pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Submission: On July 04 via api (July 4th 2023, 1:34:33 am UTC) from TR — Scanned from DE

Summary HTTP 478 Redirects Behaviour Indicators

Summary

This website contacted 57 IPs in 10 countries across 53 domains to perform 478 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::18	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	23.206.208.114 23.206.208.114	16625 (AKAMAI-AS) (AKAMAI-AS)
19	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
21	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
87	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	108.138.1.25 108.138.1.25	16509 (AMAZON-02) (AMAZON-02)
31	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	108.138.9.235 108.138.9.235	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
49	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
24	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 13	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
4	2a02:fa8:8806... 2a02:fa8:8806:20::2010	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
9 42	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2 2	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
2 2	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
4	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 4	2.18.161.51 2.18.161.51	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2 3	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
2	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:61b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2404:6800:400... 2404:6800:4009:832::2003	() ()
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
42	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	185.86.138.154 185.86.138.154	201081 (SMARTADSE...) (SMARTADSERVER)
2 4	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	2a05:d018:d29... 2a05:d018:d29:3601:40e6:3444:17d5:43eb	16509 (AMAZON-02) (AMAZON-02)
2 3	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
2 2	216.52.2.6 216.52.2.6	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	2600:9000:205... 2600:9000:2057:5800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
8	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02)
4 4	52.28.152.8 52.28.152.8	16509 (AMAZON-02) (AMAZON-02)
2 2	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	63.33.106.238 63.33.106.238	16509 (AMAZON-02) (AMAZON-02)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
2	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	213.155.156.185 213.155.156.185	1299 (TWELVE99 ...) (TWELVE99 Arelion)
4	141.101.90.97 141.101.90.97	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.41.28.186 13.41.28.186	() ()
2	104.102.45.165 104.102.45.165	() ()
1	18.66.147.98 18.66.147.98	() ()
2	13.40.20.169 13.40.20.169	() ()
478	57

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::18 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.208.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-114.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

87 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.1.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.9.235 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-9-235.fra56.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:fa8:8806:20::2010 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.245 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 142.250.184.194 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.91.62.186 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.0.66 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.173.215 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.161.51 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-161-51.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.94.180.126 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:61b (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2404:6800:4009:832::2003 (None, )

ASN- ()

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.154 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:18ad (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.118 (Bad Durrheim, Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3601:40e6:3444:17d5:43eb (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.251 (London, United Kingdom) 2 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.6 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:5800:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f98.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.28.152.8 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-152-8.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.33.106.238 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-106-238.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.185 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 141.101.90.97 (United States)

ASN13335 (CLOUDFLARENET, US)

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.41.28.186 (None, )

ASN- ()

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.45.165 (None, )

ASN- ()

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.98 (None, )

ASN- ()

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.40.20.169 (None, )

ASN- ()

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
144	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	1 MB
93	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 346	462 KB
43	ye-mek.net ye-mek.net cdn.ye-mek.net	619 KB
42	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 325	1 MB
24	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 30069 ad4m.at — Cisco Umbrella Rank: 9754 assets.ad4m.at — Cisco Umbrella Rank: 41291	1 MB
19	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com — Cisco Umbrella Rank: 74231	231 KB
18	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	3 KB
10	gstatic.com fonts.gstatic.com csi.gstatic.com	99 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 391	218 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	504 KB
7	criteo.com dis.criteo.com — Cisco Umbrella Rank: 608 ads.eu.criteo.com — Cisco Umbrella Rank: 7742 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 9055	9 KB
7	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com — Cisco Umbrella Rank: 88	288 KB
4	o2online.de portal.o2online.de — Cisco Umbrella Rank: 61931	2 KB
4	w55c.net 4 redirects pm.w55c.net — Cisco Umbrella Rank: 1044	3 KB
4	tribalfusion.com 2 redirects a.tribalfusion.com — Cisco Umbrella Rank: 893 s.tribalfusion.com — Cisco Umbrella Rank: 1946	2 KB
4	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 338 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 481	2 KB
4	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1425	774 B
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	3 KB
4	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3235	413 B
4	ad4mat.net prod-rtb.ad4mat.net — Cisco Umbrella Rank: 148578 static-de.ad4mat.net — Cisco Umbrella Rank: 192748	7 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	webgains.io analytics.webgains.io api.webgains.io	31 KB
3	webgains.com track.webgains.com	50 KB
3	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 857	828 B
3	criteo.net static.criteo.net — Cisco Umbrella Rank: 568 csm.eu.criteo.net — Cisco Umbrella Rank: 7838	2 MB
3	spotxchange.com 2 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 794	2 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 257	3 KB
3	travelaudience.com 3 redirects ads.travelaudience.com — Cisco Umbrella Rank: 8041	927 B
2	awin1.com www.awin1.com	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5037	652 B
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 422	963 B
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2409	817 B
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 812	1 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 782	1 KB
2	adition.com 2 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1777	1 KB
2	ctnsnet.com 2 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44074	1014 B
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 383	529 B
2	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 623	326 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 496	418 B
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 981	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 796	822 B
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 577	1 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	cloakan.co www.cloakan.co	1 KB
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 862	464 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 822	435 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2276	173 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	362 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	82 KB
478	53

