T9TSClbEdJ34FK2RfWiQaF_A6PVba16bMPqYd1AFp6iG0kBHFwoas6T31i3i2zb3fY0rfP9yZNDQfk
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=488
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEctb1j9G6q3QC3FI57YK3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 4419
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

43 B
1 KB

53ms
52ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNX5gP7qKxLluQkEmctnCg5cHyosYYLrubo5AfXxmqFTL1cOiwM0hvhF9wbt2kX6LXLBUibXA2GwZwaqSmS24vAw6ZDYADNhtX9N1T9TSClbEdJ34FK2RfWiQaF_A6PVba16bMPqYd1AFp6iG0kBHFwoas6T31i3i2zb3fY0rfP9yZNDQfk

Protocol

HTTP/1.1

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:31 GMT
AN-X-Request-Uuid: df05391f-c1b8-45a3-886e-6cb9e5e51a42
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 193.32.248.225; 193.32.248.225; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBf9OSZFxTSelETQkLUy72U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4419
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

170 B
188 B

69ms
69ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.32.248.225; 193.32.248.225; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 557a8899-dc00-46c2-8be6-200915e3a75a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxODU1NzE2NzE2NDAwNTc4NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C205 22 KB
8 KB 58ms
57ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19104
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0A5E 6 KB
3 KB 58ms
57ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:30 GMT
expires: Wed, 19 Jun 2024 19:11:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 206 Philips_utu_DB.mp4
rek-n18.nktcdn.com/data/ads/mockups/philips/ Frame 4A64 3 MB
0 70ms
69ms Media
video/mp4 185.7.176.218
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://rek-n18.nktcdn.com/data/ads/mockups/philips/Philips_utu_DB.mp4
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.218 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

Referer: https://ye-mek.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Range: bytes=65536-

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
last-modified: Wed, 19 Apr 2023 06:23:17 GMT
server: openresty/1.15.8.3
x-amz-request-id: tx00000000000000c6ef474-00649156f7-9e2f20a7-default
content-type: video/mp4
Content-Range: bytes 65536-2913708/2913709
cache-control: max-age=5184000
Content-Length: 2848173

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0908 0
20 B 95ms
94ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B16Ig4vmRZI3rNpiQ3wOfm5bYCgAAAAA4AeAEAg&bg=!SkmlSR3NAAaGYqkwpmI7ADkAdvg8WlxGlex8JHAcHk8aXoAU_lHtLIEUj9y3uzT7RDGy4N58U48sijx0vWXuVvPnlhO4NfWvlToCAAAA7VIAAAAEaAEHmQNRPMMB2HYCLoY3ELBat4dJHmrec0UoaSKO1I1CTGvhkBieWay_Q3rsWTIMOHXt2_zV9DjNHKTaEfoqMeBgRZi7zwS5G6afBtp0RkpYsZsf-2dQgc7Qsvnjtbj-Pd9lcgp43-qhJ361Tu0bsUgR_RCmDxfTNaUtQY9JBahl_l6a82ScD-9ZdO-5Rh-CdV4dBaqdYEZhRiPtsih4kntQ8fROH2jdtnqnTk9_fqpLB4-bx_2VipM2oiyZ5Mv-x2PjAqAqhm3ZkLuDrMYt7lRaO5yfo9_b_hTEAjGiRpfaVCQSAdY_otHO_OZ-wRHXSLs3-SqF78Ro_4F0wW-uUEAe5aApuvbzKv1FQhiepbdjaDNengZ6KKWT-yTocA7i8eUu2JAgAlIY5dV67tLXYkvF6OzqYoBqHxoqYyVuAYZQry4ank0nEgmdKMkJ8r6hmMYUN7PMc8NCgLEv3awJu-GbSTXbcyOdcTnD2454qgaBZT3DTF3ZBc_3ZFjlqzJn0RmvwZu0WSTGYHKPueto5i-mcVlZIQ0aYiloUDzg0ctieK6YjNwAwj513GdwYZxr6_skDI7NtAR0c3-jRADR32OWMhcdPzWZr7NS9gCTvZgAYVQTOLQVXgB8W5trIHtWJkwo7jZrjpMvqI3Buh4Kym8tbx4Eh2kdMUEYMwf--WmGRLz6uPy4QkoB0JoEpdjEzn8KUVR7H87PJtok1W0iRXkPQ0rt3TF635ZgJaeUZNpiqqzYExsGJK67r91CPx02sA6X43U1DofhgUAqnWsG5bn4ruwIC-Eyv4xFSbRbOb0WEOtBQqCds8wdtSAF22ZS-75njuJlahoMp-2aeBkFVKDO6-keGVj8u_KaRxJnrafh6WglgZpnIV_12ecuaD_vJplR7f4JHKM-MGX9ExaaLpQ6pyh0KHzYuMCgblyZi3MrEpZ3xVdY2g_N-cZEKSffbbGSsYvRCcV4CQ-dSDYTAdveC2f94u1hpOG31p1WYPFO64CD2mgOo2PyLkmnwRQyfqe9IArgBbxf5Tr9r46Erb_gAw82aW8OjCzhaujNONeWhM4i6RcE3AuQIlW7ksdlG6wVGhECwRYuNUC5C1CBn2S4BCLYF0_8y7RyDcuz-bFraJstIwK2

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F89D 0
20 B 92ms
92ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9979453699131&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F89D 0
20 B 93ms
92ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9979453699131&version=m202301230201&ct=76&x=1&cor=10527883180974057000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F89D 102 KB
39 KB 110ms
109ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-APim2bViBn0EyUUf6ovyfOWSFLtk8UepEQMbA5PnawseDOvjEKiHhlOJSZ0SaLbFA3N_3ucpM_eR95n0DrVSJDpuBgeTd18WqxJHLfQk2L37Sbf-3CeZoFtxKX1IXUiXUTFiPQ4XrZqClll0j0IbCB_k5SlrKRt8fWlm9-N9CcOODZur0&dbm_d=AKAmf-CQpvvjqxCjC2vFCY7s__wWZNzcpsgfwbWEssC4b-v0M-r3a71lZFr8YizwuD8-yXpdK4VyEExXVcf0NLu-tbrU3g7fSetK2oY2tjVW9HHDKa1werR0PgY8onU2RbMiHXzJ4hq23cwhiLbMBYn0-nGIgUOW9UZscZKQD07nJ8RXNckTl3JL2OnZ62lv9PXMLYYMvLG3fBWsrmhh0yJxBxP8EHn3HVio3CDieCKIs6-n8q2tBDFJTNOg-X1wVCqaebrFVu9e6NeLUiVoj8OQL-vOi185PjdWhsUotUVE1GQ5TYaIS_qfH-bMJvbUMGXbiCCrei46xlJWig7kiWXxWv5pzOGvNhP6m2_d7w_iXjhgZHfrK7c-Dte3QvWS4RJjq1gffJsW5XxtViwcRkCimICUVIqWyjw4uhqeeWfKuWLhFy7PAI5hqMFqURgtWa8UOrb3VbzxW6erfeU0TpC0mxJmifuQIQw6B82IsvAzsJO8qxhhfoCwCDU_wLJpOXoTSzI_LH5rGt_IE7HyG8n7Ux8Xbz_7QZoUlbZy3dZslf47bIL1NXbGtgBdBK76gwJ8RjJgeSdY00oKIFfu1dyZdRkuxN0LO5_u9F2I7VVIbUqTZSFCvUce9Rp5PXd_jhYXWcJusQZY1grXjeX_kJ8gMKW-VyV1MSWPx1srJFekmdTHSqMVhm6oF4qWjLHa2eqBdCujk_tp7Wxyiif2cKQGXffgQhxdxHJCTnctHxNp_iScxxzsyvo-p_7u-IH-o8QIT8lEIHDUBcEesU4PszzptjYbQHUINpMA5GABXldqc-Qoz9_WovzL7EO_q7Lwov83LR77RLH7b3BSaBWbfpXILleeVA3AabLlZ7rYsWE8SY84O2CG8gsXpdMpW40oh6rGNeJEg0QUh3y5u5jw2gGCxYHrShKarpI7HHpa4jlHZEvTiz1GIw8jeJVtKGRYGujY_AIyuSoFUq49i-XRblsZEaZ3RFB2ZDwDft9bEZRRBfkED8tRwqZGQmxd5y20kKyON54xRu6TjAUc1rTd6p7uQA3hDao8CUnjGrAHarSIcbIhiB96oM0BwzGuSt7QBU5VXrHSyTEdPNhRAc_M88uVjA145veCgCRoHcLU2CnUIHE4y8FFlzSRD8xk8gzDqqi4GrkZI8MJvXAehcqww7GfhoORBVsjeNvSTZIHutYeq75C-Tiv_SfKzamh2qDlDkAmUGReFxnKtn8JF8w4XadfN4xmYijx1W-l0Cc90xVMEcLl8NXRU22PAg04uAlKgBIQIW2gJaY4tWM3Q5x7oV7xsS_unHiqy7Nb2we7hDyxvLIt_tTV2fZ_6uA0JM3766lOIgx9EWI4FVKfozQGzMgkKeEHU-oQSmY0bq7fgTv8MfcTE110L4RyQyEyYcJs6Fr4C8QzYBfDgacBx1xr764gfnbixyQpY9Wk9pjuY2XS95BBMRWhICQH5Yvp-RJqEZsiBVHFldkzSHN63WzMoVQrc3jsIu4Fg35ijFNISe3UmiEHZwKhOkAazptkKyAdddS_24FS6rU19oeM4H2X4Qf0VS8iQ6xPiydOFpFCL0RowxVEek05XqCdYszVoOXqGGYz6wIQRhTnDtiw7NOGURHqT1p1Tv7Dsbb7sMFLMtrwic58UwrHZTOn4bt-JFzWO-N6IqGNNZwUYMYCQlZzvz8c9Ht1S1XjzmEFOQ5O9_l0WtzoVST-4mC-hsUjjMM8p3zNyvh9WdolLMfNZizXohHYniRui1pw8izRZgTk64YY2k4regkIc3tikFuXv3Dc5Pw4rI3FYo1ma7zVrlBl5IGdZkai-JnfXk3sN7tgjGMv2SVWaX5nva_c1l_9tuJvb74fd1_aKBsskn4z4TL-AysWL6VtOpw1Cy_tTLj96jLWxh3ln8OlppOBOuiHS6OvJ5lANAWmh_LjcMjUQPKywZ8ZVAhI9f6LBWyygjXtr2D-Y0j0jwNF-lIZAFM8NRY-YVmDBfBVFIqWTw5jjpaSX52AuiXUrLNF0_GC7lcVX8hsNUX7ZQH2RRuUGwo6fM2zh-PQbOx30sg5riTY49zZShDVbnONDfWRgJVmsMKt5m0eaq_JbmMcQRKX-nsmIWKSiuUQiMEqojRpvLCdlXmA1rx9Wj0by_8bHk1InGiXtG8ZX0ll3WztA6FiMTl0IFXuGJ92-yNCZud3IUPq_gNZYbDFWhp9SQOmV5P5pmGFOMRi_OM4ilbPYyr0r0K9p-NKzUyzAYGZ8TEWCCX83p1pLqZ-rSHLGsViUWveSzl5bSmSiTrUOxYe_k_9QKud6MzvOa2H-k4tvjMvFINFuQsmwIkCWi1oEmEpwT-ztlUSfFuXoE-kUmLZk0iwgk6N3WGb9oo-HtRtYxqPsDwKRXH_6IXhAH-tXVuP_da8SZqeM3KMUl1cebVibggU5OVZMx0OofkU7AMSBaYVp5mp2mEYq69fEr6O5u4mlZMkdTJxJMucXQZ3iPUTY5bHLkduGpWf8o5911YVV5cxTmYgjVJxFPzjbbCX8Spyw4oGvfKkUlbiLIua333EHQ8F1H8PXjIXPOBBMzt3TGE_H4YtIxj5MQWtQyeTLOAOT3wTupOM4X50UVmSbQTZ9njAzpM9-0GM55IB832xctO5tdrbKUhMCUNxBRjdtSVxwUQvRHDQTVeKHeArO-ZBm1ILuCINE9T394Bd7tb4ZfUFcQ0vhjbTQdH8eIg0QQKCq4OzpcbzHjYFb8JwmDvlAK3Jd2nFqP9YK4P8XLkvhky2lH59n-mbx1p72_23WJxp-XPCrslVK03JtQPuULVU0aUgP_ZaVzAqiHz4ZyHYV7fGI2Pl2lByCNJKcoilJPV33YL6N3rtjTIRMB_23P4iCNnajSGDIG7X4aPYfLu6eQpBQUWrxpwqckkzMHtTCBGpVszVIarb_Tsx326y7WcOaGm3BfLLDIhEe_C41pCIDJt5FhJzW3_4dryjYg1lev-RF6-D51dfv6oXBZ91XfyAlGmyrtqsUXvwftEzxGizpmN_i9UxYOomyZ22-hC7rPsIlMypMxZDk_zlfxV4NbE2SpLWI0gi70KBNjFr8nid6Fmmwv6VjEWFgV-WyfKrj0lSRHQtTio6QofnU0G8n4SIxyyFmT_C13GziDgF438czP6GiIZdmcEIciCuypVC2T6p5XmGmwC16qEc0_cNXJvHXn5tmK95iiebh0SgB-7tzxfkLlL7_QTL53MqcXMyvWRwiCB9mqcchOw0m4CSvn0Rd0DFvGJYGca8ZvNAfYyeiYBgMKHILyLvJF57JMOyOKM6cMsXzQcUs1hfBlUIjwR7n_IvjqiZQNak9hHjoYWG_4VfBOBkjjNTzFcnn7Vuz25sgL7N56S8w_OXQGzIB7Ktq1fJZc5jJbylnEBojymVfrZ_lLAkaN5IQBDOSFvA7ixYFW_5fM8lXsoxyy3S-G755Q3BGCyOxS8qBc3BtdCRjduU_d3VtNaF3_lQNacbeFgDGZYAMjSSjgaAyC2CHq-GqtoLhczdecJW5Gy-L_jouPbk&cid=CAQSbQBygQiDMlfLdNA3KLb0engykOYAbpBex0MBrFC-w_fn19OFKClRC3qG2KCanllAUdV481ojSH8G-ZTUEc45uDdSFTAxa8s-1uxIkHgdcMTb3u3CDVqSRU8kIk50Eg8152peCRhaqIqCLQ0C2koYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10527883180974057000&adk=578009112&idt=161&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8c97c35f12db805f2fa944ec2b244da0bed07006f30d3e76560e784ad2b3fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40047
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK S-300x250.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame DE29 70 KB
71 KB 171ms
56ms Image
image/gif 51.75.147.170

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-300x250.gif
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=49689900114510704444554012361010&a=09b9c55f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 8aa79a5d6fdffd63c26f013cd8f1bcb12ed624ef714702b5850cc30b673e6a37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-119bc"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 72124

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B832 41 KB
15 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjvMueuZU-y6Aqpi6ywA0zfPvrZomGIVl9irBYu3NPS7x1veQGxsl4_fllteIMlBB4B1FjAq-iXS9dJ150Nd6OrdE0Rk4qQHtJezXdu4SyYXo2BU7KfWmOWkbXS3GP3G18YjIKwE78Go99eaWdLUG-CCkyOjL09z3ZAgEMofA756UQ1zE&cry=1&dbm_d=AKAmf-A512OLbBOdhl39VjAEzsyrCVr38WEaBLOC7HT4mBJVkgkDkfZfWtr4mV1jX8U-DeKW4UGNXzCJLPJvg_jqhwJNvGPeYrBcMg2R_9bp_z13mueZOKt6EOUajQRDZsPnlQq3zdMgShU5Eq7I8c3joLfLEMD4qE4sQ04vPD7d76mZn50c_pXEzwJHgtopxgwn_yD6WgZZcn8bRy9V5CKKJLdUeZsCVoXozJcXE11lop4Or25nJ8gmeLJV6mXM5MFvFfQS2P04fpGYBAzLeTbV0TlPKbSl3eZCkkcjxMOALCKNVDMgy-enwVB4GVgGptGmkh2hfs9mNtgSfqYf1-ivB6Qm_G_gcuGbEqDfFwVe6RAc_PYzwzVgZLuupeQRyMnIRly-yQCNwTiya3Lz_cfbxz4z-ZbUVfnU207lR4VPfFz1aFU_yPCG-i34n5dORIrhC6BCix3N6Hbcx-dp42dzndXW0Hp1ds7InFdQqTmNBYePuH-0T7n_KFgdFOXEUolMXrIGlv2QWaHqGPOdltDfFSMSCDBemupNOLwcwgGfOsA8p9H1XqqWKNazw869uG3ROpC8WrKPzADSliHreCkLMdGF-SmyzgQyNJOhM9Uu0LFEqHA2MDwPzQyJmDhXIBU_r3vNCz8Lg90bmshDsep5CpV7naReWoud_Pue5vJkvdlWgMM2d4toZLiN7j763tB-dIErvpGZpZThgx3SHr3Fp8ob0jTD1_Lcm_jpe5MnWp6qWYVnsugC7OxM_gSTsL2m-TiGJgsNiRQqH_TE4BjCQAGMmG0mW2UI0r5QlQ7Tl-eRF42XPCN9XxXLUQtvD9XtXeA3qA3GtwlCJ2moJp3PwHbwCguNMRmSuiX7NzgdoGycokivHRH2sHsCXIyLJ7AfM1zrWl8UwvB9SQX_q5ZWjGf-zHc9o2f7iTeY8iapNvQjbM5WNSepgFN9DFrzDzWCSrcOkMQ8PWE7pM6KxLCno-iAx5NvZ86mq4XMN5ED7mlmwPUxSjbUErROef5nriSybmD2RibrdaEyYeVt19tdIqF2P4ExgghSrqYB2oRHHmnkPHZvDFjW8h3iY8P7Mvl7z_qALmDxIQ9x19RrKgJF8X1I8hMz0V0Kg6vhOBRkTl7ZIaMkcsBDO4k-TRiud3XCa0u_bJCP8S8SIVjf7FApKACpclsSrghOCCuxLGKJSL_kAucVIEUsqd8CWoMiKwzrWfY10YAipqF68Imza_JqhWMgcXEymo2OGzEhmby7j_OtXQy1YCXcLP50ZgUvCAp8f8fBgAt2-mIH8mMLT87gLisYTZXLInVVZx4IbC6j_R2M6YMviGiVVfbMvElPIaV9PzJusbyHkJd_MMzEFnUQfCq9Xu2AjG6cVBYUsdA0d1v9SQBixwdl3wnWCsHoruhp4UX6UUBL-PWchxLzZSzzoEEiZXGHsECF1kNiQDV-RBHM6ZmPvCRadwWjh3clqlzhKaTW3cKAJXwEmVvkVpauPDl3uYkPjxz5MUSlBmdo1II70UldVYRO1_MxqHDKAbkCvy2dokiwHfWipNWlevcWXiwHLumvzeH76lWC8fBzWFR0rS1-W11fZ8HObDHPoGNQaSjQQOmlwBv4MdeQzF-OJrJP_EuTNLK-mbBab_7WShjBhrsh2kYcZ4XScb0dLxJ6Kpc0Dn8PfxfGlgK5SB8uoC4A30C-fONhzgSliPrMpxd5ir8tE6_Q0Z6QYtZD3j3Xqlv00LGLA9iNd8CodN0hM223sT4xIWwwbEOugz38vgB7zDS5xuZHgnSIxukyv-Nomk2VdMlfQniqZ0LwFbYmNl3RHt6oZISVYrNcG2Fle4BYFNkppNUELp5IxkZU9E4yGA9AaYA9HJ1p0edO53La7NKoYR86MGBbMppp85kedBondJu3GmSHn1cm0xUVpYxUZN5NSNcraWDxeZtK_lum2FogNRHXt057A3KCZwHkD9jj0Vt59swEJ5ZhU7QxIkpozBUqjC2ymYhb9vKuKCYvob1r4GkKFyhlc4_1U2aNxi44EdVZpSzyxSc900iQHwiQFAf1Qb-TtdYGDMAkpz-Ub4g25C6_L7CZejcZ8ySy-yc1CZnfPCFQAffoXRzNJeiTUjiUDna1HKj3X4X9KCk69bVi-cxZyq8T_iipWP3lQU6C4Fvfu0e9fJGn9aoTVrQ7mD00bSZKL02wulDwUlfhZPg7QXYrEvg6J6GSC5ZKhpwjDN7TPJKno170HANXu4OKkO44LjMvqFPvHHjaOMuV5UQ-8IirLfES-Dg1n1RXZlnjdlXjjbyUbItJYOEMDmaXjtmZIX2XTGHYc80uKxNj2BDB7DPRFiUNvQQwz2ceBKfDlAiwUpCTpqhYq444FDc7pkMRDXrWZZ22-Hn8J2WUY0vbL8MOc72_3XGGsnH7Yv97BY-6ixM46M5jrtflTh8LuBQ7d0bVi94ZP_lkqKquDGz7kYcBaBShY3Mxr7KnBR4hQJakcox8wIA0Cx5ZcapO14aB3bX3pF2jfjRfNhX_mUGNvGW61Q_bADgF_3728xxFsjJb-gZ9zMZVy3JLO7ZFAFZ1GNVF3BvLvv3w9qKgRmiia6vyUW9FF7Mfpwgog2pYCLB-0R4aLBeZiYLBxxh1h5y-Qlsu9m7sh1QC1BSNytruENfpSbBpyOyL0Sau5Bqw4a1kgiH0YlVnsp6uC6eYKojJci05lVewIn_oe67YnEajmZ2Cl01To6qlRn7mLwKNpT8JF2Jqhda5hQQfTglmh6F0II7IrIl64lTdfMhQeaBrPfPQmnXQtEoXoqXeoyDGSy2Aa8WFB0M1J3teQnIkHz0uh-XunWqR4dR4Znzs-vaZmmSvspuevPwwp8pgoJkn1AdB-fF_ySDclFPZk5PAgSLydxQ0VSsex_4Cv0EpklawZtp4LGmLyT2nXrENjQOKCoGDSUG_rz7wD9O59tMQsy8Wqll3OkTi2N8rm3oEU4watMK1qioilHi54hXhpixCjjXK8b816xEANgMVebiJlDC2lSKQ7WosPs8Fe4E8jD4HpH97zjgPFuAvSVyxiyUPhUA6y0Q7LLYnVi0DwKY0prSkCRiZxGiWqm7u2rCtczjXYOr4nbFR2QtC8Mmmi-Rdweb7rHexUz-J5b8Nl_s-7QT9k_lIM671oSHTRTJ2SABPUfPI4WmhNdGYy8qFneWwRpRwLBgJVXTnqRLGkBCOU9U0MU5txpucXAsnwVJyg-NPfKstdRv153ZMFnK8QbVB3V_bIQ2kxB2LF6JYo1V9Ymge_LupK4YjjPICwbgvjtKXv7pBwcsYKSMJfskZRfFDQBgFiPkg_i32dPpcPm1Vkye3xDQ0JXC6QfH69d6GIgpFK6cW2seTrLmZlOaGoFNbNaVy3XGUqFq6IbH-Fvmy1xYHj8yFJLdS5tKlocNbfyIuZRG6Sg0l_PoG34Gstc9zliHsQ7PSzyvuVJOklCLghTfjFyGflg3oGWaXtlSUCisA2T9FD7gXIzgM2DAbEzBZ65q6oRPjE7talcZubWbpp6mUYjVbpLsS5UQydc3R5pTHlekm-MKPkDox7Sa6_bFFQILl-pg_wD8oSwEQl7bl-4a_AsxC8D6EHvYtS4Oq3pRfc4pQqDr3pN_67bp2AKfmKBnyEZ3wCtmqm9vstl8uprjSZ9YocnfEcshZ2LWfxna5XK-_PJeheBW0YGwPAmP1cSfNxSm_Ns-gzyk1JU6xWfuVc-tA11eZtxEniRZvsQY0j9y0RK4phQDwNO4Um4YGmquw2SWlAOEBdKamDeo0HhAF_HrX-SAPgM4XAcbZ52StVukQDy98bxQT1KygUMu6SEGu51aCk1vs_rtLOWFbLNH5YE5f&cid=CAQSbQBygQiDyAh1saSFVG_GM6BilNLMmNaurqSqTEcuFyvaVMwERAoArqKqbJchhLyf9cf9S3n48j0VHOu6p9elhlMLTrczalcYytv-z2sTlvQhP-1jMhN2xOxqRCRADqUWjsbRmogW8fQpJVtS2XMYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16543211641003719000&adk=3587751834&idt=129&cac=0&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19136
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H/1.1 200
OK viewability Show response
hal900010.redintelligence.net/ Frame DE29 0
150 B 103ms
35ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/viewability?s=49689900114510704444554012361010&a=30ac80d3&vb=m
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=49689900114510704444554012361010&a=09b9c55f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/request_content.php?s=49689900114510704444554012361010&a=09b9c55f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame DE29 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame B832 11 KB
4 KB 107ms
39ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1687288290400264&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC4ToT4vmRZIi3GJmI9u8Pvoen6A6m5b2gaYWVnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpAn8mjTVLT7I-qAMBqgTZAU_QlJBwf1m85ca0V-vqPWZNcKEiEkk8XOXMtPniep6BX1INlLU9O5szljyfsCIkyksJWQTZE9DMUnDFHhlHzAmTiNnCozzHsRmybQTsF2GFJgrLh571xQHaurh18ZKziazkB-4MPdJHJkcoux1hCYdvdiHmari0kA7ZdLp6H8GbqHHlqNdw2wtTdlv6foutEuO9UJVbFbwvE8R3SzCh2LPn_Ag7RjayzGfkaXIyYAm1TUXHr9KuZSxIz_i7vS4h03Vf40f3dedanm3J3R5nXzek_2i6k2bKNZjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA5gLAcgLAYAMAaIMCCoGCgTDsLECsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDyAh1saSFVG_GM6BilNLMmNaurqSqTEcuFyvaVMwERAoArqKqbJchhLyf9cf9S3n48j0VHOu6p9elhlMLTrczalcYytv-z2sTlvQhP-1jMhN2xOxqRCRADqUWjsbRmogW8fQpJVtS2XMYAQ%26sig%3DAOD64_3ah4icI23wpu6x7mABZQ-4zMF6KQ%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DX-ghvOZv78skXTt_J2I4d2c_R8_cSxUGw4_77VRZOgbL8kNK0OS43uaH8ri3DEwAZjn6LFMoTgxW-AKYEx0BXEPzHeJfQ76dXCQBk3o1kW5utx75Hqb0qKomK6cUVnd9oDMlXos6wD-03UthvJ9Q_0I1rsZ9fknAEozRKvrBktCnPPjg%26cry%3D1%26dbm_d%3DAKAmf-BjWJYMmFCdg6TRcDK2Jin2JIq02DL6EBQtXKByTE2dLYHd_fJS5m0ctUXd37SfAfVji7qXhJyFcu3ZuFjmz49suZLnrhVjGP7NOQIYLx6SfLtOhiiIH8jmmyCyQPTBqpvLOjW2yl1cS_zfq_Iy-FNkp2wSGFElkcITtPPMxlBBJkOkL2tbzDYcuFBAy4vrNkGDUjA9ISvi8Wwtq2RxZzrERSOR1an5ZrgjQCdsdEwGl2Ban2xDhI4lx22QPWFhN2HgqzOZMAGTK63ClHFhJznXNH-MV5dDCLWlLRuiNB5C9SZEfK4Rh6n0v1sbWU__piUbX6L8qruJOaC2m7VEsH06-cKOCKEwfD-O5MFgeZZVI9j-YXxGzD1pw3ioWhcV3M9ueR_mI-vnkNVs-3vAlBILO5kYSSWcHzJBgCZWlNJlQiitJbkfwTk70OoAU3fMVDiVfGSu4cOiQmpToQRT92OEaKEj2HKoG1xPyS1HBBUWOWFha4yuvWoTJqYQETEeIrSZBFPJe8VdLnISzYN0MU5KPpNgk_FITXDyQ3fmQNH5MbhZSkU%26adurl%3D
Requested by: Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ec613680df874f20288643a4257c75fa8f1321ad59bc3f7907165315ae273952