	Domain	Requested by
87	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com googleads.g.doubleclick.net ye-mek.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com securepubads.g.doubleclick.net
49	tpc.googlesyndication.com	a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com googleads.g.doubleclick.net ye-mek.net securepubads.g.doubleclick.net cdn.ampproject.org pcloak.blob.core.windows.net tpc.googlesyndication.com pagead2.googlesyndication.com s0.2mdn.net
42	s0.2mdn.net	pcloak.blob.core.windows.net s0.2mdn.net ye-mek.net
42	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net ye-mek.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
22	googleads.g.doubleclick.net	pagead2.googlesyndication.com pcloak.blob.core.windows.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com ye-mek.net googleads.g.doubleclick.net
21	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com www.googletagservices.com ye-mek.net
13	www.google.com	2 redirects googleads.g.doubleclick.net ye-mek.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com tpc.googlesyndication.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
9	www.googletagservices.com	a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com googleads.g.doubleclick.net
9	ng.virgul.com	static.virgul.com ye-mek.net
8	assets.ad4m.at	as.ad4m.at
8	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
8	ad4m.at	as.ad4m.at ad4m.at
8	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
8	a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	csi.gstatic.com	imasdk.googleapis.com
5	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
4	portal.o2online.de	ye-mek.net
4	pm.w55c.net	4 redirects
4	fonts.gstatic.com	fonts.googleapis.com
4	sync.teads.tv	1 redirects googleads.g.doubleclick.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	dis.criteo.com	googleads.g.doubleclick.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
4	dclk-match.dotomi.com	googleads.g.doubleclick.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	track.webgains.com	as.ad4m.at
3	ng2.virgul.com	ye-mek.net
3	onetag-sys.com	2 redirects a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
3	sync.search.spotxchange.com	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	ads.travelaudience.com	3 redirects
3	fonts.googleapis.com	securepubads.g.doubleclick.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
3	imasdk.googleapis.com	c1.imgiz.com a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	api.webgains.io	analytics.webgains.io
2	www.awin1.com	as.ad4m.at
2	d5p.de17a.com	2 redirects
2	cat.nl3.eu.criteo.com	ye-mek.net
2	eb2.3lift.com	2 redirects
2	match.360yield.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	ap.lijit.com	2 redirects
2	pr-bh.ybp.yahoo.com	2 redirects
2	dsp.adfarm1.adition.com	2 redirects
2	gcm.ctnsnet.com	2 redirects
2	match.adsrvr.org	googleads.g.doubleclick.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
2	s.tribalfusion.com	ye-mek.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
2	a.tribalfusion.com	2 redirects
2	rtb-csync.smartadserver.com	googleads.g.doubleclick.net
2	static.criteo.net	a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
2	static-de.ad4mat.net	as.ad4m.at
2	ups.analytics.yahoo.com	googleads.g.doubleclick.net a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
2	us-u.openx.net	googleads.g.doubleclick.net
2	um.simpli.fi	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	sync.mathtag.com	2 redirects
2	prod-rtb.ad4mat.net	pcloak.blob.core.windows.net googleads.g.doubleclick.net
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	analytics.webgains.io	track.webgains.com
1	csm.eu.criteo.net	ye-mek.net
1	cms.quantserve.com	a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
1	s.ad.smaato.net	1 redirects
1	ads.eu.criteo.com	imasdk.googleapis.com
1	tr.blismedia.com	googleads.g.doubleclick.net
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
478	76

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-07-03` - `2023-10-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-12` - `2023-07-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-06-04` - `2023-09-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-13` - `2023-08-10`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-18` - `2023-08-18`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-07` - `2023-08-30`	3 months	crt.sh
portal.o2online.de E1	`2023-05-25` - `2023-08-23`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh

This page contains 59 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Frame ID: 12A6DE7F9CFEA4B0E035D38D2D639B5F
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 687D15C4E6FACA270BA1CA393AE47082
Requests: 94 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: FEB84DF5F1019E5EFCB8DA420ABE59A0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html
Frame ID: 45729344529DC57866B01C840E958355
Requests: 1 HTTP requests in this frame

Frame: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 43051A262BAAE7A12839AA9C675C7030
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469152&bpp=4&bdt=601&idt=154&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=1019039689748&frm=24&ife=1&pv=2&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759842%2C31075623%2C31075757%2C44788441&oid=2&pvsid=3190572881593442&tmod=1742401616&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.okum14cd53g7&fsb=1&dtd=167
Frame ID: 19B118680F1A079889E5B7B00A46A0ED
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: DF1659DBE44477E6C4C7ED9328147CCC
Requests: 1 HTTP requests in this frame

Frame: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 56EB5FE0AC009EF7E7AF701728C4ED72
Requests: 13 HTTP requests in this frame

Frame: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 081D7614A6778EB9C574F9D4A7AF9CA3
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469665&bpp=7&bdt=130&idt=100&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=6952096147840&frm=8&ife=1&pv=2&ga_vid=1967166655.1688434470&ga_sid=1688434470&ga_hid=763540579&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1591888921&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31075643%2C44788441&oid=2&pvsid=1771576481624570&tmod=2143859329&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.ax4ukjm9ptw7&fsb=1&dtd=114
Frame ID: 898274EFE4BF2B8875555F479C135B52
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469673&bpp=2&bdt=139&idt=111&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6952096147840&frm=8&ife=1&pv=1&ga_vid=1967166655.1688434470&ga_sid=1688434470&ga_hid=763540579&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1591888921&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31075643%2C44788441&oid=2&pvsid=1771576481624570&tmod=2143859329&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.hewjabwrvl9w&fsb=1&dtd=114
Frame ID: 752826E646E038438A87847046CEAD5F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407280060&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469755&bpp=2&bdt=209&idt=75&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&nras=1&correlator=4316939624482&frm=8&ife=1&pv=2&ga_vid=1622227721.1688434470&ga_sid=1688434470&ga_hid=995122130&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1330051604&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075720%2C44788442%2C21065724&oid=2&pvsid=1047029687176492&tmod=857679626&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.mhj3ponx5y2g&fsb=1&dtd=88
Frame ID: 839016860DCFAA61B59FABEE2080C81F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469757&bpp=1&bdt=211&idt=91&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4316939624482&frm=8&ife=1&pv=1&ga_vid=1622227721.1688434470&ga_sid=1688434470&ga_hid=995122130&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1330051604&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075720%2C44788442%2C21065724&oid=2&pvsid=1047029687176492&tmod=857679626&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.404gpo8jyt3q&fsb=1&dtd=94
Frame ID: 3E4AA1A47820D596A85C245F6F5C3C9D
Requests: 19 HTTP requests in this frame