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:31 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4182
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9FA9 640 B
265 B 103ms
101ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNWyD93E0llWBEIsQx3yUNf8B5-l6f5nRA6t9JMyIl69hfTFL-bcH0qta-1RmdYHr6tv5-z8oipewqVkbLTSU7JzcO6OK7Mq4vaoMyP59vhDZzbQC4_GRCwATf62DcnUTszVGc7i85Fq0g5uSIor7uAU_9-D8l7CRBqZXufcGvU0YbpaK0I

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:31 GMT
expires: Tue, 20 Jun 2023 19:11:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0A5E 78 KB
27 KB 182ms
181ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0A5E 42 B
63 B 99ms
97ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CSjXLSCQqj1MwQkMVVLiGpFyCTxDGpwIpFoiGzUZt2aJt9Cqeizjj5Pku5gBJCa1H2KEhVH6s18QwrJWdjech5kC2karA67IyzFNWmnefo_tXnmGc

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0A5E 0
20 B 99ms
97ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1544576638171286863&x=1&ct=76

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 0A5E 3 KB
1 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/ Frame 0A5E 19 KB
8 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:15:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8121
x-xss-protection: 0
server: cafe
etag: 8940155340736220798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:15:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0A5E 178 KB
56 KB 115ms
113ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:31 GMT

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame C205 37 KB
14 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104176
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Jun 2024 14:15:15 GMT

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/10596822557170597888/ Frame B1DC 47 KB
12 KB 364ms
63ms Document
text/html 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

8fb600b02fc75812932069a9f79b2132dffbca1cd735dd8f8613d0f2850046d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:32 GMT
expires: Wed, 19 Jun 2024 19:11:32 GMT
last-modified: Wed, 15 Feb 2023 15:46:51 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0DEF 0
0 406ms
112ms Fetch
image/gif 142.250.185.130

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssCMEQtaiNQgKy-elczv11dckNzrlcXx7k8SCRLDCTCEtS0mxI2LViCHJVKSjIR9FzJa8HwrVfmEA04j3Q1kNtJSNmK4vaXSurblw-YZg9K7iWQec97fKeQbdgnnPnG5F2YXXP4ObVlRj8sd1yLtQyjAWLizYB7-Z2LKNUqZwY5wXRtHzi3qZVJylwRnSVdN_44zKLCRtD95GqqsMLMJf3cO0Gukto_O8Cfn41PYXhcAZZ1XL_z-BmeXNuT91xdbvk2nIgZHBHqbX5i4BRdG00ulS2U9GNtzvCuWX3XayblsRIIUO5_VwF3-Fstq1LX-M8oCJiyRyfrV4cNArb_i-eP7dTjLcXcCY-MyHTMfkKROs2AM5NtKGI9C02RDikjM6Qfq_l9fyodGkHCPvbVSFQmIJm8E0diPyauUmOrs_OkfZcG0hiWGAlOmTkVOAcIqWK7WbAXyHRYiczOwOElEbfnQGRPHXpDNG15tda4Xm5ue6ygeCKjO9-5zsicQCW-FHllSALP3kbL6szqq4vAX3NYbT3UXRk6XGaW8WavtRSS8odbiawL5gSu5z6ByxeVl3SqafpPpMXTBFO9l7f2IXsB2d0i2cKue2E6QklNuSUyNkl-kLnOLXtkn_QNhwvutwdE3KCzV5AggRDN9NN_E8cR-Jxb9ptHKPsKlTIrdvFc3g-r6DtY2btz2WxsXRtnUZCfnpWrmnbCieK8J_fdKuLCOBgdHrfOp0gyc5EU78Y3CGeZye32smmvt36X6CJOmxpiqS9ZVpuIzIy5QVSpzIb251DYSQOhg9h2GWFCXRo3A5LI4BsHV36-RIgPblH8pMx1tQ29pMfPqHXIAPzIC7dLxlCCObPcdFDA-SDPzHNaGsbLmH3iSizKglp58dTFejq4J3Bckd4-DwcBT76xvbxGlqub_W5-hnSpnw2tY5mZMCF-MvMmMyGVRxNgkX41Yx7XZAAIm2XAxVRUZJTVxBk9b7i8rHvK3WgPTdhJ8phwEPob2HbZFvy-AcQmSJKVx555TulsMbyBBbdAKfSnFEDi_so4rV-ZsevLpHT0hJB1TDtLyDGqCM2N8JkyXDtn4AcMtpILEbVz0UahP6BVGKCdKklVRGBwyEt36b1YYKfK2Wq4Io3lAW0iboIt3PWT9LuLlKQ_9mJfEjEGHgyynGKeIqLBpONRvbUKKN1OE2Du9azzTPHrQ2oI4Ib3AoEyjw6DybGOeLk4I4nh3VpX1bn3ZL5cRNVl0UIGyKo2ZQiLV9iOjcNPNdS-hWDBlhfwHQobXB20J70Ib1bBWhn23_1xIEzMKHMUBxbFjF3YMd6QVBzcZbem1VKBjKRTEivzbWEuZc4I5nuXEUaJHGv-Jpl_gl0rNNOTAg&sai=AMfl-YQcEQlBA2PbunGjEmzKG51Q1lf8u6UsDy2a0rFtS-jhTQYrBVygxWubEMjeAZ8cSWx5xcxyjufD3cWDiLcNTWnzbsW8hWUxML21RDutRewewGjpT6_iJxYnc0FdNJ5YgMGb9YWVyJZ2oXw8WI0QqIXWGpafxDbJcS--xzpCD9nMLMN6Lb-ysa2Dft8jlpK_A7Ff4ktWWomH7D8KZK9tJFY4EV5Rsy3T936AQ1zo79FnLTYIsVkxVIdWtOgFuBYrAGU1SFn-kVv_2CLkyIXSRCh3nYKF0oIyJ2UPg5oCfU0F89SRgBzIYdceRoZdRcstyRKuO9fk2YMc-vSDXiPuHaq9JmU1cvLbFPpMPwEeSVFj6t0CLs1B8U7dRo8&sig=Cg0ArKJSzP33Fw5yz-p0EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=350&cbvp=1&cstd=336&cisv=r20230614.82466&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 601A 22 KB
8 KB 327ms
60ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19105
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request.php Show response
hal90006.redintelligence.net/ Frame B832 610 B
935 B 384ms
114ms Script
application/x-javascript 138.201.63.164

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=41b9e9dc0d&subid=&uid=92a00f260a075d08&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC4ToT4vmRZIi3GJmI9u8Pvoen6A6m5b2gaYWVnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpAn8mjTVLT7I-qAMBqgTZAU_QlJBwf1m85ca0V-vqPWZNcKEiEkk8XOXMtPniep6BX1INlLU9O5szljyfsCIkyksJWQTZE9DMUnDFHhlHzAmTiNnCozzHsRmybQTsF2GFJgrLh571xQHaurh18ZKziazkB-4MPdJHJkcoux1hCYdvdiHmari0kA7ZdLp6H8GbqHHlqNdw2wtTdlv6foutEuO9UJVbFbwvE8R3SzCh2LPn_Ag7RjayzGfkaXIyYAm1TUXHr9KuZSxIz_i7vS4h03Vf40f3dedanm3J3R5nXzek_2i6k2bKNZjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA5gLAcgLAYAMAaIMCCoGCgTDsLECsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDyAh1saSFVG_GM6BilNLMmNaurqSqTEcuFyvaVMwERAoArqKqbJchhLyf9cf9S3n48j0VHOu6p9elhlMLTrczalcYytv-z2sTlvQhP-1jMhN2xOxqRCRADqUWjsbRmogW8fQpJVtS2XMYAQ%26sig%3DAOD64_3ah4icI23wpu6x7mABZQ-4zMF6KQ%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DX-ghvOZv78skXTt_J2I4d2c_R8_cSxUGw4_77VRZOgbL8kNK0OS43uaH8ri3DEwAZjn6LFMoTgxW-AKYEx0BXEPzHeJfQ76dXCQBk3o1kW5utx75Hqb0qKomK6cUVnd9oDMlXos6wD-03UthvJ9Q_0I1rsZ9fknAEozRKvrBktCnPPjg%26cry%3D1%26dbm_d%3DAKAmf-BjWJYMmFCdg6TRcDK2Jin2JIq02DL6EBQtXKByTE2dLYHd_fJS5m0ctUXd37SfAfVji7qXhJyFcu3ZuFjmz49suZLnrhVjGP7NOQIYLx6SfLtOhiiIH8jmmyCyQPTBqpvLOjW2yl1cS_zfq_Iy-FNkp2wSGFElkcITtPPMxlBBJkOkL2tbzDYcuFBAy4vrNkGDUjA9ISvi8Wwtq2RxZzrERSOR1an5ZrgjQCdsdEwGl2Ban2xDhI4lx22QPWFhN2HgqzOZMAGTK63ClHFhJznXNH-MV5dDCLWlLRuiNB5C9SZEfK4Rh6n0v1sbWU__piUbX6L8qruJOaC2m7VEsH06-cKOCKEwfD-O5MFgeZZVI9j-YXxGzD1pw3ioWhcV3M9ueR_mI-vnkNVs-3vAlBILO5kYSSWcHzJBgCZWlNJlQiitJbkfwTk70OoAU3fMVDiVfGSu4cOiQmpToQRT92OEaKEj2HKoG1xPyS1HBBUWOWFha4yuvWoTJqYQETEeIrSZBFPJe8VdLnISzYN0MU5KPpNgk_FITXDyQ3fmQNH5MbhZSkU%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=3217680233497&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1687288290400264&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC4ToT4vmRZIi3GJmI9u8Pvoen6A6m5b2gaYWVnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpAn8mjTVLT7I-qAMBqgTZAU_QlJBwf1m85ca0V-vqPWZNcKEiEkk8XOXMtPniep6BX1INlLU9O5szljyfsCIkyksJWQTZE9DMUnDFHhlHzAmTiNnCozzHsRmybQTsF2GFJgrLh571xQHaurh18ZKziazkB-4MPdJHJkcoux1hCYdvdiHmari0kA7ZdLp6H8GbqHHlqNdw2wtTdlv6foutEuO9UJVbFbwvE8R3SzCh2LPn_Ag7RjayzGfkaXIyYAm1TUXHr9KuZSxIz_i7vS4h03Vf40f3dedanm3J3R5nXzek_2i6k2bKNZjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA5gLAcgLAYAMAaIMCCoGCgTDsLECsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDyAh1saSFVG_GM6BilNLMmNaurqSqTEcuFyvaVMwERAoArqKqbJchhLyf9cf9S3n48j0VHOu6p9elhlMLTrczalcYytv-z2sTlvQhP-1jMhN2xOxqRCRADqUWjsbRmogW8fQpJVtS2XMYAQ%26sig%3DAOD64_3ah4icI23wpu6x7mABZQ-4zMF6KQ%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DX-ghvOZv78skXTt_J2I4d2c_R8_cSxUGw4_77VRZOgbL8kNK0OS43uaH8ri3DEwAZjn6LFMoTgxW-AKYEx0BXEPzHeJfQ76dXCQBk3o1kW5utx75Hqb0qKomK6cUVnd9oDMlXos6wD-03UthvJ9Q_0I1rsZ9fknAEozRKvrBktCnPPjg%26cry%3D1%26dbm_d%3DAKAmf-BjWJYMmFCdg6TRcDK2Jin2JIq02DL6EBQtXKByTE2dLYHd_fJS5m0ctUXd37SfAfVji7qXhJyFcu3ZuFjmz49suZLnrhVjGP7NOQIYLx6SfLtOhiiIH8jmmyCyQPTBqpvLOjW2yl1cS_zfq_Iy-FNkp2wSGFElkcITtPPMxlBBJkOkL2tbzDYcuFBAy4vrNkGDUjA9ISvi8Wwtq2RxZzrERSOR1an5ZrgjQCdsdEwGl2Ban2xDhI4lx22QPWFhN2HgqzOZMAGTK63ClHFhJznXNH-MV5dDCLWlLRuiNB5C9SZEfK4Rh6n0v1sbWU__piUbX6L8qruJOaC2m7VEsH06-cKOCKEwfD-O5MFgeZZVI9j-YXxGzD1pw3ioWhcV3M9ueR_mI-vnkNVs-3vAlBILO5kYSSWcHzJBgCZWlNJlQiitJbkfwTk70OoAU3fMVDiVfGSu4cOiQmpToQRT92OEaKEj2HKoG1xPyS1HBBUWOWFha4yuvWoTJqYQETEeIrSZBFPJe8VdLnISzYN0MU5KPpNgk_FITXDyQ3fmQNH5MbhZSkU%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 1033bf2da8b4781e27f77df9130e836018c10d171f29f82d9d1a53eef5086dda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 19:11:32 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 84621600121546704444550012361006
Connection: close
Content-Length: 329
Expires: Tue, 20 Jun 2023 20:11:32 +0200

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1484055/72040526/ Frame F89D 47 KB
12 KB 396ms
53ms Script
application/javascript 46.137.93.67