Frame: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: ED9B5BEEB813800B9AAC19C6DDE72A5F
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407281013&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469975&bpp=2&bdt=77&idt=70&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=7063830586675&frm=8&ife=1&pv=2&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.kz6ptqq7btoi&fsb=1&dtd=82
Frame ID: A5DA3E52E621914490C5E4650767FFFF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=4198791702&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469977&bpp=1&bdt=79&idt=86&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7063830586675&frm=8&ife=1&pv=1&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.p9fsirxhsypb&fsb=1&dtd=104
Frame ID: 18A4639FC55887CEFD7697840A492E30
Requests: 9 HTTP requests in this frame

Frame: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5641A316E3500F3E2167E438F73BFE95
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CjGfHJXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTTAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCI2F-RXV20T7a-ARRukSp4bVPl4qxuA15j1Ll0QgsjyhgLBf6h7Q2ABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNjU5MzUyMzIxMDAxMDE1NBgA&sigh=OGAHoY306WQ&uach_m=[UACH]&cid=CAQSKQBygQiDrviBqJh_XSFonXt75kpZp94w80KbUG6Dr9KYnVFrVywfud8jGAE
Frame ID: 9A94E5B8BCD22EF91E2B2F153F5D501A
Requests: 8 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1gxp9bvx45prbx5xcv28rrhgj9jmnte2j733q5gh7t3zyr2kzn0p1yzs3kfqpxgshnsq0gv36jr6cwfdg6tyx03ngz809b7fbf5733z5qtd1zbcqbzmpmkggrktsxy6c8krfwd5f8bqw0r74qr38s8r068j48xpv32ke8ve79r5t5sxb69abnrc8hwzbxy0mvegedeb57z8d2nkdmp2q3aw34ga91hymgz0kmn2vtr7r1rrnnfmgddzrxnt57de1xgz23a6ktpe2xd0cbqvp6n409anr2vqtykghyrz5bvcf2rxes0pz2avtg3fajyy9yzw44f5y828k140wn1crccf6bw79d4t9qj9pkg8nfk82ndqk088m78scb17yqabz04v9h3fnyykws2vk5gskprgccznwaabsxtzd7e0hepv409483847ccpxnhdp0k9zndyk0rk350&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: B34986FF6CD7FA37312DD6F742CD8368
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8E701862183E279FE7BF2E47644CB2ED
Requests: 9 HTTP requests in this frame

Frame: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 38595F0337D8EC1026643338DA53DEF6
Requests: 20 HTTP requests in this frame

Frame: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: E9D3F0FBCD9324502AAB356EAFB3230B
Requests: 20 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022306200257000/amp4ads-v0.mjs
Frame ID: F05041EDD943CB50D8F0CA740F24268A
Requests: 15 HTTP requests in this frame

Frame: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 78ED6B93154D8A524E8E1F7E80584EFE
Requests: 20 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022306200257000/amp4ads-v0.mjs
Frame ID: 4F87C586BDC1DC58F0895F7BA61F7D28
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNViawO1M0zSDcq4-NKvWgI9OMvJ6Fmf0FygNp5pEN7UlJrUNpml4FiBntEJK_KLCojsucqXWRnSz7csxRIvAqO1biz4YYRjqhCcWVIlODnHf09isBT2sz4MK8oNIJkyaP3bJQM1iS28S5LdiOxxMcxzNaZGuk6XJVb07icofutKi8KWHbI
Frame ID: 70FF3933A681A62FEC59849CBC8C2D8C
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNUiQPyqOTWSbu0HyQh_H0LKFFC3j3FWDlcWrJgyjhEOXVXnuuK8gQkzvCmCeR5Bhgkn6c7crZa_RybcKjoM7P1dc6nLVN0F493Y0NsgiykVvIrIrRjQznC9-iD4eV4NYxYXRJYnBO2lHe6qhWnk4lvCMThIje8xWGH3YoWzHRfHC3_8Y5o
Frame ID: 46155DC0EF83931F00FA926764DF2D00
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNUEoiRsoXTutyADv4owyItYM5xUAlMwV09IKo4m0x8vA7R1DV9BzLaAC7DQRdkHD7YSMkwx02I0rNByP-PXIvxzOAZXrTniNOylqt5K9CpDigY3-sqIpiCMRznpVSesI_lp5sf3xG1Uqt24jybwfFGXRJyQExFog9HbzLZMD57exqj7ye4
Frame ID: B7B3A9D7AE7014703459892BB542868D
Requests: 4 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1gw06pqymg36p5t8p3eer7dvqkvh116nza3sxgva84mva4rjfawq3rxhsq0t09jpx9s4m2kxney5tq7281k76r7rx9nvvz68kpj61hpn9256k6bjsw8ktcxekdba4stz2v9tjjsjc1pxg35w60nqe8frcn6e5449td01cy9arekck9n04vw59vfeps9b5fdfkh62p77vscn7183k41cxdswwzzkzde4dxjtpjha71kzbspvcjztd6h18fdg53zfk8kxty3dykjmmnzyhk19817tr629ty5mhmhd90ewgrqv5fpq175vhr46bpjkb4xbzw35g0kaxryz9m6kr48hgsgzw2b79k17tjfmbqg6f3gnygsff5h13jdjnt4y8dbh4f9hv6vrj4ben3sgezndb222g8cm99ghcb0wmb32r3t812f6jgsve748rjkafn0b64914kceh7n00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: B03ADBE2843BBF25904A56F063C77F9C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C59E022536FCDDF19A62E8530F2DF04C
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjfobXcATAB&v=APEucNUI2Q19-70DGJYbM76L_S2Z34VcG_lgZMcdWY8-5mqRI9V6Y0jr7JEwsTb_FXmu4Xk9NWctSguzFkNPiWmY4yVU6B8prBelpA8zf4M5g-_XGwIJjjndF9SGhuDULqXwUNGbO79RYMqiOELAQIXwr4xIjZTXiDHjAEEZN_ZGsh47okvXAP4
Frame ID: 65FFE3755EE2EEC043603EC02322163E
Requests: 3 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 5782AB48FF08AA8E71AF3A78D439631D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4B690F35C6E42D05B7277C86290F0465
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 931518A4D134246D0E3476051D48E3DB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2ECCF0E67C08F388ED6D3545BC86DCF6
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
Frame ID: 7283B4D4371431D7757DE8AC2F87A517
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
Frame ID: 89E38C161A5A9D2A10E6A2B5979F5236
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7531959E45BE06B865D12B59C9D38E99
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250
Frame ID: F2D6D6F33B776E75B36998657B83BCA5
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3D7563689360DD485FAB762BAD5D5F2E
Requests: 3 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 55708790341A652CB35E00BF429ED6B8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 77D6541CA92BE33DC327B63CD6D4D4D5
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 32CF5676F54B2D2B8FD399455E3EA749
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3FFCE41EAC5D88FEDB82E24423F52777
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5DB862B5F5667A35C472F7E6F65CC3FB
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
Frame ID: EBE28D88EA1265722A01129874132D03
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3471A09742BFFC1B08D2EAE2C876C363
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F9BB46A6965C57098C3924E1EDC29FF1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E3E84596856ABD8BD13931873D6881BA
Requests: 2 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=197862&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW&c=320&d=50&e=&g=8762eb1712a26ee3b9694bc8f2f9f0bc%2F14432925441392775156&i=71725&j=21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471188&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: E7D582275E99B6B2892BDA64AA3D7DC9
Requests: 5 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: 4F87A6CAEB3E16D6C2245809117AF56E
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js
Frame ID: 7B0491CE72A5A9FEB076447E2D9C9202
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js
Frame ID: DD096D131F23B28208CD90450BA69F52
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js
Frame ID: C78358B031C0685CDBC3DAEDE1637D2C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 59AE38555E8890CABFE3BEE558E53805
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4C41A396B133C26A811663FA5CFAD617
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js
Frame ID: 0BAFA8AF95D59DDFFC947BB4E2359DCE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A1140CC1D1B14DA02BC5C016C62A327C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 32D0EF0DD177D9B7484DA7D88900DAD1
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