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040526/skeleton.js?ias_dspID=64
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.137.93.67 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aaf614a2ad3a6d53389a42bcfb1ce28f1bc91f8a25f74154e3a0160423817ffb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F89D 172 KB
60 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Origin: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32047
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame F89D 11 KB
4 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-APim2bViBn0EyUUf6ovyfOWSFLtk8UepEQMbA5PnawseDOvjEKiHhlOJSZ0SaLbFA3N_3ucpM_eR95n0DrVSJDpuBgeTd18WqxJHLfQk2L37Sbf-3CeZoFtxKX1IXUiXUTFiPQ4XrZqClll0j0IbCB_k5SlrKRt8fWlm9-N9CcOODZur0&dbm_d=AKAmf-CQpvvjqxCjC2vFCY7s__wWZNzcpsgfwbWEssC4b-v0M-r3a71lZFr8YizwuD8-yXpdK4VyEExXVcf0NLu-tbrU3g7fSetK2oY2tjVW9HHDKa1werR0PgY8onU2RbMiHXzJ4hq23cwhiLbMBYn0-nGIgUOW9UZscZKQD07nJ8RXNckTl3JL2OnZ62lv9PXMLYYMvLG3fBWsrmhh0yJxBxP8EHn3HVio3CDieCKIs6-n8q2tBDFJTNOg-X1wVCqaebrFVu9e6NeLUiVoj8OQL-vOi185PjdWhsUotUVE1GQ5TYaIS_qfH-bMJvbUMGXbiCCrei46xlJWig7kiWXxWv5pzOGvNhP6m2_d7w_iXjhgZHfrK7c-Dte3QvWS4RJjq1gffJsW5XxtViwcRkCimICUVIqWyjw4uhqeeWfKuWLhFy7PAI5hqMFqURgtWa8UOrb3VbzxW6erfeU0TpC0mxJmifuQIQw6B82IsvAzsJO8qxhhfoCwCDU_wLJpOXoTSzI_LH5rGt_IE7HyG8n7Ux8Xbz_7QZoUlbZy3dZslf47bIL1NXbGtgBdBK76gwJ8RjJgeSdY00oKIFfu1dyZdRkuxN0LO5_u9F2I7VVIbUqTZSFCvUce9Rp5PXd_jhYXWcJusQZY1grXjeX_kJ8gMKW-VyV1MSWPx1srJFekmdTHSqMVhm6oF4qWjLHa2eqBdCujk_tp7Wxyiif2cKQGXffgQhxdxHJCTnctHxNp_iScxxzsyvo-p_7u-IH-o8QIT8lEIHDUBcEesU4PszzptjYbQHUINpMA5GABXldqc-Qoz9_WovzL7EO_q7Lwov83LR77RLH7b3BSaBWbfpXILleeVA3AabLlZ7rYsWE8SY84O2CG8gsXpdMpW40oh6rGNeJEg0QUh3y5u5jw2gGCxYHrShKarpI7HHpa4jlHZEvTiz1GIw8jeJVtKGRYGujY_AIyuSoFUq49i-XRblsZEaZ3RFB2ZDwDft9bEZRRBfkED8tRwqZGQmxd5y20kKyON54xRu6TjAUc1rTd6p7uQA3hDao8CUnjGrAHarSIcbIhiB96oM0BwzGuSt7QBU5VXrHSyTEdPNhRAc_M88uVjA145veCgCRoHcLU2CnUIHE4y8FFlzSRD8xk8gzDqqi4GrkZI8MJvXAehcqww7GfhoORBVsjeNvSTZIHutYeq75C-Tiv_SfKzamh2qDlDkAmUGReFxnKtn8JF8w4XadfN4xmYijx1W-l0Cc90xVMEcLl8NXRU22PAg04uAlKgBIQIW2gJaY4tWM3Q5x7oV7xsS_unHiqy7Nb2we7hDyxvLIt_tTV2fZ_6uA0JM3766lOIgx9EWI4FVKfozQGzMgkKeEHU-oQSmY0bq7fgTv8MfcTE110L4RyQyEyYcJs6Fr4C8QzYBfDgacBx1xr764gfnbixyQpY9Wk9pjuY2XS95BBMRWhICQH5Yvp-RJqEZsiBVHFldkzSHN63WzMoVQrc3jsIu4Fg35ijFNISe3UmiEHZwKhOkAazptkKyAdddS_24FS6rU19oeM4H2X4Qf0VS8iQ6xPiydOFpFCL0RowxVEek05XqCdYszVoOXqGGYz6wIQRhTnDtiw7NOGURHqT1p1Tv7Dsbb7sMFLMtrwic58UwrHZTOn4bt-JFzWO-N6IqGNNZwUYMYCQlZzvz8c9Ht1S1XjzmEFOQ5O9_l0WtzoVST-4mC-hsUjjMM8p3zNyvh9WdolLMfNZizXohHYniRui1pw8izRZgTk64YY2k4regkIc3tikFuXv3Dc5Pw4rI3FYo1ma7zVrlBl5IGdZkai-JnfXk3sN7tgjGMv2SVWaX5nva_c1l_9tuJvb74fd1_aKBsskn4z4TL-AysWL6VtOpw1Cy_tTLj96jLWxh3ln8OlppOBOuiHS6OvJ5lANAWmh_LjcMjUQPKywZ8ZVAhI9f6LBWyygjXtr2D-Y0j0jwNF-lIZAFM8NRY-YVmDBfBVFIqWTw5jjpaSX52AuiXUrLNF0_GC7lcVX8hsNUX7ZQH2RRuUGwo6fM2zh-PQbOx30sg5riTY49zZShDVbnONDfWRgJVmsMKt5m0eaq_JbmMcQRKX-nsmIWKSiuUQiMEqojRpvLCdlXmA1rx9Wj0by_8bHk1InGiXtG8ZX0ll3WztA6FiMTl0IFXuGJ92-yNCZud3IUPq_gNZYbDFWhp9SQOmV5P5pmGFOMRi_OM4ilbPYyr0r0K9p-NKzUyzAYGZ8TEWCCX83p1pLqZ-rSHLGsViUWveSzl5bSmSiTrUOxYe_k_9QKud6MzvOa2H-k4tvjMvFINFuQsmwIkCWi1oEmEpwT-ztlUSfFuXoE-kUmLZk0iwgk6N3WGb9oo-HtRtYxqPsDwKRXH_6IXhAH-tXVuP_da8SZqeM3KMUl1cebVibggU5OVZMx0OofkU7AMSBaYVp5mp2mEYq69fEr6O5u4mlZMkdTJxJMucXQZ3iPUTY5bHLkduGpWf8o5911YVV5cxTmYgjVJxFPzjbbCX8Spyw4oGvfKkUlbiLIua333EHQ8F1H8PXjIXPOBBMzt3TGE_H4YtIxj5MQWtQyeTLOAOT3wTupOM4X50UVmSbQTZ9njAzpM9-0GM55IB832xctO5tdrbKUhMCUNxBRjdtSVxwUQvRHDQTVeKHeArO-ZBm1ILuCINE9T394Bd7tb4ZfUFcQ0vhjbTQdH8eIg0QQKCq4OzpcbzHjYFb8JwmDvlAK3Jd2nFqP9YK4P8XLkvhky2lH59n-mbx1p72_23WJxp-XPCrslVK03JtQPuULVU0aUgP_ZaVzAqiHz4ZyHYV7fGI2Pl2lByCNJKcoilJPV33YL6N3rtjTIRMB_23P4iCNnajSGDIG7X4aPYfLu6eQpBQUWrxpwqckkzMHtTCBGpVszVIarb_Tsx326y7WcOaGm3BfLLDIhEe_C41pCIDJt5FhJzW3_4dryjYg1lev-RF6-D51dfv6oXBZ91XfyAlGmyrtqsUXvwftEzxGizpmN_i9UxYOomyZ22-hC7rPsIlMypMxZDk_zlfxV4NbE2SpLWI0gi70KBNjFr8nid6Fmmwv6VjEWFgV-WyfKrj0lSRHQtTio6QofnU0G8n4SIxyyFmT_C13GziDgF438czP6GiIZdmcEIciCuypVC2T6p5XmGmwC16qEc0_cNXJvHXn5tmK95iiebh0SgB-7tzxfkLlL7_QTL53MqcXMyvWRwiCB9mqcchOw0m4CSvn0Rd0DFvGJYGca8ZvNAfYyeiYBgMKHILyLvJF57JMOyOKM6cMsXzQcUs1hfBlUIjwR7n_IvjqiZQNak9hHjoYWG_4VfBOBkjjNTzFcnn7Vuz25sgL7N56S8w_OXQGzIB7Ktq1fJZc5jJbylnEBojymVfrZ_lLAkaN5IQBDOSFvA7ixYFW_5fM8lXsoxyy3S-G755Q3BGCyOxS8qBc3BtdCRjduU_d3VtNaF3_lQNacbeFgDGZYAMjSSjgaAyC2CHq-GqtoLhczdecJW5Gy-L_jouPbk&cid=CAQSbQBygQiDMlfLdNA3KLb0engykOYAbpBex0MBrFC-w_fn19OFKClRC3qG2KCanllAUdV481ojSH8G-ZTUEc45uDdSFTAxa8s-1uxIkHgdcMTb3u3CDVqSRU8kIk50Eg8152peCRhaqIqCLQ0C2koYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10527883180974057000&adk=578009112&idt=161&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19135
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame F89D 29 KB
11 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19135
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F89D 41 KB
15 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19136
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F717 42 B
64 B 96ms
95ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstSiCr3iwOdWCVL0Z85_yTMyrPXmDXea6aYvQHl_Ij6cFa8cT-jT3Tm6UeqZoNZm6P-cH7uTe4abKoGGB6iZgbiYKs0L2QvcFmxLFIshZqJGEdZdYiV9oEZZK4U12nrrxUJzhMcAtUKlIbaUItBz2KnWdSApzB9PbpvuZ72efUsBPyVgqJv1GuGQQ70dPmtd5RJRdnUYscYjglRJJqq65YurPmOQ1LMRZsSuw2SwHH18A&sai=AMfl-YTcu0Tmlp_ZbdElLumoVQcca7YFq5PfjyGSPzrr_YgqGDOrUPElUzFQdG6TDCiuB9cDfEfua8kW6ExyjlUnrI1jKbghGYjm-vVqPcLZ&sig=Cg0ArKJSzLC5oePp6RvtEAE&id=lidar2&mcvt=1005&p=0,0,100,100&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3698513385&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687288290415&rpt=379&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0A5E 0
20 B 91ms
91ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6472421419531&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0A5E 0
20 B 90ms
90ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6472421419531&version=m202301230201&ct=76&x=1&cor=1544576638171286800

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0A5E 92 KB
37 KB 104ms
103ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AI0R4h8GYwUx5f6djT198347Pzo7oQJYEgf12JNTT9a4MUK1rGs0NaGdRf_s7XV3kQvzRHs5p39Ugv-cGb1mjaZ70rdq-B9VIipwUKi9IokieYkLc&cry=1&dbm_d=AKAmf-DRJReLswPeARoCwxDRoRB8a-1oNFVvn1gaYW0XRktmAH6CyNe9TKuduU6izAjROIY-FHw2YOEFYZTKnAV9R-POyvnnQQ6L8KsH3bqgO0lVYq-Gal9m2l4vLpms8Zwj1u3zZ9dQqF7PntvK0_NwNToV5_ooElnG4QaJJrcPcGgrVlhttzPoJjKbgPiiSYKDLUWWpLLxHZfVeFdMoL0SYjX2glQ6Cwn29yxAAo_owyzi88kDdRZ_Gkz4M_QiGl07tm1VDjIR86fIsxCy8vnUHE8O5hwhm3p93zmjF4EKxjRal_kxgGFHyfZF1N5YApwivVl3pP0FaMAHxV60K40kCTbRP0r1LtKhiVbvnWZ1GeZRTfdIufIH56ErViri1UbktqwOqKy6tbXRc3yJ23wGLYMRQLv5-ykvxch4Y34pnGpwBiEWKAH1vdpOhBoDCvjuNGy2LEGnmG-kbIRJW4-M0q3VKNJLjVf0uu56Uh80LND1phX3nUZzMXpRvEY-wF0xGbDPwxckCV-5V2jGvQiSRtjy551AJf9MExKZfLqO3HgjdDWAWJNypFRx5iYIxc95an4lUky6ndZ1TscnDS5e6470phIJlRN2yeR0s20Od-w63bPGNGQXbyiQSE34gabMguxMcuLr_gXN1zGP6dUtzTCyoCmRUmwDO6XSWewGMA_NccYUCxSYtzdvp784kWdpSzlBYQoOgDa92XNkWydXfCTXxTPqj6iuL3ix3BZhc--eNFNr-VxG6yDQlV5de4xGQWj9I2PCkctGNISJcGT8DAAmujV_ygpz9sqeQwVll_mtnaiRk0jgfUgw2HssFjP_aWMfw2YT1tM2zTNt_TdPDFa5JFlg1K4SahGSZEVJ75PGLgmDJvz8oUI9ROpy8x-y4e7nSBcmxqA7azdh36VUlXbK9cxzAEMHvUU4OGssdf1M6Q6AsmnywcH8gT8Z_m1JjSe_vMOsHWQqRYnVAJ7JPyJv5s-plOLZGA-LiFmEERhQoxaBKbHXggkttQSYVe6sgot650_FQ2G7dOyRFYGCSlEjXsqwQH80D8na8wD6N3oEhKlCMaP-als5OZ-raHWsYyOhJuC-npyGXzg9IJ9ydK3de22xqAAeX8xSvjJi1PpRMSiTnn7t_dn_sYBLVVaD-AV1C8VyGU7j6gjxurxlaNp95T_n4sey8_Zr30AuAFMeZPnH8wsHjGeGkz9Lqdbln3cYQdAA-C3Q1sd_HnozI6j62LVRE5QdeRuNeMBQsMWEIwuCk8sC-LOacmeW_oMm96HW8ADOS4dILbPA7DwiETeLzSouWx9WJ3LHFYTKyR5gtMAD6kKFdOqUCLQeM0EjZ69Qk92KVKFgImOca8p9iniCNbnsM-heKMeocows9BfT0VXX5WbWT4iLKUIZ-0hp6cyyYWAczqEwogVQAo7Yx7hYc6rH4PFtVbIUWUK5SLuzKRx_c23cpHEhwZD3sZfWsboRO9EeSEixSFZPvXjGzjZfa_KD8JMzF3M60Bx0tw1qwrzjw_Tq4u42kI9TprYtUTop0DH5dGXSHMpXNjzkXO1sbTT0zaFmy1uFaPBBlyxrCvwiK4w86vIbBPBFoQHxDFv1j9FRizXOAs_xxDCRzamZPtOVl_dQx_efqJkf3S5_tZ8SJfpDZGRbBAFHJXoFhFy6k5xO9DqLuLF4xAJrLbD4bGY6D8k6wMzm45KHoY17JNZf12GyFnqbrR1M_NTZYHv8hMOIj0FebzX8zwOWT81CLl4E9as-QDv70AT_eMWJMZKtb7KS0jknPLSIlHXLZqjrQ3GpIEt-SahXu_N0vw_iSDr6KtuLnvlryMK_y29aKcuq6YkYAgo8vk7Ud8WBsvc8oChogTjMxrObHEsqS8UsqmeJ7z3f9rsCD_yaGEMw8KopjzBiVDyoUUFu_Pv-vxC8gIaDbFqDr4KAvoFJ5CuFdnsfwwSsCaTJyQbZ_qG8Yhc1NDChYjzcqhDmhq6Td6dVl_PHjJyQ_I4MqCq7Ycse6Wa86jbZzus3qpJvPOVj8u7G3OK929-pbKH_lbchTE27-pA4vM3QN0-maL-uSPQv2s40u3aXzybUQTk29AcOztylAAShDOp_1SyIT-9IT3Vmcx2RqVmHewpDAVl-Wi5Me3mWG_LmAEjg3dCVm9DLX_I6h5ERYLuJTAbSI1fN3nqligLtzt5JwYe-bw0eUuXuudSoZEu5CkVFZeu214uJ3GYGY_mKbSvRBT5gtiS_p6xdSq5Z2MtOLHvEiY4ZdcqpsXhpNpcE4NFrGuY-8Kxv_hzHNrqxyM15sH_CLOAbKKsqrGuxvTIsnwzqzYnNAVqX_fb3NLzw8JRxIxZU72OALdkeqtOn8jUDTGArKwnT6I9m4saHmxjBRrE9LA94JGx3bgk_JIDNZP-C7tiflUsQS3juW1Tsf6meWRMav_2OGgahe9Tq7fAKzt03fBpIiPeJnfO-jsy5VAk8WSiOsxqtPDD2MFonahnAdKrdhbaFfCE_t36WWS208fWMQFZRMW1dAcQKWBKVfAmaCxdhJUx4RzyHWF90GRM20hk8_YtHMCFXgkUG6DeF4LLvtvOaChFruywpt9LKWp8_xIjpHjKt5pnPxQg4Q-sCXXrLf_aG60YI3H9kumGVuGBZG5bKTN9PRio7KEk6wUm7BLrdzsv1axIvb61VPBXAZH_OjL9gBJvBaTCQro9rHgxi6oZlwIcS3FH3rk5dr7wEl86KbwaYqtGOgUnXI-9MlsVLvHXb-1k7H1FVUypv9k_tP-_jy5e1UZgpJS_2bKagjDNLSk6fnbCTFwDg2JsLaJWpeYOQ-VbKoY3WLxnZPx9Nqbz0rQKRNZHpkEfYhBgohSNkJx66aB1uHPiRTaVkb4pF4HgrNWqP03R20x2J62F9R9rP_R0s00W_5HVMOZp0kR_vgQ34DxCiT1evXsoGkkQtMRRTtEhUoafK8rfNo_ZVpwk39jsIWOqnR77NNyA0C7WqEgWDPqpur5ZMe8fm7tKX8gjziasuEvNlqNJnUf4FIa6NFYCqkaZCQwGm4DRkq4onnook3RC9uKS_Y0DsiqpjnZK7yfuqWxOwmMQ6kZm1kvxI5e6bQMqkJpgtc8I367lrCkwb_uUnlCiB9ekU1mpR582ReQzP6Q7PsuhsvxNSqq6SaD_DUSzL0MNgKx2sgYYAMPXq7awUnActKv7-LIvSyAayrptWZOmSiwy4JuI4CahiIHnyV-F3pp9gpmMXMYp3ORpJBw0j2cVmwVT2vzW8u4hbsvUkjneSa6jMfgHosOhA_e4VTsMdQx_alWdQxcbDwSM0-5GqwOhKAI8ANLdjA4oJVIuNiP-OiRItdijESdVHnXTAWyPhQTl1L3qP3jIsktMh96xN1rs-mNt7LAPbAu1SwN22YTmo4LGCZP4-U1RCR-Ut7j8iMsLZr0S20c1IU_o-2bbUmGYGsKHRh_Og6v4TD4mFM080jNq3nuVs1CXNb1O7mIUgUPR5OjKea2-stigYDOVSGsfOXiZpX6Xec1Un3EFJKG__evFEnPWYenJD_JaKZMY7plhVx1gwtskVaG-YLl4DJn5ar-1Z7EXTEjY0K2c8sIUHcQUyetgNPKtzcQPbj4hFzbr3ECeyHrxmMYk3cbpieOCd8nKGrM4feao3fZcLWGJqisWLpJ4LQHhGPlFE2iNZ6bxTQR_6_kt4Tysx80jHhIbkAae5OUyKD2mt0uhenKf8&cid=CAQSbQBygQiDEoBOQqrtER4Qb6SzpAh8NM5R3WBHboiLglKhdG7SV32clFe0aMBFfudrlhMWx93GetNKivgirNn9PoMSs2HfgUuoDtlsQxu4LWIveRq9cI7UuQa7v0NWIb8jvBpwuhobvSsuWfkS0PgYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1544576638171286800&adk=3860319555&idt=191&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63241fdf4c09cf9791e64013dd9b008cf1ad90c9a7d6c077861460eaf818771d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38046
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C205 0
20 B 96ms
95ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1FTi4_mRZN7CDvuOjuwPhpGaoAsAAAAAOAHgBAI&bg=!JSalJnLNAAaGYqkwpmI7ADkAdvg8WmqVt_IdrjcGXdVVnE7rEilpq3Vu9WdQ_Aj0qK34efnXR94VumdT4w46M6QFf3cLSue3GrwCAAAAglIAAAADaAEHmQNSSE2gv6BfOQHhHYYK5-nlGzAuoaMeQ8TV8gEd9rTxik-9jttOygNJiFO2fKrJDcFrG2pwtdx8ZyTA8d-qTq1Jd2nK7APDv70A-UZG1NvO64nUs2EQlClbDiMVp7xmWZO_iAuv-bIZMX5Wluabx6VSAZcwyFAmmrCft0rcNBH1HpzlH5nMfgAjm6Ef6N-GYEGhYxY7CJdtq81emRt0IsjpcoU5u6OIUK07aHTX2-XKdO59wndPKuabqpyv1yIvh59KwHoVDti2OmOkyYzLKQaAogqZMC9LS-_ELum7qRYur5Abp2dpP8WjRh9S2niSr_vrPtE-a3dSJKzvcsj7KwZMCyB4oD-Ry4YSykUVdtiYCXhMoOnk3dFcFTIojKe9Irf1QjGBXPXZvc7krM6PFTOpB-zkLZ7S2sPXHm90O14kipjey6axRoOqzGvYf2R0jSq2mjNTrua2Ey6Q4qpu1XTUXij67Pbm4P48z3excmHG7cUbEe5MxJ4aygA1twH7nZL8dhlthKW89sO3zqfcRYH--6_e7kOoUokEwWgX2B3PD5AYkpUU51NM7QDgUrMJ71dJlPiHg-TnjuETh_Es1d5rI0hnzf5j1DW052ZWPz8GcsKTb5DgidfhXfwtQxtcI7pfScIwWvHq-SJAlXYhh2X6fs8ACqVQAx2IgpRugkMlGe23gfEAGsYpLQNk_RLZvn-sIVVG4v-Sk5wZE6mLF3QxR7dcJIqtXdkVQcq2F2dcPXreffJD5p1bBIel01lHpUqDVaVS-XSXd-3W2bg559PCAtLtyyCZ57cQoFWVPk_x8zq2xeXpQ5QHfWAURgYHNT4LIbHxWyQ2d_qc5cBTyAVLOyj2rHslnLEF_mjH5XLQcRwzsvnd_Hr9LdBA1DVDhBYH-6g2swZtrI-2cuGrP7B8_ZgeJ9SmXJFIgGOLyoHfulzY-WSNt_L71bf2gPvzeJxgGWZVW2jp38SLgRS2B1bOdLhDBsIiolP3w8XYgi_vvSWW7Zi-AThfnovamnYhzpctEJV9vTU5Ry4m2uccR65SwSHA4eY7tJTRrzpfJh4-LedVmZcBokVjPiLzmf_JnStSEXr_CbZiBA-pI6ae24M6YUSjvFIil9-iVERtWRcT9U4i2g

Requested by

Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 9FA9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI2ZSB79ZZBUlTu1g6a1XnU&google_cver=1

43 B
114 B

48ms
45ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI2ZSB79ZZBUlTu1g6a1XnU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNWyD93E0llWBEIsQx3yUNf8B5-l6f5nRA6t9JMyIl69hfTFL-bcH0qta-1RmdYHr6tv5-z8oipewqVkbLTSU7JzcO6OK7Mq4vaoMyP59vhDZzbQC4_GRCwATf62DcnUTszVGc7i85Fq0g5uSIor7uAU_9-D8l7CRBqZXufcGvU0YbpaK0I
Protocol: H2
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEI2ZSB79ZZBUlTu1g6a1XnU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 9FA9 43 B
304 B 135ms
45ms Image
image/gif 35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNWyD93E0llWBEIsQx3yUNf8B5-l6f5nRA6t9JMyIl69hfTFL-bcH0qta-1RmdYHr6tv5-z8oipewqVkbLTSU7JzcO6OK7Mq4vaoMyP59vhDZzbQC4_GRCwATf62DcnUTszVGc7i85Fq0g5uSIor7uAU_9-D8l7CRBqZXufcGvU0YbpaK0I
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 9FA9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIsZUryw9oCVQnEG6C3IaEM&google_cver=1

23 B
163 B

81ms
69ms

Image
image/gif

2.16.97.41

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIsZUryw9oCVQnEG6C3IaEM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNWyD93E0llWBEIsQx3yUNf8B5-l6f5nRA6t9JMyIl69hfTFL-bcH0qta-1RmdYHr6tv5-z8oipewqVkbLTSU7JzcO6OK7Mq4vaoMyP59vhDZzbQC4_GRCwATf62DcnUTszVGc7i85Fq0g5uSIor7uAU_9-D8l7CRBqZXufcGvU0YbpaK0I
Protocol: H2
Server: 2.16.97.41 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Tue, 20 Jun 2023 19:11:32 GMT
pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEIsZUryw9oCVQnEG6C3IaEM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 9FA9 23 B
163 B 167ms
52ms Image
image/gif 2.16.97.41

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjS5_zbATAB&v=APEucNWyD93E0llWBEIsQx3yUNf8B5-l6f5nRA6t9JMyIl69hfTFL-bcH0qta-1RmdYHr6tv5-z8oipewqVkbLTSU7JzcO6OK7Mq4vaoMyP59vhDZzbQC4_GRCwATf62DcnUTszVGc7i85Fq0g5uSIor7uAU_9-D8l7CRBqZXufcGvU0YbpaK0I
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.97.41 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Tue, 20 Jun 2023 19:11:32 GMT
pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FCE 42 B
63 B 103ms
103ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cy5MB2ZnbqFxnkdxCwXm4aaEd8Xn-hvmezx6AGnl8iMR9GTtJv0tAbXl54DQPzssLmNOAVvQzPh1noijyGmzn9RJbwU0rKSv_wfIGkPCW3N8gg4pU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290879&bpp=2&bdt=305&idt=249&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=374892577277&frm=8&ife=1&pv=1&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.pjkovxnwj8f6&fsb=1&dtd=260

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FCE 0
20 B 104ms
104ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17205678079305016764&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8FCE 78 KB
27 KB 121ms
118ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1364558/69645137/xbbe/creative/ Frame 8FCE 252 KB
77 KB 108ms
54ms Script
application/javascript 46.137.93.67

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1364558/69645137/xbbe/creative/adj?p=APEucNUH0emwR3M5itGpWOPzhSN09mw5vplNS105p7oxS09ZNXAka1E&d=CokBAKAmf-ABQR5RyRCK4cN3JCrSOzBAIDI5EsgEk13azXRwaq7MLjpEsbFOcc2R4tNFaZrSH_SY-CVv9POoLVxl2cIxsnEfunngiPmjtXvt00qnJkJ5KQp5lMwcoHwH6i31Oj-pBWhPNDDxyj8dLetxnz-FKh8BD_S8lBxYpskyNGi2RgDcscd9FyESmRMAoCZ_4GGsQaeECuxvX0BzPRSVbVgEHuwf_nh_65BID5fR-4muedJdfaEvIqJtRBxRemet8pq7IV_EqN8OQYvfJvRpc-LSoGYi2vueWLRhaf_THM9fY5HHknNtrEHpxoMU-2J4P2qPyQ1KnKonowY3_sDGMYSXAXCGDwJhcDCLcfZLfVKaf6fYjPh-oMFpCcbOvtZ2AlXprlw15SU4PaYTfXFZarnf7szmNqeWnWyRfGGnB0WOLCm46U_KdyyzUCaGg67Gq71L_7oGjDZc3DcaRvPOGvzZ0tn7TwKaMvBKMzGEVB77rt9GIHFrwxwjHScVLr7cx4MyDYZR13PutQgakTOb0xufuFc5WcBvToL6x7D9aC5SAtGF649nB77-_dMajYawj7Skk7UE_7YjK1hd80b7Rl_gUXw7nrGP0nofYBSBIIcyk1Me7ZYbedCuUrZZkwgJi6de9ka-n2qZ-PYwUX3LMqiPZ7IHOqlEtJQC8WS7IveyKmT-wre0H2Z9ZTZgs6SruJ7WYK5XsD_UDPfbEJvaTnhgTYCaDxOwOvV5u8LRYv0QgiG_bSm9sJzi1n3qS5zHqa0vtTzYn7rGZXCvD3FzCzmYotjubDfL-sEyf3sxp1YuOey2EfWmIPEuK00CPzn4E9AaYt8lkN-pm44uRmcsTlUEwBPYUplxkvh6T3h1MyCNRZjZor25EUnK_nIDZjbFzRgAKMGLevCnTsNbf5ZjcWMnJxcdFMfhfpA8ZtssZtzCy9oi8BUJ6dIcUTFJTS8hpXPiMEDqSs6GTbWEDWU6cKk4AQXsS5cbM-eaBDXifLzHxA-OQzxIVPIEA3XFWMUfQ6V7e7LI9rtMKhtyqP6E2j8OVMVlE2c9U-uBIj9ZKpsdY6jO3PpGQm32ZQ8vwi0irnDAxrqSGoLIGwNT48LrnU92jRDQd2K6wHBFiGXMbn20NhXIDJKPKBuYFXEpU_uhTOXuWDeM4PWt1MnOfAONRvVXYa7CdS4ugAg2tbegqUSXofaKyV__jrbG-CLYN5ezW5oo3_TLcJ942HU1nwZav-Sx0HiEq1IHIrFqydnAPHbZFe2b0obbt_t_DdBk9ntQDI7_EA1M_lPy95aF1XuvU0uRso29Jai-m2UTRfcceMidyZEkOFlYKhNwiJ3_gklEk3nmfeXw_Rd6kgq3wB2uQKIfkm_PfRdpFC8ECAyzu3uIB4zWXhhtKMryXroVPGwBczevS8QFbtYtzga5PZfjbUqcpAzvyFVK7Ux5ogKw8NByZvXzZgvR7jkyv1NmbiTz7mKWm7ScmKf_NFG_piAjs-BPsJ0HHtI2i15E_76iFAIfhktNdsQfL9GbM1M7ocnoJpnX474LQ07OWf8HdwzPK24ccG8cJEDl9k-EljgDYizZ6OBDBbRmkD8luiqZwaUoUPFuhyKJJ345zyI5Q-m8l2tUDvPaUzIfm7_CsgpLtorxRPfur_R18tMCPhup1CJddZIeaNtU9fFqALDny80B-lLRbRVfBO7nBceGs5wSdowRGg8UN5RXfCaOVYW0YCvTx6_u4MEVXsBbBENluahKPz1sWKNUObstQVAkukltNQGdsSTLpSfy5YK_V7Cvyio9d3httcWZBgpw0q1JZOF1Gh_V7-h7xeOO3jMc4lvDBeRVu2FSoecSBQi1VLzlRiWGB8YNCHhqr9-L3Zop_QS9Ob5IpLWxCkNZSc7aB_VVzpQV3-HhKMhC2bLXAb1crOrWdNU7S0d4dNJ9Bk43yKncOgYLzAQmSdReNMYfHewBEe8uEJ3ZtNp5fDAyvlOSmtgbxEjTEvtaWp0xAIjlEx-ikbHW-BjEIcflxghyTBYW9xCAbbXDKY9zoGHOfjdVnVtzqG6aVXpOo6dU8fLdb1DixDHGCLdK5FOb96w0dx2iMibcfN9IgrwGnsYGNILhchQjPYRCvD5PAx5kX94bi3qq20SuMH142FXB1qQU4qiCYDg0kwE2PSgRi7XMTUCJNeCa-22nH1g4JfjNhCAfQ-BPKDWJa8_JwHrxMtZWPudMSBSYgmxQUXeQ6vOh0-RmgLF1aqXZkrLUxwl-VfJ1T4LxFPXmoZIuCiy4KPLORPYGjeVLNeJXl47noyOVB-46JM43d2zC1rKhsUsEYQYbOYxSf_6SfV3-NgmEWbdbTh2VnrjBRVicE4Oj2J7vp1t8TkJMDn-H4sVuIv0ukbXV5FEN-YD5WyoJcKBSt-1Ft8pmMVB1Z150IX6gPtw3TPkSZI7xxM2xZ9A-VjOe71Awyi3CZGHTJP-A7Z7O8dbabvX4UuZZkRlnojX79VzYe4riCXm1vsC5FJC0e9TbcwId4Fk1IeNHVxv609J8aHNIXLigEQNQzmROH8R9H6pGCp5cbOtX1KfvZN9L6bLnZ6s1f0CTThoLnohwuxHbVMQUPbjTQUYTEhPtppCfO3HtjUX7ennfvU9GOYwBMc5C5zdjKWQsZV3sCr2fhVH3sbiLbmnhLQuNdZfdYsw-h8cYlAzeWnKi7Ehwx9GXoQoblxbuXMDxleuY1eVY7dQu2OKLsj4j4c82rAO-7V4rfM4ROUGYCRFnrfb3bOJQL1YIXX1pTj5crauDiRCzfdiHY29EHtqrm-Xtj6FhmBlbc6Fd76A6IGpDiBDPcajSTW7TOnbmg3eAfZprf5oEkQN9pUNOMl8po0gNCF7lH4Jhh1ISjuo87JdIeNcp3Ejf9A7Uf9xXgAGLuseS_Sa7JmoDP0_trmhb7TsgZW7a_A8twVVezj8Fm2tgszsrX1EhUtOS_tB618xUTeOWVVMyp42hp9jymUUWxhMIsfVsIkG6w2AYkCJtmzBMdn3A-ewAStAsgK4Ltyn84EIfO5Fn_QMV5mNdirgRi_vt5YThVg-fsGYEt5JXsB9_jAoqKs9kWlhXrNbGAgWWrI6HU05yu0kbI0_7KjbDP2q2rr9hOpJtJAM7bKldoXGU_ZhO6xM74UOhgRG83v7DGRyLr65ViV4bOnPAmJL83XPjz1ShxS7YIMu9y6gJxc7uQXchUzGYhWl-Me6El3yS7BFojyLH815BzJGEn0J0LEEgk_ge8pDOBneLFU6Eh8Z4eTZ4Nez8vNNQgL3IgXlIlOMF4fLsXhcvLFMwvQ9aHEn36jwRJ4wU6_6Y5wsOWWeRVYHpw5ksDibAS-3R3DCPX6YBpfmbLm30Ke-HTLvxUKcEirgSkHQ5XZO2gdds7SADIPPfkp88VQICv9FrnOa9zNeTSaTEqr4XgwMTwMMEZZo5eiRZ71ZTwy0ZR9jdLGVFReTGalMaLwgEEikAcoEIg2n4ddoE7ahCHpMzFdQex_4wA1kVXob_3cq3eWeTnOu0dEKqoBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=1009843003&ias_pubId=pub-6593523210010154&ias_chanId=1&ias_placementId=18940094076&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0icq9P3CCmFxZX0hc13S7l8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290879&bpp=2&bdt=305&idt=249&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=374892577277&frm=8&ife=1&pv=1&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.pjkovxnwj8f6&fsb=1&dtd=260
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.137.93.67 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a0c0cb2194c7b78b65c738caf751472f8db16ce670ba68b10cec3a15a89afba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 8FCE 3 KB
1 KB 66ms
64ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 13:52:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 8FCE 19 KB
8 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:53:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 13:53:02 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 8FCE 0
0 195ms
64ms Image
text/html 2a00:1450:4001:806::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ4FAmrTdeGSBaBYgQvSbT22GEF1zI1UTu9hvx2jV0yWOLDbJsWqF9AmzWzBNQap06zAQKQhPMDGTX58B3s2moEYPNnPw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290879&bpp=2&bdt=305&idt=249&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=374892577277&frm=8&ife=1&pv=1&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.pjkovxnwj8f6&fsb=1&dtd=260
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8FCE 178 KB
56 KB 138ms
135ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 389D 466 B
235 B 99ms
98ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXEJVxkXj2hz5Gcq4_kHzg5Fkeke0vrCHlF8Rh2sESVuGvIBNSfNuDZYUiF4Du_kdenWZZAFFuyISLJ9MPxUiIFawAMek4NlSw2b6Q9nEvugdBzghfAFEu1HeQEioLNd7Fbxgmmr_NS6jAvSP6FyYrZ_wN1vT9B-Z-Ep1_sW8h6tFea7jw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290879&bpp=2&bdt=305&idt=249&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=374892577277&frm=8&ife=1&pv=1&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.pjkovxnwj8f6&fsb=1&dtd=260
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 0A5E 172 KB
60 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Origin: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame 0A5E 11 KB
4 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AI0R4h8GYwUx5f6djT198347Pzo7oQJYEgf12JNTT9a4MUK1rGs0NaGdRf_s7XV3kQvzRHs5p39Ugv-cGb1mjaZ70rdq-B9VIipwUKi9IokieYkLc&cry=1&dbm_d=AKAmf-DRJReLswPeARoCwxDRoRB8a-1oNFVvn1gaYW0XRktmAH6CyNe9TKuduU6izAjROIY-FHw2YOEFYZTKnAV9R-POyvnnQQ6L8KsH3bqgO0lVYq-Gal9m2l4vLpms8Zwj1u3zZ9dQqF7PntvK0_NwNToV5_ooElnG4QaJJrcPcGgrVlhttzPoJjKbgPiiSYKDLUWWpLLxHZfVeFdMoL0SYjX2glQ6Cwn29yxAAo_owyzi88kDdRZ_Gkz4M_QiGl07tm1VDjIR86fIsxCy8vnUHE8O5hwhm3p93zmjF4EKxjRal_kxgGFHyfZF1N5YApwivVl3pP0FaMAHxV60K40kCTbRP0r1LtKhiVbvnWZ1GeZRTfdIufIH56ErViri1UbktqwOqKy6tbXRc3yJ23wGLYMRQLv5-ykvxch4Y34pnGpwBiEWKAH1vdpOhBoDCvjuNGy2LEGnmG-kbIRJW4-M0q3VKNJLjVf0uu56Uh80LND1phX3nUZzMXpRvEY-wF0xGbDPwxckCV-5V2jGvQiSRtjy551AJf9MExKZfLqO3HgjdDWAWJNypFRx5iYIxc95an4lUky6ndZ1TscnDS5e6470phIJlRN2yeR0s20Od-w63bPGNGQXbyiQSE34gabMguxMcuLr_gXN1zGP6dUtzTCyoCmRUmwDO6XSWewGMA_NccYUCxSYtzdvp784kWdpSzlBYQoOgDa92XNkWydXfCTXxTPqj6iuL3ix3BZhc--eNFNr-VxG6yDQlV5de4xGQWj9I2PCkctGNISJcGT8DAAmujV_ygpz9sqeQwVll_mtnaiRk0jgfUgw2HssFjP_aWMfw2YT1tM2zTNt_TdPDFa5JFlg1K4SahGSZEVJ75PGLgmDJvz8oUI9ROpy8x-y4e7nSBcmxqA7azdh36VUlXbK9cxzAEMHvUU4OGssdf1M6Q6AsmnywcH8gT8Z_m1JjSe_vMOsHWQqRYnVAJ7JPyJv5s-plOLZGA-LiFmEERhQoxaBKbHXggkttQSYVe6sgot650_FQ2G7dOyRFYGCSlEjXsqwQH80D8na8wD6N3oEhKlCMaP-als5OZ-raHWsYyOhJuC-npyGXzg9IJ9ydK3de22xqAAeX8xSvjJi1PpRMSiTnn7t_dn_sYBLVVaD-AV1C8VyGU7j6gjxurxlaNp95T_n4sey8_Zr30AuAFMeZPnH8wsHjGeGkz9Lqdbln3cYQdAA-C3Q1sd_HnozI6j62LVRE5QdeRuNeMBQsMWEIwuCk8sC-LOacmeW_oMm96HW8ADOS4dILbPA7DwiETeLzSouWx9WJ3LHFYTKyR5gtMAD6kKFdOqUCLQeM0EjZ69Qk92KVKFgImOca8p9iniCNbnsM-heKMeocows9BfT0VXX5WbWT4iLKUIZ-0hp6cyyYWAczqEwogVQAo7Yx7hYc6rH4PFtVbIUWUK5SLuzKRx_c23cpHEhwZD3sZfWsboRO9EeSEixSFZPvXjGzjZfa_KD8JMzF3M60Bx0tw1qwrzjw_Tq4u42kI9TprYtUTop0DH5dGXSHMpXNjzkXO1sbTT0zaFmy1uFaPBBlyxrCvwiK4w86vIbBPBFoQHxDFv1j9FRizXOAs_xxDCRzamZPtOVl_dQx_efqJkf3S5_tZ8SJfpDZGRbBAFHJXoFhFy6k5xO9DqLuLF4xAJrLbD4bGY6D8k6wMzm45KHoY17JNZf12GyFnqbrR1M_NTZYHv8hMOIj0FebzX8zwOWT81CLl4E9as-QDv70AT_eMWJMZKtb7KS0jknPLSIlHXLZqjrQ3GpIEt-SahXu_N0vw_iSDr6KtuLnvlryMK_y29aKcuq6YkYAgo8vk7Ud8WBsvc8oChogTjMxrObHEsqS8UsqmeJ7z3f9rsCD_yaGEMw8KopjzBiVDyoUUFu_Pv-vxC8gIaDbFqDr4KAvoFJ5CuFdnsfwwSsCaTJyQbZ_qG8Yhc1NDChYjzcqhDmhq6Td6dVl_PHjJyQ_I4MqCq7Ycse6Wa86jbZzus3qpJvPOVj8u7G3OK929-pbKH_lbchTE27-pA4vM3QN0-maL-uSPQv2s40u3aXzybUQTk29AcOztylAAShDOp_1SyIT-9IT3Vmcx2RqVmHewpDAVl-Wi5Me3mWG_LmAEjg3dCVm9DLX_I6h5ERYLuJTAbSI1fN3nqligLtzt5JwYe-bw0eUuXuudSoZEu5CkVFZeu214uJ3GYGY_mKbSvRBT5gtiS_p6xdSq5Z2MtOLHvEiY4ZdcqpsXhpNpcE4NFrGuY-8Kxv_hzHNrqxyM15sH_CLOAbKKsqrGuxvTIsnwzqzYnNAVqX_fb3NLzw8JRxIxZU72OALdkeqtOn8jUDTGArKwnT6I9m4saHmxjBRrE9LA94JGx3bgk_JIDNZP-C7tiflUsQS3juW1Tsf6meWRMav_2OGgahe9Tq7fAKzt03fBpIiPeJnfO-jsy5VAk8WSiOsxqtPDD2MFonahnAdKrdhbaFfCE_t36WWS208fWMQFZRMW1dAcQKWBKVfAmaCxdhJUx4RzyHWF90GRM20hk8_YtHMCFXgkUG6DeF4LLvtvOaChFruywpt9LKWp8_xIjpHjKt5pnPxQg4Q-sCXXrLf_aG60YI3H9kumGVuGBZG5bKTN9PRio7KEk6wUm7BLrdzsv1axIvb61VPBXAZH_OjL9gBJvBaTCQro9rHgxi6oZlwIcS3FH3rk5dr7wEl86KbwaYqtGOgUnXI-9MlsVLvHXb-1k7H1FVUypv9k_tP-_jy5e1UZgpJS_2bKagjDNLSk6fnbCTFwDg2JsLaJWpeYOQ-VbKoY3WLxnZPx9Nqbz0rQKRNZHpkEfYhBgohSNkJx66aB1uHPiRTaVkb4pF4HgrNWqP03R20x2J62F9R9rP_R0s00W_5HVMOZp0kR_vgQ34DxCiT1evXsoGkkQtMRRTtEhUoafK8rfNo_ZVpwk39jsIWOqnR77NNyA0C7WqEgWDPqpur5ZMe8fm7tKX8gjziasuEvNlqNJnUf4FIa6NFYCqkaZCQwGm4DRkq4onnook3RC9uKS_Y0DsiqpjnZK7yfuqWxOwmMQ6kZm1kvxI5e6bQMqkJpgtc8I367lrCkwb_uUnlCiB9ekU1mpR582ReQzP6Q7PsuhsvxNSqq6SaD_DUSzL0MNgKx2sgYYAMPXq7awUnActKv7-LIvSyAayrptWZOmSiwy4JuI4CahiIHnyV-F3pp9gpmMXMYp3ORpJBw0j2cVmwVT2vzW8u4hbsvUkjneSa6jMfgHosOhA_e4VTsMdQx_alWdQxcbDwSM0-5GqwOhKAI8ANLdjA4oJVIuNiP-OiRItdijESdVHnXTAWyPhQTl1L3qP3jIsktMh96xN1rs-mNt7LAPbAu1SwN22YTmo4LGCZP4-U1RCR-Ut7j8iMsLZr0S20c1IU_o-2bbUmGYGsKHRh_Og6v4TD4mFM080jNq3nuVs1CXNb1O7mIUgUPR5OjKea2-stigYDOVSGsfOXiZpX6Xec1Un3EFJKG__evFEnPWYenJD_JaKZMY7plhVx1gwtskVaG-YLl4DJn5ar-1Z7EXTEjY0K2c8sIUHcQUyetgNPKtzcQPbj4hFzbr3ECeyHrxmMYk3cbpieOCd8nKGrM4feao3fZcLWGJqisWLpJ4LQHhGPlFE2iNZ6bxTQR_6_kt4Tysx80jHhIbkAae5OUyKD2mt0uhenKf8&cid=CAQSbQBygQiDEoBOQqrtER4Qb6SzpAh8NM5R3WBHboiLglKhdG7SV32clFe0aMBFfudrlhMWx93GetNKivgirNn9PoMSs2HfgUuoDtlsQxu4LWIveRq9cI7UuQa7v0NWIb8jvBpwuhobvSsuWfkS0PgYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1544576638171286800&adk=3860319555&idt=191&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame 0A5E 29 KB
11 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0A5E 41 KB
15 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
DATA 200
OK truncated
/ Frame 0A5E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57f96ff91dff1a07222bbfb2a19e18cce8099b2c5c85e871bf8501c20d61959c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame ACBF 22 KB
8 KB 68ms
66ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19105
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame F89D 8 KB
4 KB 294ms
32ms Script
application/javascript 2a02:26f0:480:9::210:ee0e

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=20309721&cmp=29968277&sid=3288807&plc=367565044&num=&adid=&advid=4309118&adsrv=1&btreg=558488208&btadsrv=doubleclick&crt=191643418&gdpr=&gdpr_consent=&tagtype=&dvtagver=6.1.src
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee0e -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 856ed99804bf5b83c5c70314917f7b561f06bfb50cc10ed5430a8fca2c40f246

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:32 GMT
Content-Encoding: gzip
Last-Modified: Sun, 18 Jun 2023 14:39:49 GMT
Server: UploadServer
ETag: "6bbda2156609c9b24e1e0e365f01b513"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3374
Expires: Sun, 18 Jun 2023 14:55:16 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10454987525626607892/ Frame 9020 14 KB
3 KB 66ms
63ms Document
text/html 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d721f1819959bcb4cc8b418e32a69c729add4639335ca673c3b6ce5b8739bfcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2994
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:32 GMT
expires: Wed, 19 Jun 2024 19:11:32 GMT
last-modified: Fri, 12 May 2023 09:19:51 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F89D 0
0 120ms
112ms Fetch
image/gif 142.250.185.130

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstwxdJ_Ik2rhP9h6SxSUuw2iqQYehO1794O8LzWmo6VVfCQVubMSImRLEgTJBYlOAeNUWbFaSIxs6vc2S7pxk3vZ99rsVizhIsiv_EdjWlU5UbwMfcJrpskf_YN9kdDuR6tjR-4pPMeG7h7gDmx8o_ovFxfe6DJE9hAdkznx0_NjaC2K6-IBtYAjBtvSQGySTOFOKmPAzak4k2aeaiAhNQ6JfLPzb8Kb-VR6wN53av_Icau-nEi6Z6sIF38b96c9E5cUYHGjlt7yvJ7RGlX5Qnwn4Xka1py4onm3i6ksfyDuuG5uHtXlia5ZgRPoW_1ngZhFLez4Al7euiI2nnMn6O8JlZviDZr0MqkdlVjoQI2upfjLxjZniTT6X6Rke4vrUhrU7bfZ5FmVNbj7pV5F2Y_4qWnZHEg2dPolzqBiJ5LjZN-3HVIrz9dAtUU3u5nVK_u1IUyegEeo3I611MGbP0HiLnrkjLRngya8gA6Ju42Ri-njkDS_P9YUM8VBYe9wz6vI2x3lMkdgW2I5oFHg7TP0KVfZO5-RD5pRuFWfRo6E0nGGzU2N-bA_LUJbMnfSRQzUuoHuldeczgMbwogu12GFWLX58RORTt8_leEW-yDkU_1SwcITHpvp4vfS4QspD_tpc6DoLAZ5afR08RtmUThqeNEOPXYtM0PYhUxYDtdI-K6Kxmw8OODO-cgSTke8nW_0MMBllcc_PUazStaM4erHf-7Enhv-KnK8OjETeCXs665DVItiuCFT-PHLA_IbH7JyK2qzln2Y01RjU3OXaZ2eYHoQpcur4KBy_Z8rM0LEushJMZinBCDAzUP2iDt66ssJWRXxaUA5WgcOVzNZPMIRreJMs7T18RIEy5PGkD3ndCfaBGqxrC3wE17Gtg9lvK30pke9E61WC-LhFQAi25ycJD4cDGwJU6XFfImOboo7w4ua6PIBtOvHtMd_PNrXCGBwdmaB8DJtdX4n1BJIYr77RefKTUQF_GhsWD82j5QuAtH_qOMz-e9pqQ_PaEA2K_DqT2wBGzAD8Gk40oalWH-4uH9OKYIYPg5ZjIFte92C4YVUaWgA275gE0d73jnCeNGigCTP8tbHBdMckqSMZ_hEVvh8qkzoTzZ15tM5RBWlfNpkbwMYgOQ4jkgdQbhMI7N8OY4RR1nU4H3psW0H3KyM8YzHsZIiLe6uwcVkaDit7B1E1J8SdO4misbopAYArHrhB-1BMb7ASYhdQ7LCskpOh7ThxI2ErD93C3GTeCmSzSueeYM4CNxvylfY7HTdJrpdGzoaKg_nGcml_wdbSGO3__0vVYWY-GTv8Wp9AoQdpSRRxmOgrNL_Ga8oaL7IkIxAMhY&sai=AMfl-YRThiINb3TaNyC-FkSnPZfDoPaU1_U_SUiC9RbugST3GBPAH0roB13Vc_Pu1Vbz2pY4Ogvur2dXWyX19jUupqMHRdNmnHIWHsjU8Z7N74h3ZCeL3aivdAtEZaQF87jP5fNw79vsfIfNmSS-begJaLDzX54w7YeeQMg-2JQ2eeBnvBw3-9xiTxQWjkqQ212huFT0XwTQLRL2Cy9hBzcomibdaXO0Jcfk6EUOnoLWRr6KAGZ6vD6gMJCOao_MIkLEXdk9NGP-x-Oc-Mg52nq0oDEJ7uPMwW_yVT8Bn0hJLMmbEW1EisICVHmp4gOZ6czGIzQ9PovZmg5XBxx30E7-kkoC2J9Lan85y2y1tMex9w5LLdmxkpbTHuhjUZJD&sig=Cg0ArKJSzLckCGtEVd1tEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=358&cbvp=1&cstd=346&cisv=r20230614.83661&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame B1DC 118 KB
40 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30911
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 10:36:21 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame B1DC 63 KB
25 KB 114ms
111ms Script
text/javascript 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 389D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFdV6B47HosJLhb8DVmHSUI&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFdV6B47HosJLhb8DVmHSUI&google_cver=1&__user_check__=1&sync_id=448811fe-0f9e-11ee-84eb-16877d160206

43 B
548 B

36ms
35ms

Image
image/gif

185.94.180.126

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFdV6B47HosJLhb8DVmHSUI&google_cver=1&__user_check__=1&sync_id=448811fe-0f9e-11ee-84eb-16877d160206
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXEJVxkXj2hz5Gcq4_kHzg5Fkeke0vrCHlF8Rh2sESVuGvIBNSfNuDZYUiF4Du_kdenWZZAFFuyISLJ9MPxUiIFawAMek4NlSw2b6Q9nEvugdBzghfAFEu1HeQEioLNd7Fbxgmmr_NS6jAvSP6FyYrZ_wN1vT9B-Z-Ep1_sW8h6tFea7jw
Protocol: HTTP/1.1
Server: 185.94.180.126 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 48
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Tue, 20 Jun 2023 19:11:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEFdV6B47HosJLhb8DVmHSUI&google_cver=1&__user_check__=1&sync_id=448811fe-0f9e-11ee-84eb-16877d160206
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 61
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 389D
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDQ4N2Y1MmYtMGY5ZS0xMWVlLTllMWYtMTAyNDE4NWEwNDA2

170 B
188 B

70ms
69ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDQ4N2Y1MmYtMGY5ZS0xMWVlLTllMWYtMTAyNDE4NWEwNDA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXEJVxkXj2hz5Gcq4_kHzg5Fkeke0vrCHlF8Rh2sESVuGvIBNSfNuDZYUiF4Du_kdenWZZAFFuyISLJ9MPxUiIFawAMek4NlSw2b6Q9nEvugdBzghfAFEu1HeQEioLNd7Fbxgmmr_NS6jAvSP6FyYrZ_wN1vT9B-Z-Ep1_sW8h6tFea7jw

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 20 Jun 2023 19:11:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDQ4N2Y1MmYtMGY5ZS0xMWVlLTllMWYtMTAyNDE4NWEwNDA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 56
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 389D
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1KdW5kaGRoRTJ1RjAwZU5oT2hYRjBuczZVUEJpXzBqZ35B

170 B
188 B

70ms
69ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1KdW5kaGRoRTJ1RjAwZU5oT2hYRjBuczZVUEJpXzBqZ35B

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1KdW5kaGRoRTJ1RjAwZU5oT2hYRjBuczZVUEJpXzBqZ35B
date: Tue, 20 Jun 2023 19:11:32 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK request_content.php Show response
hal90006.redintelligence.net/ Frame 85F7 7 KB
3 KB 101ms
33ms Document
text/html 138.201.63.164

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request_content.php?s=84621600121546704444550012361006&a=6c5093e3
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=41b9e9dc0d&subid=&uid=92a00f260a075d08&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC4ToT4vmRZIi3GJmI9u8Pvoen6A6m5b2gaYWVnKfJD_AuEAEgwLKCa2CV-vCBjAfIAQmpAn8mjTVLT7I-qAMBqgTZAU_QlJBwf1m85ca0V-vqPWZNcKEiEkk8XOXMtPniep6BX1INlLU9O5szljyfsCIkyksJWQTZE9DMUnDFHhlHzAmTiNnCozzHsRmybQTsF2GFJgrLh571xQHaurh18ZKziazkB-4MPdJHJkcoux1hCYdvdiHmari0kA7ZdLp6H8GbqHHlqNdw2wtTdlv6foutEuO9UJVbFbwvE8R3SzCh2LPn_Ag7RjayzGfkaXIyYAm1TUXHr9KuZSxIz_i7vS4h03Vf40f3dedanm3J3R5nXzek_2i6k2bKNZjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA5gLAcgLAYAMAaIMCCoGCgTDsLECsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDyAh1saSFVG_GM6BilNLMmNaurqSqTEcuFyvaVMwERAoArqKqbJchhLyf9cf9S3n48j0VHOu6p9elhlMLTrczalcYytv-z2sTlvQhP-1jMhN2xOxqRCRADqUWjsbRmogW8fQpJVtS2XMYAQ%26sig%3DAOD64_3ah4icI23wpu6x7mABZQ-4zMF6KQ%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DX-ghvOZv78skXTt_J2I4d2c_R8_cSxUGw4_77VRZOgbL8kNK0OS43uaH8ri3DEwAZjn6LFMoTgxW-AKYEx0BXEPzHeJfQ76dXCQBk3o1kW5utx75Hqb0qKomK6cUVnd9oDMlXos6wD-03UthvJ9Q_0I1rsZ9fknAEozRKvrBktCnPPjg%26cry%3D1%26dbm_d%3DAKAmf-BjWJYMmFCdg6TRcDK2Jin2JIq02DL6EBQtXKByTE2dLYHd_fJS5m0ctUXd37SfAfVji7qXhJyFcu3ZuFjmz49suZLnrhVjGP7NOQIYLx6SfLtOhiiIH8jmmyCyQPTBqpvLOjW2yl1cS_zfq_Iy-FNkp2wSGFElkcITtPPMxlBBJkOkL2tbzDYcuFBAy4vrNkGDUjA9ISvi8Wwtq2RxZzrERSOR1an5ZrgjQCdsdEwGl2Ban2xDhI4lx22QPWFhN2HgqzOZMAGTK63ClHFhJznXNH-MV5dDCLWlLRuiNB5C9SZEfK4Rh6n0v1sbWU__piUbX6L8qruJOaC2m7VEsH06-cKOCKEwfD-O5MFgeZZVI9j-YXxGzD1pw3ioWhcV3M9ueR_mI-vnkNVs-3vAlBILO5kYSSWcHzJBgCZWlNJlQiitJbkfwTk70OoAU3fMVDiVfGSu4cOiQmpToQRT92OEaKEj2HKoG1xPyS1HBBUWOWFha4yuvWoTJqYQETEeIrSZBFPJe8VdLnISzYN0MU5KPpNgk_FITXDyQ3fmQNH5MbhZSkU%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=3217680233497&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 516576bcf1d031daaf02a553c7ee5edd0ada9a363334830663f2473835311808

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2282
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Jun 2023 19:11:32 GMT
Expires: Tue, 20 Jun 2023 20:11:32 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 601A 37 KB
14 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Jun 2024 14:15:15 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B9EC 22 KB
8 KB 78ms
62ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19105
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B832 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48252907a0128297811c54be091663ea43ca07fd38b435a6e845838fb4fcc825

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/10454987525626607892/css/ Frame 9020 6 KB
2 KB 58ms
58ms Stylesheet
text/css 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

543d48d1e079fcd974d371768fe777a8c842d99d2be67d10d2f0e946f4198ebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85589
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1560
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 18 Jun 2024 19:25:03 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 9020 120 KB
41 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61307
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 02:09:45 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/10454987525626607892/img/ Frame 9020 5 KB
2 KB 93ms
92ms Image
image/svg+xml 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

312ea37c961106b2df0601ca18d37f89c74ec7b28932d79c012c0864169a11ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85589
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2331
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 18 Jun 2024 19:25:03 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 9020 60 KB
24 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=C5Pplx2wDh&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/10596822557170597888/ Frame EA8D 47 KB
12 KB 85ms
77ms Document
text/html 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=2Ag6AKTjhr&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

8fb600b02fc75812932069a9f79b2132dffbca1cd735dd8f8613d0f2850046d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 19:11:32 GMT
expires: Wed, 19 Jun 2024 19:11:32 GMT
last-modified: Wed, 15 Feb 2023 15:46:51 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0A5E 0
0 123ms
122ms Fetch
image/gif 142.250.185.130

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuthW_TUqhszh4CCaadBFuENL3tjRuvuTe4ypxkw7MVAA_2HdF3xxCXZAlsXk0krvMdoM425A2iuKXEm1Pyi8U8ctEARXQRQxogZ7IL63UdszFIYOJshHSoSko9mRyNwwp5BbQXouOkRjQNbNL5EsqdstdrPnCS3_VDmCF3Oq3atWmaWnHQT0W4PR5dyMy6w9-eu8DRUntmW1OrbyolB2SqbpbaAUWk_FUjs7fHTBXoLcVEDH5_VgRWCJXqrzG79Jpd2krPCVZVIqsRdTrAMTnZ6wlCobeWVb7IT8EotUGZjSue3HRri3i-Ch2Q4o1eKMkyXSRnQKcSVZqe1IGl6IVKaPPWObRXYa9joMr38fYA-bAXyQsksmjZS0R4Yj9a_524Gl6rpYne6bjUyi68lVXYkqyOZklA-dgvO7fI7hmHmoqfGbkK8MyPOGHIL19PVtyWwwHS5h-qevYWVEcBe3kxFdkNX8KDJd2sqzJIOPyg3AuLmAbSw4Q10399qIoIJBuF77ozrfqdcR5hzb9HwP3TdgLaZj03tfg1i82M3EJ3zSyvvFLqAYC93TUnyC_xnz7L2vKaz3wfan5SeyHWvLxgCztRbYD31m7omTp-R3DvjE3LwYUcoEiQVZc-1BOpe-XUxFZI-ceSobnT38jvm3pApofngtnkwg9Pp9ZZ5tgbSbeKeKouOBQ6IyUhDavJZhl513ZbX7aH86-2Z0eJxeRcDRsPDV9mfR_Xe5rqrzbDtOKtGWpwsp7FH0oIbxSM1MzU0cVxWlmTzKXZEzpslMPBfLf2-05ow3gAnHqC0hCbE2186BOGCONO2Bs3wcCpbPsJX8eefSPNxb04IA_fXrzX22pbWWmwxOypInhESx6yDoQ341z7btGtsCdXFVHUELz3buX_YS1qYIW5n1Ep4lQq1XIWezIl4KAWs3qxBYC454-MXCG5F9bsCFo8mT1k7FAObUoJfQvlbpb4oI-wCUtQeRMWcQRxZ-1uE6FtuSTKAF4DgMBnbZctRRWIW2Ycqo5APD2MJwK9YzNlfi8d6flqxPu0X6lm9Er8rQ8oOA_sVcp2fm1stPpsJz9-b6vLAGu3AULlrQJznV0TetlxzWxrvBporrRkBKDB3CY018K3BN2jXBh-RFEycBxon9YzxmJF_aTg9A-AWKFSvO3kAfWA41dumExThhtcg4n7T54YhcEQaRsy-UihZgttIONryPV_vYMh7kcABW2CrkngSCADsITY85J4ea5pz4pffPAIJLDhoJ7GcDHVpGAWMJsePyyIrG2NCaYX2KkC0lPVn7XErI_2hqOYcZyk0KJifgCz-VXHVjW51VhAwrptFe7oL2chY7bbCJhcxEfPHEkKuqOP5VEl6vtdbg&sai=AMfl-YQVgrCX5CDVYN50R17-aUd-nPjzXPJBzXxHAX1Uu4YRgaV3W7rw89vuTyWTEJbGjKdHAHBfYPg5cjQ83z-ITaWiOVahkgySqq3aUzDcgPfSWvY3A0M-j_nrhSpMLz7dCTHG79H9ToTDaYXQ6vgd-LXvncn9jp2BACzr4bVE3IK_9RxI9d0nvECc1GGhTkV3MrbLvJUwT1w4z8fY1yosXCHQzT4tSrbQSdzrPCNSZEU58bsA-Ukm6qF5JiDWdPG-7UyzRnvOk2CBTomq_53kpfu80sZkwkKOlrs21mR6xhqS0yDCffRNzsBXX22xsJeDWtSwDdK47Rn5OibYNLGKjg8QJxOxciJv0kkETXO5dDFfZe_b9QrPeWV3ELY&sig=Cg0ArKJSzEHk0V88RNEmEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=205&cbvp=1&cstd=186&cisv=r20230614.18958&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 20 Jun 2023 19:11:32 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FCE 0
20 B 91ms
91ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8206950718120&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FCE 0
20 B 91ms
91ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8206950718120&version=m202301230201&ct=76&x=1&cor=17205678079305017000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8FCE 15 KB
11 KB 107ms
103ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bc23g3P9hZ9IGdS5HY7dB3uslIQtINsfzyrzjsEGPJkFc-85HCuj1CwFi1NbQZt8uMcduzEMIilTR93H5z8BjtXTZhBaZm8XBD04BQ8jK7uJueZNaHh_vfGib1Q3Y4aFVAux5NBxBHmc70_rcMnJaXLg3mdLPQaG9AtfgmNkTJQtaU5zg&cry=1&dbm_d=AKAmf-BZQE3wZPpLKuFsl42qVOlylg1nzT1Vu2C0ayDjgqUzNEuoPSS68tU7sfiN9QA66a6sNM6P-m_ewhgSZ20c3zkkFPqy1G7rKznHU75QpAwkkaav3OGnLxFXO8axuFiIUc5TKFDEshsQZV-ROgJ5FFK8uZ_Rh7DyL4b4rdUMQrL4VMXbM9NFIH-QjdVRM8q0n4OKlZ4ExQcStJPBeKWofeiRfyAqxqSJ6Ppdqh7tmhw7J10cHCt_zmwnEm5E_88K1aaIN2yqEu1h2qjbdsEQT2RcOoEK5zjxB90J35xT0DwqP7SkgDmWdQ-uFW0hVii6T0LmKE9dkAPv05nd5xDYtA98bxXrOpv1tyUCDmJ6O06dxLTNQhOR6NqGFTNOHEEt1P5PsSUxPTItbDAPgXDxq6zmInR3QMLq-un5QUaLyaZoUK6FCowl2YFuu48-jKal2BbTrdzv7GsR9lSU4wBr1N05Ujkzklp3qz6MubBGOYXuiHEoVXlYdUHCMcWHeyJgEmAWoS3pXreBEq1MsbuXp8WmaeQnDrjI---1jVKHqCG_ptcgCRig2a8nWyk8GcbYKDXlSc_NTSpr7jZpr9fGiGTpGiaCFjJUcajol6IGmzUrluM6aygZkdWSrGAOZj5t6ePCJDp9RMl4Gtiq3tToWn-Y96i6iv3YoTRB7EI7uU5A7FQ87d1d7uJURr9ciV6ryfcYlEdIFbQ7K4ptkflPtJvwjpyeeVUBIR_2sEXvhbQZRVGFtL9smOBtqgR89-KSm9YdKXeJPKEBosoyl24nRJF0cVXba-2kx6YftdmU-vYwtKPQ1g-oghsoqjAvndHlbPJ2U-TTX_b-HKINXqoaAfNtJ8VmKzRhnlKaBYp2eiLVlhRZ0gDXvfEzIuf3FFrGnpsSRkqtXW1R_j7vP6JlZaJdVYcaobHzk9O36YQNQhn4S-ZbAjqVdpZLcv0aTowTXuT35xC6s8rY-gueleaMGepaNrn-yU_fvrGrWtZ5aO0rNU_msylj9CWw1ZhR8tczJByeXifjinSBZuorGl87cijNJSqnP__E10Z9v9R6DL6L9jeEhcNti5l_ixybsiXPswWe9EDYNKW78UoZQ8JPubfQ3ifAqkY9m3oi94_N5n1_0bT4KNhCvbSdOYL5GHEfCfuXKl6N70gKc9TOceUwJ0FtR2_E6QeSpmjB1zHPbHP9BNxp3qF2ucsBgv5vW6hdu8wxKdUOuS7D1MKo7UwqnsVcjUYrFakTjPuF3NZ7me9jh0zCFPNPpX_Usf7m7GknWC6zu9BfCoRupslH0s8d_c_7aA3oxWs2F33xtsak--xaPB8NLiclDBoyLGBQMcPnVnDvqLBFuiQyYsXY8aP6YJxJcCLtcHtqRvFQ7VIAR99Y9RhIxUGi00839tP1SexqN6UDJAVQARY8mBVX3oE_dD5TekAh72FGIZA40LWGVZJ7X0iRe1IQuygu_TBs_Dj4IrS61Dxt2NfuBY5uPuoccP3eX2BQjZJVUien5sgrrZ9rTVQViX3IdU3iZcTHjcM-Pj8tMyYyb-vNqnSjB-kt7SI35RmahGQj7dufxxDoJeVxcmFlmE-plTOdS42bJ8uOKPMJM3IUJm1Czv-3-H-P06OPc2orkKIqcEq1B4wR2f9MWH2qR-hL_2Oj7bk7yBR2stBPqVZIpVPBAnoOVafZ7iTKKyH5HGw0L8c-Aa1hLjU1Rm0GrzQdMnvgFcN9W-evj-sWCL9YNviWLP4Xg6w5ykTMPp9n7cZQRTm4RBBHvGtcIFP4ChdspzlgUE5ltvBDyqHJNfFez6B5GMNMx3wGU3vFDACNw65CjBmHL6twWUCdC6nuNVdShtmVUUgaYqApllLH4gryjzNJOjzOpJ3t90DNWuR_PFf4rNvEz9CblLrGL_8d4pzJgINmqR2kxdcOPTDs3caCpqhWhWGSj8AQigAr_Iom2y9ykSpehia4zRdZ_IsYICWHQeTfY7LDdpvF56uG_jChwXJrZO03dDIcWlnlQ-EAMOW0CZl7Ak0fsENV9vGo2TC_AjIXe9aNrIMBxBN9BsaQvJX6ud2faH32ZvACQJfc2e_EsHWq6TKzV7sFCJj5daocXCmJaXTx0aJq_jFmYcowsW-7AxvQlS-owkc65WsU6NXdpBv_tq3oICzax6sNKaxf_NXCZRCpXHdJ0JqyXQ1WYnky3SwkFtDXbNGk2ZQE_EbVgEdpHlTKGSWDR0NqLX_-WiNzhLbd5EDwPmNJ8V39T6Juhy800-XL2T1BAuHUFq_nF-k_6X_k7sYbxjtNQEnFfwAkRPfp9Ubob8Um3YALZJrl-Q8dMv9Fijly9ytiajHPZKrQpx-FNPsTLH_4bEUPW_bV3DsouxO0X95s-EAXRqr5l-LOCKcXWDjKMunggYCAtkBNXlnr-VE1i6yqzTlcKl9Loerwj7IgkyYal2BrcILAID8sEvwIQK0qwQDQwwrb_Pe6DQRop2oP7_AztOEeAo7VA7vZBSQFE_q8FhWdYKV9ua9RlK9kIhgbJsUFpgwT32rUCuD7zfet-PlQ6L8dL0VttQ49XbtIU0u_AXfTA9GaZ7cKrbQuDcad9qDXy7DrruAy6TTXJBXxiMfKfHx-KYDppcDPPXjNpx8ENZ336yBFKW3yR6v0N-V7PTkLAACxTkiia7rmM7Kb0bnng8OqkY1BgpVHzwfR1qm_cYFTluO9fWv6pkFL3ql4EMpYM2AXHwUGTHbgyBBWrYOckpzUwzPtBYEDgagdEQEQ_TNE21nrUIQnw_b6_oAMAmGXWSuumadENWvZt_6fcMuhUlxBxtmZNzKVU8D11tz1G3evNishlB_AATOPr9vTuQkMI2GVxc_hEqsrvZBc9bkm_9Q&cid=CAQSKQBygQiDafh12gTtqEIekzMV1B7H_jADWRVehv_dyrd5Z5Oc67R0QqqgGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17205678079305017000&adk=4275104297&idt=143&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32d37dc08a96f43b50c2565b035deff5d7b668a070b56078a6b41c0cc833537f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290879&bpp=2&bdt=305&idt=249&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=374892577277&frm=8&ife=1&pv=1&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.pjkovxnwj8f6&fsb=1&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11486
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.19.8.417.js Show response
static.adsafeprotected.com/ Frame F89D 202 KB
63 KB 111ms
33ms Script
application/javascript 2600:9000:223f:8400:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.417.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040526/skeleton.js?ias_dspID=64
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:8400:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 751fb681f54d257d1e40ec453a64608224a9862491da12791310bdeb0c1d8a2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 15:17:27 GMT
x-amz-version-id: UVbFefY6UOYSsxlF6c.82fk2mbTK4IKy
content-encoding: gzip
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1050846
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 07 Jun 2023 21:53:40 GMT
server: AmazonS3
etag: W/"bb95c129f80c46c33e169dde0694b792"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: yd9U5XlIkQt08EJ8kUEJrHNVu7e9fKJWi_ZwGbatjf2lUS5vsZNPiQ==

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 4A64 0
209 B 77ms
77ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687288289347&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 20 Jun 2023 19:11:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame ACBF 37 KB
14 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Jun 2024 14:15:15 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0DEF 0
0 98ms
98ms Fetch
image/gif 142.250.185.130

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssCMEQtaiNQgKy-elczv11dckNzrlcXx7k8SCRLDCTCEtS0mxI2LViCHJVKSjIR9FzJa8HwrVfmEA04j3Q1kNtJSNmK4vaXSurblw-YZg9K7iWQec97fKeQbdgnnPnG5F2YXXP4ObVlRj8sd1yLtQyjAWLizYB7-Z2LKNUqZwY5wXRtHzi3qZVJylwRnSVdN_44zKLCRtD95GqqsMLMJf3cO0Gukto_O8Cfn41PYXhcAZZ1XL_z-BmeXNuT91xdbvk2nIgZHBHqbX5i4BRdG00ulS2U9GNtzvCuWX3XayblsRIIUO5_VwF3-Fstq1LX-M8oCJiyRyfrV4cNArb_i-eP7dTjLcXcCY-MyHTMfkKROs2AM5NtKGI9C02RDikjM6Qfq_l9fyodGkHCPvbVSFQmIJm8E0diPyauUmOrs_OkfZcG0hiWGAlOmTkVOAcIqWK7WbAXyHRYiczOwOElEbfnQGRPHXpDNG15tda4Xm5ue6ygeCKjO9-5zsicQCW-FHllSALP3kbL6szqq4vAX3NYbT3UXRk6XGaW8WavtRSS8odbiawL5gSu5z6ByxeVl3SqafpPpMXTBFO9l7f2IXsB2d0i2cKue2E6QklNuSUyNkl-kLnOLXtkn_QNhwvutwdE3KCzV5AggRDN9NN_E8cR-Jxb9ptHKPsKlTIrdvFc3g-r6DtY2btz2WxsXRtnUZCfnpWrmnbCieK8J_fdKuLCOBgdHrfOp0gyc5EU78Y3CGeZye32smmvt36X6CJOmxpiqS9ZVpuIzIy5QVSpzIb251DYSQOhg9h2GWFCXRo3A5LI4BsHV36-RIgPblH8pMx1tQ29pMfPqHXIAPzIC7dLxlCCObPcdFDA-SDPzHNaGsbLmH3iSizKglp58dTFejq4J3Bckd4-DwcBT76xvbxGlqub_W5-hnSpnw2tY5mZMCF-MvMmMyGVRxNgkX41Yx7XZAAIm2XAxVRUZJTVxBk9b7i8rHvK3WgPTdhJ8phwEPob2HbZFvy-AcQmSJKVx555TulsMbyBBbdAKfSnFEDi_so4rV-ZsevLpHT0hJB1TDtLyDGqCM2N8JkyXDtn4AcMtpILEbVz0UahP6BVGKCdKklVRGBwyEt36b1YYKfK2Wq4Io3lAW0iboIt3PWT9LuLlKQ_9mJfEjEGHgyynGKeIqLBpONRvbUKKN1OE2Du9azzTPHrQ2oI4Ib3AoEyjw6DybGOeLk4I4nh3VpX1bn3ZL5cRNVl0UIGyKo2ZQiLV9iOjcNPNdS-hWDBlhfwHQobXB20J70Ib1bBWhn23_1xIEzMKHMUBxbFjF3YMd6QVBzcZbem1VKBjKRTEivzbWEuZc4I5nuXEUaJHGv-Jpl_gl0rNNOTAg&sai=AMfl-YQcEQlBA2PbunGjEmzKG51Q1lf8u6UsDy2a0rFtS-jhTQYrBVygxWubEMjeAZ8cSWx5xcxyjufD3cWDiLcNTWnzbsW8hWUxML21RDutRewewGjpT6_iJxYnc0FdNJ5YgMGb9YWVyJZ2oXw8WI0QqIXWGpafxDbJcS--xzpCD9nMLMN6Lb-ysa2Dft8jlpK_A7Ff4ktWWomH7D8KZK9tJFY4EV5Rsy3T936AQ1zo79FnLTYIsVkxVIdWtOgFuBYrAGU1SFn-kVv_2CLkyIXSRCh3nYKF0oIyJ2UPg5oCfU0F89SRgBzIYdceRoZdRcstyRKuO9fk2YMc-vSDXiPuHaq9JmU1cvLbFPpMPwEeSVFj6t0CLs1B8U7dRo8&sig=Cg0ArKJSzP33Fw5yz-p0EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=973&vt=11&dtpt=623&dett=3&cstd=336&cisv=r20230614.82466&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 85F7 89 KB
32 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=84621600121546704444550012361006&a=6c5093e3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 21:10:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 338476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Jun 2024 21:10:16 GMT

GET
H/1.1 200
OK S-728x90.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 85F7 24 KB
24 KB 165ms
57ms Image
image/gif 51.75.147.170

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-728x90.gif
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=84621600121546704444550012361006&a=6c5093e3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 7c67dc1e9ecce0d3757d97792fd606effaa6fe799ebe7423aff81e26e07900a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:32 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:29 GMT
Server: nginx
ETag: "5b55f201-5f90"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 24464

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame B1DC 47 KB
47 KB 66ms
66ms Font
font/woff2 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:00:33 GMT
x-content-type-options: nosniff
age: 659
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 19:15:33 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame B1DC 46 KB
46 KB 57ms
56ms Font
font/woff2 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:07:01 GMT
x-content-type-options: nosniff
age: 271
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 19:22:01 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B1DC 7 KB
6 KB 104ms
103ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

732fa3b5db8decf740c74d874c095c60f86b606927bececfbcbed9eeb04607eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5612
x-xss-protection: 0

GET
H3 200 60005582_20230403054246424_APP_iPhone_14_Pro_Airpods_Pro.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame B1DC 23 KB
23 KB 91ms
88ms Image
image/png 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230403054246424_APP_iPhone_14_Pro_Airpods_Pro.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e12a5d3b5407eb454726b1eea9f3eeb66e1cf802be956ce0656e0f52fcdefe9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:15:31 GMT
x-content-type-options: nosniff
age: 14161
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23929
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 12:42:46 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 15:15:31 GMT

GET
H3 200 60005582_20220825085202338_728x090_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame B1DC 30 KB
30 KB 122ms
119ms Image
image/png 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085202338_728x090_BG.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b5bfdb5e4886a5d739b60e2a8938706714242d4e9a68cb77281630a3e518faad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 09:21:33 GMT
x-content-type-options: nosniff
age: 35399
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30980
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:52:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 09:21:33 GMT

GET
H3 200 60005582_20230428072231499_728x090_LOOK-INTRO.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame B1DC 42 KB
42 KB 115ms
112ms Image
image/png 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230428072231499_728x090_LOOK-INTRO.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

56e55a3b7d47ab725a63e43f7eb44b7f7b25ca06822f3bfca57c4a3b13b4599c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 01:51:40 GMT
x-content-type-options: nosniff
age: 62392
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42501
x-xss-protection: 0
last-modified: Fri, 28 Apr 2023 14:22:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 01:51:40 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame B1DC 43 B
608 B 153ms
39ms Image
image/gif 141.101.90.97

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=29072291_4307561_354110996_170181287_PO1803A20230405&ref=29072291_4307561_354110996_170181287_PO1803A20230405
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.97 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:32 GMT
via: 1.1 varnish-live-1-0
CF-Cache-Status: HIT
age: 5873655
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 22 Mar 2023 08:05:14 GMT
Server: cloudflare
etag: "2b-5f7789eafa280"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 45356224
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7da651745f759250-FRA
Expires: Wed, 19 Jun 2024 19:11:32 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame B1DC 26 KB
26 KB 104ms
103ms Image
image/png 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=1rQyIcY0d8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 18:58:58 GMT
x-content-type-options: nosniff
age: 754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 19:13:58 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0DEF 42 B
64 B 95ms
95ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvXzJQlBJBq1rWEBaEdJvXphE-ukpWa4Ko6_rKZWr9E84zUybFKXKBKstqTK8VCIl2zkWweFBXL8CleiuAmwY5NhYCegBe9ylzmazyGM5BxA7pYLrvlznFvNnLtiT7m2lBRugHrinYhgsjW&sai=AMfl-YRyzpIw9XNR1b1HKKZngH32rFO8f1DC5Y_4O0rpvn2mrL94gUICa6VjMtPm5EiB9tF6uzRkUko0MtsaCMinhMxbARLK6MlE7qBsRgr2HJ-eZv38avW8_Wuk8NOVoGXjursZV5bwu9vwmR9RQWGa_jl1lTBlKAagwOjQBbZOQLleBfNINugYvt8pQxOl4w&sig=Cg0ArKJSzEqT4p2Cy4X_EAE&cid=CAQSbQBygQiDM_usm38FjDv0WRqD97qsXvXJrE-fWZBhSyIOiXs9KIPHyu_TKbEn1S1oQCv6AFgaP9tBB-0dRYOQV0UovwmtZYEv8BfRdsRrWXD98t8A0613YMs0TzxFVcdGORe-nnW88nCAT8W79ZIYAQ&id=lidar2&mcvt=1043&p=0,0,90,728&mtos=1043,1043,1043,1043,1043&tos=1043,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687288290925&rpt=480&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8FCE 41 KB
15 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bc23g3P9hZ9IGdS5HY7dB3uslIQtINsfzyrzjsEGPJkFc-85HCuj1CwFi1NbQZt8uMcduzEMIilTR93H5z8BjtXTZhBaZm8XBD04BQ8jK7uJueZNaHh_vfGib1Q3Y4aFVAux5NBxBHmc70_rcMnJaXLg3mdLPQaG9AtfgmNkTJQtaU5zg&cry=1&dbm_d=AKAmf-BZQE3wZPpLKuFsl42qVOlylg1nzT1Vu2C0ayDjgqUzNEuoPSS68tU7sfiN9QA66a6sNM6P-m_ewhgSZ20c3zkkFPqy1G7rKznHU75QpAwkkaav3OGnLxFXO8axuFiIUc5TKFDEshsQZV-ROgJ5FFK8uZ_Rh7DyL4b4rdUMQrL4VMXbM9NFIH-QjdVRM8q0n4OKlZ4ExQcStJPBeKWofeiRfyAqxqSJ6Ppdqh7tmhw7J10cHCt_zmwnEm5E_88K1aaIN2yqEu1h2qjbdsEQT2RcOoEK5zjxB90J35xT0DwqP7SkgDmWdQ-uFW0hVii6T0LmKE9dkAPv05nd5xDYtA98bxXrOpv1tyUCDmJ6O06dxLTNQhOR6NqGFTNOHEEt1P5PsSUxPTItbDAPgXDxq6zmInR3QMLq-un5QUaLyaZoUK6FCowl2YFuu48-jKal2BbTrdzv7GsR9lSU4wBr1N05Ujkzklp3qz6MubBGOYXuiHEoVXlYdUHCMcWHeyJgEmAWoS3pXreBEq1MsbuXp8WmaeQnDrjI---1jVKHqCG_ptcgCRig2a8nWyk8GcbYKDXlSc_NTSpr7jZpr9fGiGTpGiaCFjJUcajol6IGmzUrluM6aygZkdWSrGAOZj5t6ePCJDp9RMl4Gtiq3tToWn-Y96i6iv3YoTRB7EI7uU5A7FQ87d1d7uJURr9ciV6ryfcYlEdIFbQ7K4ptkflPtJvwjpyeeVUBIR_2sEXvhbQZRVGFtL9smOBtqgR89-KSm9YdKXeJPKEBosoyl24nRJF0cVXba-2kx6YftdmU-vYwtKPQ1g-oghsoqjAvndHlbPJ2U-TTX_b-HKINXqoaAfNtJ8VmKzRhnlKaBYp2eiLVlhRZ0gDXvfEzIuf3FFrGnpsSRkqtXW1R_j7vP6JlZaJdVYcaobHzk9O36YQNQhn4S-ZbAjqVdpZLcv0aTowTXuT35xC6s8rY-gueleaMGepaNrn-yU_fvrGrWtZ5aO0rNU_msylj9CWw1ZhR8tczJByeXifjinSBZuorGl87cijNJSqnP__E10Z9v9R6DL6L9jeEhcNti5l_ixybsiXPswWe9EDYNKW78UoZQ8JPubfQ3ifAqkY9m3oi94_N5n1_0bT4KNhCvbSdOYL5GHEfCfuXKl6N70gKc9TOceUwJ0FtR2_E6QeSpmjB1zHPbHP9BNxp3qF2ucsBgv5vW6hdu8wxKdUOuS7D1MKo7UwqnsVcjUYrFakTjPuF3NZ7me9jh0zCFPNPpX_Usf7m7GknWC6zu9BfCoRupslH0s8d_c_7aA3oxWs2F33xtsak--xaPB8NLiclDBoyLGBQMcPnVnDvqLBFuiQyYsXY8aP6YJxJcCLtcHtqRvFQ7VIAR99Y9RhIxUGi00839tP1SexqN6UDJAVQARY8mBVX3oE_dD5TekAh72FGIZA40LWGVZJ7X0iRe1IQuygu_TBs_Dj4IrS61Dxt2NfuBY5uPuoccP3eX2BQjZJVUien5sgrrZ9rTVQViX3IdU3iZcTHjcM-Pj8tMyYyb-vNqnSjB-kt7SI35RmahGQj7dufxxDoJeVxcmFlmE-plTOdS42bJ8uOKPMJM3IUJm1Czv-3-H-P06OPc2orkKIqcEq1B4wR2f9MWH2qR-hL_2Oj7bk7yBR2stBPqVZIpVPBAnoOVafZ7iTKKyH5HGw0L8c-Aa1hLjU1Rm0GrzQdMnvgFcN9W-evj-sWCL9YNviWLP4Xg6w5ykTMPp9n7cZQRTm4RBBHvGtcIFP4ChdspzlgUE5ltvBDyqHJNfFez6B5GMNMx3wGU3vFDACNw65CjBmHL6twWUCdC6nuNVdShtmVUUgaYqApllLH4gryjzNJOjzOpJ3t90DNWuR_PFf4rNvEz9CblLrGL_8d4pzJgINmqR2kxdcOPTDs3caCpqhWhWGSj8AQigAr_Iom2y9ykSpehia4zRdZ_IsYICWHQeTfY7LDdpvF56uG_jChwXJrZO03dDIcWlnlQ-EAMOW0CZl7Ak0fsENV9vGo2TC_AjIXe9aNrIMBxBN9BsaQvJX6ud2faH32ZvACQJfc2e_EsHWq6TKzV7sFCJj5daocXCmJaXTx0aJq_jFmYcowsW-7AxvQlS-owkc65WsU6NXdpBv_tq3oICzax6sNKaxf_NXCZRCpXHdJ0JqyXQ1WYnky3SwkFtDXbNGk2ZQE_EbVgEdpHlTKGSWDR0NqLX_-WiNzhLbd5EDwPmNJ8V39T6Juhy800-XL2T1BAuHUFq_nF-k_6X_k7sYbxjtNQEnFfwAkRPfp9Ubob8Um3YALZJrl-Q8dMv9Fijly9ytiajHPZKrQpx-FNPsTLH_4bEUPW_bV3DsouxO0X95s-EAXRqr5l-LOCKcXWDjKMunggYCAtkBNXlnr-VE1i6yqzTlcKl9Loerwj7IgkyYal2BrcILAID8sEvwIQK0qwQDQwwrb_Pe6DQRop2oP7_AztOEeAo7VA7vZBSQFE_q8FhWdYKV9ua9RlK9kIhgbJsUFpgwT32rUCuD7zfet-PlQ6L8dL0VttQ49XbtIU0u_AXfTA9GaZ7cKrbQuDcad9qDXy7DrruAy6TTXJBXxiMfKfHx-KYDppcDPPXjNpx8ENZ336yBFKW3yR6v0N-V7PTkLAACxTkiia7rmM7Kb0bnng8OqkY1BgpVHzwfR1qm_cYFTluO9fWv6pkFL3ql4EMpYM2AXHwUGTHbgyBBWrYOckpzUwzPtBYEDgagdEQEQ_TNE21nrUIQnw_b6_oAMAmGXWSuumadENWvZt_6fcMuhUlxBxtmZNzKVU8D11tz1G3evNishlB_AATOPr9vTuQkMI2GVxc_hEqsrvZBc9bkm_9Q&cid=CAQSKQBygQiDafh12gTtqEIekzMV1B7H_jADWRVehv_dyrd5Z5Oc67R0QqqgGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17205678079305017000&adk=4275104297&idt=143&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame EA8D 118 KB
40 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=2Ag6AKTjhr&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=2Ag6AKTjhr&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30911
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 10:36:21 GMT

GET
H3 200 gsap_3.9.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame EA8D 63 KB
25 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:80f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=2Ag6AKTjhr&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=2Ag6AKTjhr&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET
H2

200

adj
bid.g.doubleclick.net/xbbe/creative/ Frame 8FCE
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1364558/69645137/xbbe/creative/adj?p=APEucNUH0emwR3M5itGpWOPzhSN09mw5vplNS105p7oxS09ZNXAka1E&d=CokBAKAmf-ABQR5RyRCK4cN3JCrSOzBAIDI5EsgEk13azXRwaq7MLjpEsbFOcc2...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUH0emwR3M5itGpWOPzhSN09mw5vplNS105p7oxS09ZNXAka1E&d=CokBAKAmf-ABQR5RyRCK4cN3JCrSOzBAIDI5EsgEk13azXRwaq7MLjpEsbFOcc2R4tNFaZrSH_SY-CVv9POoLVxl2...

77 KB
0

152ms
66ms

Script
text/javascript

108.177.15.157

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUH0emwR3M5itGpWOPzhSN09mw5vplNS105p7oxS09ZNXAka1E&d=CokBAKAmf-ABQR5RyRCK4cN3JCrSOzBAIDI5EsgEk13azXRwaq7MLjpEsbFOcc2R4tNFaZrSH_SY-CVv9POoLVxl2cIxsnEfunngiPmjtXvt00qnJkJ5KQp5lMwcoHwH6i31Oj-pBWhPNDDxyj8dLetxnz-FKh8BD_S8lBxYpskyNGi2RgDcscd9FyESmRMAoCZ_4GGsQaeECuxvX0BzPRSVbVgEHuwf_nh_65BID5fR-4muedJdfaEvIqJtRBxRemet8pq7IV_EqN8OQYvfJvRpc-LSoGYi2vueWLRhaf_THM9fY5HHknNtrEHpxoMU-2J4P2qPyQ1KnKonowY3_sDGMYSXAXCGDwJhcDCLcfZLfVKaf6fYjPh-oMFpCcbOvtZ2AlXprlw15SU4PaYTfXFZarnf7szmNqeWnWyRfGGnB0WOLCm46U_KdyyzUCaGg67Gq71L_7oGjDZc3DcaRvPOGvzZ0tn7TwKaMvBKMzGEVB77rt9GIHFrwxwjHScVLr7cx4MyDYZR13PutQgakTOb0xufuFc5WcBvToL6x7D9aC5SAtGF649nB77-_dMajYawj7Skk7UE_7YjK1hd80b7Rl_gUXw7nrGP0nofYBSBIIcyk1Me7ZYbedCuUrZZkwgJi6de9ka-n2qZ-PYwUX3LMqiPZ7IHOqlEtJQC8WS7IveyKmT-wre0H2Z9ZTZgs6SruJ7WYK5XsD_UDPfbEJvaTnhgTYCaDxOwOvV5u8LRYv0QgiG_bSm9sJzi1n3qS5zHqa0vtTzYn7rGZXCvD3FzCzmYotjubDfL-sEyf3sxp1YuOey2EfWmIPEuK00CPzn4E9AaYt8lkN-pm44uRmcsTlUEwBPYUplxkvh6T3h1MyCNRZjZor25EUnK_nIDZjbFzRgAKMGLevCnTsNbf5ZjcWMnJxcdFMfhfpA8ZtssZtzCy9oi8BUJ6dIcUTFJTS8hpXPiMEDqSs6GTbWEDWU6cKk4AQXsS5cbM-eaBDXifLzHxA-OQzxIVPIEA3XFWMUfQ6V7e7LI9rtMKhtyqP6E2j8OVMVlE2c9U-uBIj9ZKpsdY6jO3PpGQm32ZQ8vwi0irnDAxrqSGoLIGwNT48LrnU92jRDQd2K6wHBFiGXMbn20NhXIDJKPKBuYFXEpU_uhTOXuWDeM4PWt1MnOfAONRvVXYa7CdS4ugAg2tbegqUSXofaKyV__jrbG-CLYN5ezW5oo3_TLcJ942HU1nwZav-Sx0HiEq1IHIrFqydnAPHbZFe2b0obbt_t_DdBk9ntQDI7_EA1M_lPy95aF1XuvU0uRso29Jai-m2UTRfcceMidyZEkOFlYKhNwiJ3_gklEk3nmfeXw_Rd6kgq3wB2uQKIfkm_PfRdpFC8ECAyzu3uIB4zWXhhtKMryXroVPGwBczevS8QFbtYtzga5PZfjbUqcpAzvyFVK7Ux5ogKw8NByZvXzZgvR7jkyv1NmbiTz7mKWm7ScmKf_NFG_piAjs-BPsJ0HHtI2i15E_76iFAIfhktNdsQfL9GbM1M7ocnoJpnX474LQ07OWf8HdwzPK24ccG8cJEDl9k-EljgDYizZ6OBDBbRmkD8luiqZwaUoUPFuhyKJJ345zyI5Q-m8l2tUDvPaUzIfm7_CsgpLtorxRPfur_R18tMCPhup1CJddZIeaNtU9fFqALDny80B-lLRbRVfBO7nBceGs5wSdowRGg8UN5RXfCaOVYW0YCvTx6_u4MEVXsBbBENluahKPz1sWKNUObstQVAkukltNQGdsSTLpSfy5YK_V7Cvyio9d3httcWZBgpw0q1JZOF1Gh_V7-h7xeOO3jMc4lvDBeRVu2FSoecSBQi1VLzlRiWGB8YNCHhqr9-L3Zop_QS9Ob5IpLWxCkNZSc7aB_VVzpQV3-HhKMhC2bLXAb1crOrWdNU7S0d4dNJ9Bk43yKncOgYLzAQmSdReNMYfHewBEe8uEJ3ZtNp5fDAyvlOSmtgbxEjTEvtaWp0xAIjlEx-ikbHW-BjEIcflxghyTBYW9xCAbbXDKY9zoGHOfjdVnVtzqG6aVXpOo6dU8fLdb1DixDHGCLdK5FOb96w0dx2iMibcfN9IgrwGnsYGNILhchQjPYRCvD5PAx5kX94bi3qq20SuMH142FXB1qQU4qiCYDg0kwE2PSgRi7XMTUCJNeCa-22nH1g4JfjNhCAfQ-BPKDWJa8_JwHrxMtZWPudMSBSYgmxQUXeQ6vOh0-RmgLF1aqXZkrLUxwl-VfJ1T4LxFPXmoZIuCiy4KPLORPYGjeVLNeJXl47noyOVB-46JM43d2zC1rKhsUsEYQYbOYxSf_6SfV3-NgmEWbdbTh2VnrjBRVicE4Oj2J7vp1t8TkJMDn-H4sVuIv0ukbXV5FEN-YD5WyoJcKBSt-1Ft8pmMVB1Z150IX6gPtw3TPkSZI7xxM2xZ9A-VjOe71Awyi3CZGHTJP-A7Z7O8dbabvX4UuZZkRlnojX79VzYe4riCXm1vsC5FJC0e9TbcwId4Fk1IeNHVxv609J8aHNIXLigEQNQzmROH8R9H6pGCp5cbOtX1KfvZN9L6bLnZ6s1f0CTThoLnohwuxHbVMQUPbjTQUYTEhPtppCfO3HtjUX7ennfvU9GOYwBMc5C5zdjKWQsZV3sCr2fhVH3sbiLbmnhLQuNdZfdYsw-h8cYlAzeWnKi7Ehwx9GXoQoblxbuXMDxleuY1eVY7dQu2OKLsj4j4c82rAO-7V4rfM4ROUGYCRFnrfb3bOJQL1YIXX1pTj5crauDiRCzfdiHY29EHtqrm-Xtj6FhmBlbc6Fd76A6IGpDiBDPcajSTW7TOnbmg3eAfZprf5oEkQN9pUNOMl8po0gNCF7lH4Jhh1ISjuo87JdIeNcp3Ejf9A7Uf9xXgAGLuseS_Sa7JmoDP0_trmhb7TsgZW7a_A8twVVezj8Fm2tgszsrX1EhUtOS_tB618xUTeOWVVMyp42hp9jymUUWxhMIsfVsIkG6w2AYkCJtmzBMdn3A-ewAStAsgK4Ltyn84EIfO5Fn_QMV5mNdirgRi_vt5YThVg-fsGYEt5JXsB9_jAoqKs9kWlhXrNbGAgWWrI6HU05yu0kbI0_7KjbDP2q2rr9hOpJtJAM7bKldoXGU_ZhO6xM74UOhgRG83v7DGRyLr65ViV4bOnPAmJL83XPjz1ShxS7YIMu9y6gJxc7uQXchUzGYhWl-Me6El3yS7BFojyLH815BzJGEn0J0LEEgk_ge8pDOBneLFU6Eh8Z4eTZ4Nez8vNNQgL3IgXlIlOMF4fLsXhcvLFMwvQ9aHEn36jwRJ4wU6_6Y5wsOWWeRVYHpw5ksDibAS-3R3DCPX6YBpfmbLm30Ke-HTLvxUKcEirgSkHQ5XZO2gdds7SADIPPfkp88VQICv9FrnOa9zNeTSaTEqr4XgwMTwMMEZZo5eiRZ71ZTwy0ZR9jdLGVFReTGalMaLwgEEikAcoEIg2n4ddoE7ahCHpMzFdQex_4wA1kVXob_3cq3eWeTnOu0dEKqoBgBYAE&cry=1&bundleId=

Requested by

Protocol

Server

108.177.15.157 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290879&bpp=2&bdt=305&idt=249&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=374892577277&frm=8&ife=1&pv=1&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.pjkovxnwj8f6&fsb=1&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25631
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
server: nginx
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUH0emwR3M5itGpWOPzhSN09mw5vplNS105p7oxS09ZNXAka1E&d=CokBAKAmf-ABQR5RyRCK4cN3JCrSOzBAIDI5EsgEk13azXRwaq7MLjpEsbFOcc2R4tNFaZrSH_SY-CVv9POoLVxl2cIxsnEfunngiPmjtXvt00qnJkJ5KQp5lMwcoHwH6i31Oj-pBWhPNDDxyj8dLetxnz-FKh8BD_S8lBxYpskyNGi2RgDcscd9FyESmRMAoCZ_4GGsQaeECuxvX0BzPRSVbVgEHuwf_nh_65BID5fR-4muedJdfaEvIqJtRBxRemet8pq7IV_EqN8OQYvfJvRpc-LSoGYi2vueWLRhaf_THM9fY5HHknNtrEHpxoMU-2J4P2qPyQ1KnKonowY3_sDGMYSXAXCGDwJhcDCLcfZLfVKaf6fYjPh-oMFpCcbOvtZ2AlXprlw15SU4PaYTfXFZarnf7szmNqeWnWyRfGGnB0WOLCm46U_KdyyzUCaGg67Gq71L_7oGjDZc3DcaRvPOGvzZ0tn7TwKaMvBKMzGEVB77rt9GIHFrwxwjHScVLr7cx4MyDYZR13PutQgakTOb0xufuFc5WcBvToL6x7D9aC5SAtGF649nB77-_dMajYawj7Skk7UE_7YjK1hd80b7Rl_gUXw7nrGP0nofYBSBIIcyk1Me7ZYbedCuUrZZkwgJi6de9ka-n2qZ-PYwUX3LMqiPZ7IHOqlEtJQC8WS7IveyKmT-wre0H2Z9ZTZgs6SruJ7WYK5XsD_UDPfbEJvaTnhgTYCaDxOwOvV5u8LRYv0QgiG_bSm9sJzi1n3qS5zHqa0vtTzYn7rGZXCvD3FzCzmYotjubDfL-sEyf3sxp1YuOey2EfWmIPEuK00CPzn4E9AaYt8lkN-pm44uRmcsTlUEwBPYUplxkvh6T3h1MyCNRZjZor25EUnK_nIDZjbFzRgAKMGLevCnTsNbf5ZjcWMnJxcdFMfhfpA8ZtssZtzCy9oi8BUJ6dIcUTFJTS8hpXPiMEDqSs6GTbWEDWU6cKk4AQXsS5cbM-eaBDXifLzHxA-OQzxIVPIEA3XFWMUfQ6V7e7LI9rtMKhtyqP6E2j8OVMVlE2c9U-uBIj9ZKpsdY6jO3PpGQm32ZQ8vwi0irnDAxrqSGoLIGwNT48LrnU92jRDQd2K6wHBFiGXMbn20NhXIDJKPKBuYFXEpU_uhTOXuWDeM4PWt1MnOfAONRvVXYa7CdS4ugAg2tbegqUSXofaKyV__jrbG-CLYN5ezW5oo3_TLcJ942HU1nwZav-Sx0HiEq1IHIrFqydnAPHbZFe2b0obbt_t_DdBk9ntQDI7_EA1M_lPy95aF1XuvU0uRso29Jai-m2UTRfcceMidyZEkOFlYKhNwiJ3_gklEk3nmfeXw_Rd6kgq3wB2uQKIfkm_PfRdpFC8ECAyzu3uIB4zWXhhtKMryXroVPGwBczevS8QFbtYtzga5PZfjbUqcpAzvyFVK7Ux5ogKw8NByZvXzZgvR7jkyv1NmbiTz7mKWm7ScmKf_NFG_piAjs-BPsJ0HHtI2i15E_76iFAIfhktNdsQfL9GbM1M7ocnoJpnX474LQ07OWf8HdwzPK24ccG8cJEDl9k-EljgDYizZ6OBDBbRmkD8luiqZwaUoUPFuhyKJJ345zyI5Q-m8l2tUDvPaUzIfm7_CsgpLtorxRPfur_R18tMCPhup1CJddZIeaNtU9fFqALDny80B-lLRbRVfBO7nBceGs5wSdowRGg8UN5RXfCaOVYW0YCvTx6_u4MEVXsBbBENluahKPz1sWKNUObstQVAkukltNQGdsSTLpSfy5YK_V7Cvyio9d3httcWZBgpw0q1JZOF1Gh_V7-h7xeOO3jMc4lvDBeRVu2FSoecSBQi1VLzlRiWGB8YNCHhqr9-L3Zop_QS9Ob5IpLWxCkNZSc7aB_VVzpQV3-HhKMhC2bLXAb1crOrWdNU7S0d4dNJ9Bk43yKncOgYLzAQmSdReNMYfHewBEe8uEJ3ZtNp5fDAyvlOSmtgbxEjTEvtaWp0xAIjlEx-ikbHW-BjEIcflxghyTBYW9xCAbbXDKY9zoGHOfjdVnVtzqG6aVXpOo6dU8fLdb1DixDHGCLdK5FOb96w0dx2iMibcfN9IgrwGnsYGNILhchQjPYRCvD5PAx5kX94bi3qq20SuMH142FXB1qQU4qiCYDg0kwE2PSgRi7XMTUCJNeCa-22nH1g4JfjNhCAfQ-BPKDWJa8_JwHrxMtZWPudMSBSYgmxQUXeQ6vOh0-RmgLF1aqXZkrLUxwl-VfJ1T4LxFPXmoZIuCiy4KPLORPYGjeVLNeJXl47noyOVB-46JM43d2zC1rKhsUsEYQYbOYxSf_6SfV3-NgmEWbdbTh2VnrjBRVicE4Oj2J7vp1t8TkJMDn-H4sVuIv0ukbXV5FEN-YD5WyoJcKBSt-1Ft8pmMVB1Z150IX6gPtw3TPkSZI7xxM2xZ9A-VjOe71Awyi3CZGHTJP-A7Z7O8dbabvX4UuZZkRlnojX79VzYe4riCXm1vsC5FJC0e9TbcwId4Fk1IeNHVxv609J8aHNIXLigEQNQzmROH8R9H6pGCp5cbOtX1KfvZN9L6bLnZ6s1f0CTThoLnohwuxHbVMQUPbjTQUYTEhPtppCfO3HtjUX7ennfvU9GOYwBMc5C5zdjKWQsZV3sCr2fhVH3sbiLbmnhLQuNdZfdYsw-h8cYlAzeWnKi7Ehwx9GXoQoblxbuXMDxleuY1eVY7dQu2OKLsj4j4c82rAO-7V4rfM4ROUGYCRFnrfb3bOJQL1YIXX1pTj5crauDiRCzfdiHY29EHtqrm-Xtj6FhmBlbc6Fd76A6IGpDiBDPcajSTW7TOnbmg3eAfZprf5oEkQN9pUNOMl8po0gNCF7lH4Jhh1ISjuo87JdIeNcp3Ejf9A7Uf9xXgAGLuseS_Sa7JmoDP0_trmhb7TsgZW7a_A8twVVezj8Fm2tgszsrX1EhUtOS_tB618xUTeOWVVMyp42hp9jymUUWxhMIsfVsIkG6w2AYkCJtmzBMdn3A-ewAStAsgK4Ltyn84EIfO5Fn_QMV5mNdirgRi_vt5YThVg-fsGYEt5JXsB9_jAoqKs9kWlhXrNbGAgWWrI6HU05yu0kbI0_7KjbDP2q2rr9hOpJtJAM7bKldoXGU_ZhO6xM74UOhgRG83v7DGRyLr65ViV4bOnPAmJL83XPjz1ShxS7YIMu9y6gJxc7uQXchUzGYhWl-Me6El3yS7BFojyLH815BzJGEn0J0LEEgk_ge8pDOBneLFU6Eh8Z4eTZ4Nez8vNNQgL3IgXlIlOMF4fLsXhcvLFMwvQ9aHEn36jwRJ4wU6_6Y5wsOWWeRVYHpw5ksDibAS-3R3DCPX6YBpfmbLm30Ke-HTLvxUKcEirgSkHQ5XZO2gdds7SADIPPfkp88VQICv9FrnOa9zNeTSaTEqr4XgwMTwMMEZZo5eiRZ71ZTwy0ZR9jdLGVFReTGalMaLwgEEikAcoEIg2n4ddoE7ahCHpMzFdQex_4wA1kVXob_3cq3eWeTnOu0dEKqoBgBYAE&cry=1&bundleId=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame AE38 91 KB
23 KB 32ms
32ms Script
application/javascript 2600:9000:223f:8400:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288290879&bpp=2&bdt=305&idt=249&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=374892577277&frm=8&ife=1&pv=1&ga_vid=893504434.1687288291&ga_sid=1687288291&ga_hid=377147997&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2104189389&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44788442%2C21065725&oid=2&pvsid=370641181149796&tmod=503052504&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.pjkovxnwj8f6&fsb=1&dtd=260
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:8400:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 23513716
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: vgVMqQ6yUy9C2Yl2PR7RfAFWlR2Rvyyh65pxv_tyML_tVOO4KsQFhw==

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame B9EC 37 KB
14 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Jun 2024 14:15:15 GMT

GET
H/1.1 200
OK dv-measurements3941.js Show response
cdn.doubleverify.com/ Frame 9C16 536 KB
102 KB 35ms
35ms Script
application/javascript 2a02:26f0:480:9::210:ee0e

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements3941.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee0e -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: a1b053b5e005612a140e8a725c0dcdc5393c15d3c4cc45164fece0f9e8f2cbd4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:32 GMT
Content-Encoding: gzip
Last-Modified: Sun, 18 Jun 2023 10:24:03 GMT
Server: UploadServer
ETag: "245897220fbd1a0dfa41e714a5e3acf6"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103853
Expires: Mon, 17 Jun 2024 10:24:23 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B1DC 17 KB
6 KB 75ms
74ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET dt
dt.adsafeprotected.com/ Frame 8FCE 0
0

GET
H2

200

skeleton.js
static.adsafeprotected.com/ Frame F89D
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1484055/72040526/skeleton.js?ias_dspID=64&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_typ...
https://static.adsafeprotected.com/skeleton.js

17 B
0

31ms
30ms

Script
application/javascript

2600:9000:223f:8400:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:223f:8400:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 03:51:51 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 13447182
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: SUuxhctQV1XRvhzyXCz7lESDxjgW-Enhsil7Yq54fBHCseALP19iFg==

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
server: nginx
x-server-name: app01.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js
static.adsafeprotected.com/ Frame 2760 91 KB
23 KB 33ms
32ms Script
application/javascript 2600:9000:223f:8400:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
URL: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:8400:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 23513716
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: F95vgWkR6A6shguzS20rFaJBjUqXxdDMpHsKNOgpQQPZmEsSZ2hAMQ==

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 4A64 0
209 B 73ms
73ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1687288292752&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 20 Jun 2023 19:11:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 60b91f99e4b0b65b3ce7bc5b
ng.virgul.com/tck/i_vb2/ Frame 4A64 0
209 B 75ms
75ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/60b91f99e4b0b65b3ce7bc5b?l=&r=153493@site_geneli@yemek_net:site_geneli&cs=1687288292752&userId=vnet1d711418-a5e4-4a41-ba17-291b1198a5fd
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 20 Jun 2023 19:11:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H/1.1 200
OK viewability
hal90006.redintelligence.net/ Frame 85F7 0
0 102ms
33ms Script
text/html 138.201.63.164

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/viewability?s=84621600121546704444550012361006&a=2cc7d291&vb=m
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=84621600121546704444550012361006&a=6c5093e3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/request_content.php?s=84621600121546704444550012361006&a=6c5093e3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 19:11:32 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 85F7 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/gif

GET dt
dt.adsafeprotected.com/ Frame 8FCE 0
0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F89D 0
0 102ms
102ms Fetch
image/gif 142.250.185.130

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstwxdJ_Ik2rhP9h6SxSUuw2iqQYehO1794O8LzWmo6VVfCQVubMSImRLEgTJBYlOAeNUWbFaSIxs6vc2S7pxk3vZ99rsVizhIsiv_EdjWlU5UbwMfcJrpskf_YN9kdDuR6tjR-4pPMeG7h7gDmx8o_ovFxfe6DJE9hAdkznx0_NjaC2K6-IBtYAjBtvSQGySTOFOKmPAzak4k2aeaiAhNQ6JfLPzb8Kb-VR6wN53av_Icau-nEi6Z6sIF38b96c9E5cUYHGjlt7yvJ7RGlX5Qnwn4Xka1py4onm3i6ksfyDuuG5uHtXlia5ZgRPoW_1ngZhFLez4Al7euiI2nnMn6O8JlZviDZr0MqkdlVjoQI2upfjLxjZniTT6X6Rke4vrUhrU7bfZ5FmVNbj7pV5F2Y_4qWnZHEg2dPolzqBiJ5LjZN-3HVIrz9dAtUU3u5nVK_u1IUyegEeo3I611MGbP0HiLnrkjLRngya8gA6Ju42Ri-njkDS_P9YUM8VBYe9wz6vI2x3lMkdgW2I5oFHg7TP0KVfZO5-RD5pRuFWfRo6E0nGGzU2N-bA_LUJbMnfSRQzUuoHuldeczgMbwogu12GFWLX58RORTt8_leEW-yDkU_1SwcITHpvp4vfS4QspD_tpc6DoLAZ5afR08RtmUThqeNEOPXYtM0PYhUxYDtdI-K6Kxmw8OODO-cgSTke8nW_0MMBllcc_PUazStaM4erHf-7Enhv-KnK8OjETeCXs665DVItiuCFT-PHLA_IbH7JyK2qzln2Y01RjU3OXaZ2eYHoQpcur4KBy_Z8rM0LEushJMZinBCDAzUP2iDt66ssJWRXxaUA5WgcOVzNZPMIRreJMs7T18RIEy5PGkD3ndCfaBGqxrC3wE17Gtg9lvK30pke9E61WC-LhFQAi25ycJD4cDGwJU6XFfImOboo7w4ua6PIBtOvHtMd_PNrXCGBwdmaB8DJtdX4n1BJIYr77RefKTUQF_GhsWD82j5QuAtH_qOMz-e9pqQ_PaEA2K_DqT2wBGzAD8Gk40oalWH-4uH9OKYIYPg5ZjIFte92C4YVUaWgA275gE0d73jnCeNGigCTP8tbHBdMckqSMZ_hEVvh8qkzoTzZ15tM5RBWlfNpkbwMYgOQ4jkgdQbhMI7N8OY4RR1nU4H3psW0H3KyM8YzHsZIiLe6uwcVkaDit7B1E1J8SdO4misbopAYArHrhB-1BMb7ASYhdQ7LCskpOh7ThxI2ErD93C3GTeCmSzSueeYM4CNxvylfY7HTdJrpdGzoaKg_nGcml_wdbSGO3__0vVYWY-GTv8Wp9AoQdpSRRxmOgrNL_Ga8oaL7IkIxAMhY&sai=AMfl-YRThiINb3TaNyC-FkSnPZfDoPaU1_U_SUiC9RbugST3GBPAH0roB13Vc_Pu1Vbz2pY4Ogvur2dXWyX19jUupqMHRdNmnHIWHsjU8Z7N74h3ZCeL3aivdAtEZaQF87jP5fNw79vsfIfNmSS-begJaLDzX54w7YeeQMg-2JQ2eeBnvBw3-9xiTxQWjkqQ212huFT0XwTQLRL2Cy9hBzcomibdaXO0Jcfk6EUOnoLWRr6KAGZ6vD6gMJCOao_MIkLEXdk9NGP-x-Oc-Mg52nq0oDEJ7uPMwW_yVT8Bn0hJLMmbEW1EisICVHmp4gOZ6czGIzQ9PovZmg5XBxx30E7-kkoC2J9Lan85y2y1tMex9w5LLdmxkpbTHuhjUZJD&sig=Cg0ArKJSzLckCGtEVd1tEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1070&vt=11&dtpt=712&dett=3&cstd=346&cisv=r20230614.83661&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET dt
dt.adsafeprotected.com/ Frame F89D 0
0

GET
H3 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 58CA 22 KB
0 58ms
58ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 19105
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CC 0
20 B 91ms
90ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6623754300&version=m202301230201&ct=77&x=1&cor=15949492164146485000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET dt
dt.adsafeprotected.com/ Frame F89D 0
0

GET
H3 200 sodar
pagead2.googlesyndication.com/getconfig/ Frame 9020 7 KB
6 KB 101ms
100ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5750
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0A5E 0
0 98ms
97ms Fetch
image/gif 142.250.185.130

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuthW_TUqhszh4CCaadBFuENL3tjRuvuTe4ypxkw7MVAA_2HdF3xxCXZAlsXk0krvMdoM425A2iuKXEm1Pyi8U8ctEARXQRQxogZ7IL63UdszFIYOJshHSoSko9mRyNwwp5BbQXouOkRjQNbNL5EsqdstdrPnCS3_VDmCF3Oq3atWmaWnHQT0W4PR5dyMy6w9-eu8DRUntmW1OrbyolB2SqbpbaAUWk_FUjs7fHTBXoLcVEDH5_VgRWCJXqrzG79Jpd2krPCVZVIqsRdTrAMTnZ6wlCobeWVb7IT8EotUGZjSue3HRri3i-Ch2Q4o1eKMkyXSRnQKcSVZqe1IGl6IVKaPPWObRXYa9joMr38fYA-bAXyQsksmjZS0R4Yj9a_524Gl6rpYne6bjUyi68lVXYkqyOZklA-dgvO7fI7hmHmoqfGbkK8MyPOGHIL19PVtyWwwHS5h-qevYWVEcBe3kxFdkNX8KDJd2sqzJIOPyg3AuLmAbSw4Q10399qIoIJBuF77ozrfqdcR5hzb9HwP3TdgLaZj03tfg1i82M3EJ3zSyvvFLqAYC93TUnyC_xnz7L2vKaz3wfan5SeyHWvLxgCztRbYD31m7omTp-R3DvjE3LwYUcoEiQVZc-1BOpe-XUxFZI-ceSobnT38jvm3pApofngtnkwg9Pp9ZZ5tgbSbeKeKouOBQ6IyUhDavJZhl513ZbX7aH86-2Z0eJxeRcDRsPDV9mfR_Xe5rqrzbDtOKtGWpwsp7FH0oIbxSM1MzU0cVxWlmTzKXZEzpslMPBfLf2-05ow3gAnHqC0hCbE2186BOGCONO2Bs3wcCpbPsJX8eefSPNxb04IA_fXrzX22pbWWmwxOypInhESx6yDoQ341z7btGtsCdXFVHUELz3buX_YS1qYIW5n1Ep4lQq1XIWezIl4KAWs3qxBYC454-MXCG5F9bsCFo8mT1k7FAObUoJfQvlbpb4oI-wCUtQeRMWcQRxZ-1uE6FtuSTKAF4DgMBnbZctRRWIW2Ycqo5APD2MJwK9YzNlfi8d6flqxPu0X6lm9Er8rQ8oOA_sVcp2fm1stPpsJz9-b6vLAGu3AULlrQJznV0TetlxzWxrvBporrRkBKDB3CY018K3BN2jXBh-RFEycBxon9YzxmJF_aTg9A-AWKFSvO3kAfWA41dumExThhtcg4n7T54YhcEQaRsy-UihZgttIONryPV_vYMh7kcABW2CrkngSCADsITY85J4ea5pz4pffPAIJLDhoJ7GcDHVpGAWMJsePyyIrG2NCaYX2KkC0lPVn7XErI_2hqOYcZyk0KJifgCz-VXHVjW51VhAwrptFe7oL2chY7bbCJhcxEfPHEkKuqOP5VEl6vtdbg&sai=AMfl-YQVgrCX5CDVYN50R17-aUd-nPjzXPJBzXxHAX1Uu4YRgaV3W7rw89vuTyWTEJbGjKdHAHBfYPg5cjQ83z-ITaWiOVahkgySqq3aUzDcgPfSWvY3A0M-j_nrhSpMLz7dCTHG79H9ToTDaYXQ6vgd-LXvncn9jp2BACzr4bVE3IK_9RxI9d0nvECc1GGhTkV3MrbLvJUwT1w4z8fY1yosXCHQzT4tSrbQSdzrPCNSZEU58bsA-Ukm6qF5JiDWdPG-7UyzRnvOk2CBTomq_53kpfu80sZkwkKOlrs21mR6xhqS0yDCffRNzsBXX22xsJeDWtSwDdK47Rn5OibYNLGKjg8QJxOxciJv0kkETXO5dDFfZe_b9QrPeWV3ELY&sig=Cg0ArKJSzEHk0V88RNEmEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=894&vt=11&dtpt=689&dett=3&cstd=186&cisv=r20230614.18958&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 19:11:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Jun 2023 19:11:32 GMT

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js
pagead2.googlesyndication.com/bg/ Frame E8BB 37 KB
0 59ms
59ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Jun 2024 14:15:15 GMT

GET visit.js
tps.doubleverify.com/ Frame 9C16 0
0

GET sodar2.js
tpc.googlesyndication.com/sodar/ Frame 9020 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1364558&asId=1c01e538-9506-d745-e2e9-c6a87559a230&tv=%7Bc:g6HfVx,pingTime:-3,time:140,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:140,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B131~0%5D,as:%5B131~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHKxISH+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172*.1364558-69645137%7C11721%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b1%7C11b21%7C11b3%7C11c1%7C11c21%7C11c3%7C11d1%7C11d2%7C11d3,idMap:1172*,rmeas:1,rend:0,renddet:IMG.us,siq:36%7D&br=c

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1364558&asId=1c01e538-9506-d745-e2e9-c6a87559a230&tv=%7Bc:g6HfVz,pingTime:-6,time:142,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:142,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B134~0%5D,as:%5B134~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHKxISH+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172*.1364558-69645137%7C11721%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b1%7C11b21%7C11b3%7C11c1%7C11c21%7C11c3%7C11d1%7C11d2%7C11d3,idMap:1172*,rmeas:1,rend:0,renddet:IMG.us,siq:36%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*%2C9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com*&br=c

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1364558&asId=1c01e538-9506-d745-e2e9-c6a87559a230&tv=%7Bc:g6HfXZ,pingTime:-2,time:292,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1379,beZ:1381,mfA:1384,cmA:1386,inA:1386,inZ:1391,prA:1391,prZ:1406,si:1415,poA:1417,poZ:1454,cmZ:1454,mfZ:1454,loA:1521,loZ:1527,ltA:1671,ltZ:1671%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:292,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B284~0%5D,as:%5B284~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHKxISH+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172*.1364558-69645137%7C11721%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b1%7C11b21%7C11b3%7C11c1%7C11c21%7C11c3%7C11d1%7C11d2%7C11d3,idMap:1172*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,siq:36,sinceFw:254,readyFired:false%7D&br=c

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=9a6e5d95-ecfc-1575-c7ea-571a7c184212&tv=%7Bc:g6HfYd,pingTime:-3,time:550,type:v,im:%7BpBlk:460%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:440%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:551,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:439,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B140~0%5D,as:%5B140~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHKxIOL+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C11721%7C11722%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b1%7C11b21%7C11b3%7C11c*.1484055-72040526%7C11c1%7C11c21%7C11c3%7C11c4%7C11d1%7C11d2%7C11d3,idMap:11c*,rmeas:1,rend:0,renddet:IMG.us,siq:441%7D&br=c

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=9a6e5d95-ecfc-1575-c7ea-571a7c184212&tv=%7Bc:g6HfYi,pingTime:-6,time:556,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:556,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:439,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B145~0%5D,as:%5B145~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHKxIOL+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C11721%7C11722%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b1%7C11b21%7C11b3%7C11c*.1484055-72040526%7C11c1%7C11c21%7C11c3%7C11c4%7C11d1%7C11d2%7C11d3,idMap:11c*,rmeas:1,rend:0,renddet:IMG.us,siq:441%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=9a6e5d95-ecfc-1575-c7ea-571a7c184212&tv=%7Bc:g6HfZg,pingTime:-2,time:615,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:462,bdZ:895,beA:998,beZ:1000,mfA:1401,cmA:1406,inA:1406,inZ:1414,prA:1415,prZ:1429,si:1439,poA:1440,bl:1459,poZ:1459,cmZ:1459,mfZ:1459,loA:1553,loZ:1557,ltA:1613,ltZ:1613,mdA:1000,mdZ:1148%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:440%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:615,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:439,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B204~0%5D,as:%5B204~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHKxIOL+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172.1364558-69645137%7C11721%7C11722%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b1%7C11b21%7C11b3%7C11c*.1484055-72040526%7C11c1%7C11c21%7C11c3%7C11c4%7C11d1%7C11d2%7C11d3,idMap:11c*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,siq:441,sinceFw:173,readyFired:true%7D&br=c

Domain: tps.doubleverify.com
URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=357&ttfrms=50&brid=3&brver=114.0.5735.133&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA4%3D%402%3C%5D3%3D%403%5D4%40C6%5DH%3A%3F5%40HD%5D%3F6ETar9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETar9EEADTbpTauTauh4eb%60b%607egcb3egg3%60_g7%6023754427_f%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=1&aUrlD=0&ssl=https:&dfs=814&ddur=295&uid=1687288293013533&jsCallback=dvCallback_1687288293013988&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.133%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=0&winw=0&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=3941&tgjsver=3941&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2F9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&fcifrms=1&brh=2&sdf=2&dvp_epl=286&noc=4&nav_pltfrm=Win32&ctx=20309721&cmp=29968277&sid=3288807&plc=367565044&crt=191643418&btreg=558488208&btadsrv=doubleclick&adsrv=1&advid=4309118&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=81004482150.91055&dvp_tukv=98435737.32096882&dvp_strhd=0.5999984741210938&dvpx_strhd=0.5999984741210938&dvp_tuid=231894478066&jurtd=2154139238

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:03:04	Name: IDE Value: AHWqTUnnBkNNagLsuY-9haaz1OREfkQTmY7kzj5mKQQTcbfPRBJYqtgGLT-OeVB9Ajo
.adnxs.com/	1970-01-20 14:51:04	Name: uuid2 Value: 4218557167164005784
.casalemedia.com/	1970-01-20 21:27:04	Name: CMID Value: ZJH54hJYL5K9sBrBhMALKwAA
.casalemedia.com/	1970-01-20 14:51:04	Name: CMPS Value: 3393
.casalemedia.com/	1970-01-20 14:51:04	Name: CMPRO Value: 3393
.mathtag.com/	1970-01-20 21:27:04	Name: uuid Value: 58246491-f9e3-4801-9479-0dd33de65782
.redintelligence.net/	1970-01-20 14:51:04	Name: 8lcfmzhxc8d6_uid Value: 4fc12094229b7137
.adnxs.com/	1970-01-20 14:51:04	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?aL5lK[!A#Fo.TOKKnyW<U1`VROYQM-:?oxT7I3SUv<<wA*GMmoE>QCX<?8m>ohh?FZ<QG=%9sk@3@'s>T=+FG'
.doubleclick.net/	1970-01-20 12:41:29	Name: test_cookie Value: CheckForPermission

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plaf=7%3A2&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687288289815&bpp=4&bdt=1242&idt=387&shv=r20230615&mjsv=m202306080101&ptt=9&saldr=aa&nras=1&correlator=4986492756705&frm=24&ife=1&pv=2&ga_vid=1142545674.1687288289&ga_sid=1687288290&ga_hid=795331515&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31074583%2C31075308%2C44788441&oid=2&pvsid=1962600687517880&tmod=881581617&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.mu2cg8x3bu8&fsb=1&dtd=404 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9c63131f6843b688b108f1abfdccaf07.safeframe.googlesyndication.com
aax.amazon-adsystem.com
adservice.google.com
ajax.googleapis.com
bid.g.doubleclick.net
c.amazon-adsystem.com
c1.imgiz.com
cdn.contentspread.net
cdn.doubleverify.com
cdn.ye-mek.net
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
feed.pghub.io
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900010.redintelligence.net
hal900029.redintelligence.net
hal90006.redintelligence.net
ib.adnxs.com
images.dmca.com
imasdk.googleapis.com
ng.virgul.com
ng2.virgul.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel.mathtag.com
portal.o2online.de
rek-n18.nktcdn.com
rek.izlesene.com
s0.2mdn.net
s7.addthis.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
static.virgul.com
sync.search.spotxchange.com
sync.teads.tv
tags.mathtag.com
tpc.googlesyndication.com
tps.doubleverify.com
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
ye-mek.net
dt.adsafeprotected.com
tpc.googlesyndication.com
tps.doubleverify.com
108.138.9.235
108.177.15.157
13.224.192.181
138.201.63.145
138.201.63.150
138.201.63.164
141.101.90.97
142.250.185.130
142.250.186.162
151.139.128.10
185.29.132.246
185.7.176.218
185.7.176.221
185.7.176.222
185.7.176.223
185.80.39.216
185.89.210.122
185.94.180.126
2.16.97.41
2.19.224.115
20.60.220.36
2600:9000:223f:8400:8:48e:53c0:93a1
2a00:1450:4001:802::2002
2a00:1450:4001:802::2008
2a00:1450:4001:806::2002
2a00:1450:4001:806::2004
2a00:1450:4001:809::2001
2a00:1450:4001:80b::200a
2a00:1450:4001:80f::2006
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:813::2002
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200e
2a02:26f0:480:9::210:ee0e
2a02:6ea0:c700::11
2a03:2880:f084:105:face:b00c:0:3
3.71.149.231
34.102.243.38
35.241.45.217
35.244.159.8
46.137.93.67
51.75.147.170
77.245.159.14
88.99.219.174
94.138.206.83
95.101.148.198
0047a816cc080715ba587a8401d5ed00e8a32c680046b4ab2c00996f1b5da810
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0372044edc0d82b76b40f9d8803b1a4275e76d02fc67ffa6e45f6f82aab7405a
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
09d46eb1397a55833670832dcac4edf7f7e1d2b170b3eb7c11557cadcfe0a784
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c11b03310697eb339a3c0f099a4c7e503ba6b526ecd8d29a6705fae8445a750
0d05027ef52d91b0c3225fe19f9eb53d7d1ea611a9a4128972bbfcb21f14d5c2
0dae36ea77e38910aca83e96b2c09986433604fb9011e2121dec6f6890c2fd9e
0fa31ceaaa2eed6d1eb9fe3e5bd078bc29dc7344de15fd59f250a30105d0e654
1033bf2da8b4781e27f77df9130e836018c10d171f29f82d9d1a53eef5086dda
10a53c815898ee13fa3584ffc789a348963965f77264875937a1e7941538c572
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
121b5c36bb482b2baa0a42a029a50881a6677e146f4f7ddc006df6938f13635b
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
16fb4f8fd6f584c7b9bccedeecffba928e28690e969bdb8c6eb9c04b336c3336
174910c319fcd71a4da71779aab75aa22b11447c13faaea91d6a585a60365a1a
1a620f0fd7ba14c02c24648452b038ebf5e597390925e62b47f04d308bd44fbb
1bb1649700c382552132ddf0dda42a9728d1d27c424cc5f589a71a446e26e8a8
1bf509fa995f35559f8d228ae444406c31b99b3b2a85bf8babd00d98b25717bf
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
223f47fb22a2d02deec9da9bef5354fac8d67ca7f488eb68b993e064efc65644
22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437
2332baaf34608971d7a57ff4012d8c26dc28baf1f7f0d8a4eeb1fd1fd50a6884
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
25a120a3830417d169351a3985042dc4bcf6e490fbbe75794190d73794836ebe
25b0fc18fa46dfcb28fdab9b486f78a11dc35790fdfc410b1af2c062410e14d9
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
30dd4d046ee0a560951014c2c3f71fb0b620af27279bd7c5ff8b4ac877214291
312ea37c961106b2df0601ca18d37f89c74ec7b28932d79c012c0864169a11ed
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32d37dc08a96f43b50c2565b035deff5d7b668a070b56078a6b41c0cc833537f
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
36794ae84504e6bfa050dde2ec9efda663e1c8a09253ad4fdb57dfe398a1e249
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
3bcf526a9c1083ace4eb9eab74713cd5b003e3edc160f2dc907849172aa0f0f2
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48252907a0128297811c54be091663ea43ca07fd38b435a6e845838fb4fcc825
49a520539be80edb22430fb4b7def87b0478556fd3a2bada6ddf065d0eb69f8f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
516576bcf1d031daaf02a553c7ee5edd0ada9a363334830663f2473835311808
543d48d1e079fcd974d371768fe777a8c842d99d2be67d10d2f0e946f4198ebe
56e55a3b7d47ab725a63e43f7eb44b7f7b25ca06822f3bfca57c4a3b13b4599c
570b73ee2a2aaba8d2e205a8fe0996caef6f0f92ffbf2b9ad38490b8047137c7
57f96ff91dff1a07222bbfb2a19e18cce8099b2c5c85e871bf8501c20d61959c
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5aa2370fd272d30acd5cb39f9b191a243d55a2adab6f0d7ff1950c39f028d331
5b70d8eb19ca32d244e29e759e816c343be893232978532c9d5943f838e60e0b
5e50b92c915b26a12f0d3c62bea2867d9cbaadf84442629f6784632e2f8f7880
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63241fdf4c09cf9791e64013dd9b008cf1ad90c9a7d6c077861460eaf818771d
680026f318b1fd16bc8e7b24ba4e32073bc98978f5bd67f19c1b30019a6decf0
690fca14cfec3446c6987b26b03ce4308c280b6c62435486b73be10fe4e1b511
6b91c314a391f29f536508c1d0fe320e16a71c187c49a6e56b70f5d5f46baeef
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6e517f1f2da440c36103d61ae698974db84ded6b3ac8635a8c24d8ac8652c10d
704a70e745cff94e4cc43046e5918dceace2f1234b2e0b4b8f4df872f9e574f0
732fa3b5db8decf740c74d874c095c60f86b606927bececfbcbed9eeb04607eb
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
751fb681f54d257d1e40ec453a64608224a9862491da12791310bdeb0c1d8a2a
78c0c2a61e6ac3635a969f3ca763bd5bb824df6388101a3647b2c219e25d714a
799fa2d9a7dbabd396de4251e3dc003031c9bab5a3ac35514055e9284da2c73d
79b38a235f327e607a6f59ab735cd78b4105a2e4164e2dd3f2c0415331e2d301
7a0c0cb2194c7b78b65c738caf751472f8db16ce670ba68b10cec3a15a89afba
7b6e64fb4f7dc6e06c31450af7033ee08398836e5ed52b08d17443850d979912
7c67dc1e9ecce0d3757d97792fd606effaa6fe799ebe7423aff81e26e07900a1
7fb9f92176f339906a366ebee543c4f300e16fbb20063e7e23fb7effbdc16ae4
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
856ed99804bf5b83c5c70314917f7b561f06bfb50cc10ed5430a8fca2c40f246
89529d02905772e8146d7e1ff9addc92072c23e60bb3dc84b8d61c4e898e93d6
89ed4e12076b5eded37d4463f6fffca0b3f23f5bf60a3981859a8edb28e269b7
8aa79a5d6fdffd63c26f013cd8f1bcb12ed624ef714702b5850cc30b673e6a37
8c47b44c2eb52f803ff7faa3cc7043d75a2814f83cf9c1dd66a1c669184e68f8
8f90a860475d599e6557da3e2bb2b5457fd61904ef200f5b42743ddbcb88b6ac
8fb600b02fc75812932069a9f79b2132dffbca1cd735dd8f8613d0f2850046d2
935047a1d73e19fc544d4b60ef6332708fc62549be853f0ef54a8072d7a50397
9474117b134ad31332a715c7e37d1dc02de17c20d8cc6ebc473fdc2eda01e2b0
950f3de19f40a0f96c28d413a8f22e4f75451582b679450053570e497da7053b
99abc3b4c55610c13d41b043baf7d2b14e53c7f0d4866453e85cca5cbf5f288b
9caa075c2e4aa7e1cc9ea4031a8a4b9c1811512422be8851cd9b7e8814756ab0
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9ceeba566bbaa52fe84c356900a5eace57adf5179b1fc8b40c91e30f24939338
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1b053b5e005612a140e8a725c0dcdc5393c15d3c4cc45164fece0f9e8f2cbd4
a2da4a836d0abf4067b8f13811a16d4a7edddb52ddc1f90ff60bfddfbcc683d7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a773a7c063a19dbc2ba90c03cef5b584130aacf919bb40da7e890d19913daa68
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a8f7c822ad63a849206f187b5b4d812340f1b9a6b276d4b65d5510d7eea52657
a9baef98a9f2b4098a8e9e4c62b30f1d89054be3b7dbca5058a7f13fe95a1887
aaf614a2ad3a6d53389a42bcfb1ce28f1bc91f8a25f74154e3a0160423817ffb
ab4e508196dcd381bf58b00d34232b2cc43f46c8ce6f43eea31b6d1f6b400983
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
b0a9edd9406b9e846d2613b16def49dca3d2307816622cb274acc4d0d2314245
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2ecd92de7982ef4ffd3778b02d62aaef7341b3c9ac5f4e53e749a9bde702119
b5bfdb5e4886a5d739b60e2a8938706714242d4e9a68cb77281630a3e518faad
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
bcd5fa5d7dbca071d56d8dbd96ea4b73018dabd55ba191b2cd111719765f384c
be385a4535d5710444d7312df3b981205061d3a9d48e3fdde6faa61e6e214045
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c112c1f7de730b83ca79b9f326eea8637479d4da6bf0a0328a58bf12a648eee5
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c2c1db7d95cd76072cb0d0b651204504779df80340c69eff85da7db62f174a1f
c6c0db6781da4d7fba1db1a682bb7e9dd659cf6dd9522e8eadc1246c007f5751
c8c97c35f12db805f2fa944ec2b244da0bed07006f30d3e76560e784ad2b3fc6
c9684502778d8b5ddaf9e9eede35ce35dc22267b60dd5f36c044858cf33bce52
ca5c3fb19daf70bf5b201ab41fd5739384d818ca3c935e2566990d9d09d08210
cb089c5a7618a9477353359ea6e6417666f0cc0b8238e95196b19e3dab57403a
cceaefa11d508877297b9b93f70539f977ad02aaeb66130920493e11d670fa1b
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d3b45b06882fe1aa9b47a8d88df978f19ce55a249840cc1b44eed3974a0fcd6a
d5a74bd20eb2f78f5a088be7f2c5afe1b623a98f6bf5cbe2537e5c187d393afc
d5d93be20aa741e93b93dfc5eab4197a17d4d2b96424c1a786a31dbb354cc2d8
d721f1819959bcb4cc8b418e32a69c729add4639335ca673c3b6ce5b8739bfcd
d966ecd46380ed5fdc36aadcd4b5a4bbd65ba852833ce5e834a4e37380ac9535
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
da492ce0022167296e5134b72415b02d352caceaf01a5bfbf50bd95389351263
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
ddca793a0c3e61d5b777f2de473dc7625c26665dd45bed5348dab90003638b8f
e12a5d3b5407eb454726b1eea9f3eeb66e1cf802be956ce0656e0f52fcdefe9b
e200e1462094eecba53812ae0d8063ebaf38162d7cde36194b196df1da860ab2
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e83e8632256c5072bcc9d126fd31fc4e8bfa323231f1d212e745dab97d90895c
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
e9673ca3b0535583388ed1d9ef9155833cc4fea22742618a10718d4b38a633aa
e9ade4f3a42218ad913097d090fa7bafc5e71ee52aeb0446d7a096102c93a0b4
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ec613680df874f20288643a4257c75fa8f1321ad59bc3f7907165315ae273952
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6ef605112a4b884fe31244e615f9de178415bed7b39e359dbfd89d1ead1656
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f760b404bc46983af14d8236e2584b9d53c0c64b0806cd14244300cd4d1796de
fd9c564f74ab84b3ce42cea0e3293696eb8d75ce32e562beb2b9c8f50cda095e
fe91b565adb8b2f02df4d8556a5b09317cf4ecbc92bb3085e9b7d8d45bdd0f5c

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

307 Requests

89 %HTTPS

35 %IPv6

32 Domains

52 Subdomains

47 IPs

5 Countries

4315 kBTransfer

13938 kBSize

9 Cookies

0 Outgoing links

Redirected requests

307 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

307
Requests

89 %
HTTPS

35 %
IPv6

32
Domains

52
Subdomains

47
IPs

5
Countries

4315 kB
Transfer

13938 kB
Size

9
Cookies

307 HTTP transactions
7 data transactions