478
Requests

92 %
HTTPS

40 %
IPv6

53
Domains

76
Subdomains

57
IPs

10
Countries

9241 kB
Transfer

17474 kB
Size

31
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 181

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEBTe4Kjw0RdQLTa28GjaJVQ&google_cver=1&google_push=AaAOQGESqxSqtcrI0Gw2HWfZJwLlqtfT2iZPBdCO4aMa3PIKITekSOlZUE4T_rnYu39p1dCe9gC7jUwt9DhSHlJvpkYEyPwC7jUV4g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGESqxSqtcrI0Gw2HWfZJwLlqtfT2iZPBdCO4aMa3PIKITekSOlZUE4T_rnYu39p1dCe9gC7jUwt9DhSHlJvpkYEyPwC7jUV4g

Request Chain 182

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_cver=1&google_push=AaAOQGFn-Iki_QAy4ayUw9wHZZexqLqNa41du53j0oP2nspHKKGDMgwhnNSYNG12UV99ZJdZYQzfHUHxHEKzutjCXPir7lrRf0HaG0c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_push=AaAOQGFn-Iki_QAy4ayUw9wHZZexqLqNa41du53j0oP2nspHKKGDMgwhnNSYNG12UV99ZJdZYQzfHUHxHEKzutjCXPir7lrRf0HaG0c

Request Chain 183

https://um.simpli.fi/gp_match?google_gid=CAESEGXq-h0rS_6EFVZnW7bvBVM&google_cver=1&google_push=AaAOQGG230A_kJR4YRHYPY6rHWmlNAO9V26ckJUp6lx8-XJe_5pRaNIAID6sQla4qGInsZQwr4YI59LrmRd9nP4UhVS3hlJ1LlnqUfg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1987F99561AD4CC99396BE570392C16D&google_push=AaAOQGG230A_kJR4YRHYPY6rHWmlNAO9V26ckJUp6lx8-XJe_5pRaNIAID6sQla4qGInsZQwr4YI59LrmRd9nP4UhVS3hlJ1LlnqUfg

Request Chain 185

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHefh5OzxGZGGDM-F4hxMko&google_cver=1&google_push=AaAOQGHC_InihgvCaEIke92U7Oq0h54Yt3UR1AuM1488OJ6Z95bsWR2O2XiHvV9sz7QEkU2nT2_-2HuXqSEuILnETEMwurHVnkwZQg HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGHC_InihgvCaEIke92U7Oq0h54Yt3UR1AuM1488OJ6Z95bsWR2O2XiHvV9sz7QEkU2nT2_-2HuXqSEuILnETEMwurHVnkwZQg

Request Chain 197

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlsXZV7QFtlm5dlEV-dG70&google_cver=1

Request Chain 198

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKN3JtHzhkwBhM-FvgQQkgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlsXZV7QFtlm5dlEV-dG70&google_cver=1

Request Chain 199

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBMj8BarI8a_fvdCzll4AEU&google_cver=1

Request Chain 200

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM5NTQzMzU3Nzg5NTgzNzg4OQ%3D%3D

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG9sb54_uR02nCI5ah-7ex8&google_cver=1

Request Chain 203

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEFKsPv0AvbdSTa2b1WqLMXQ&google_cver=1

Request Chain 210

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELOm_BQprrHd55DWOrkf7jg&google_cver=1

Request Chain 211

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=ebdd08c6-1a0a-11ee-8127-1e3504c40306 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZWJkZDA4N2QtMWEwYS0xMWVlLTgxMjctMWUzNTA0YzQwMzA2

Request Chain 234

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 238

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 265

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEFzfgGPA2T_r9KtUvRsONM8&google_cver=1

Request Chain 280

https://a.tribalfusion.com/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTpBG6xC&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTpBG6xC%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTpBG6xC&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTpBG6xC%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 282

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEBtAXpRBjqLQhYAAiovXrvk&google_cver=1&google_push=AaAOQGEivHhITX6owDxF08CcdEBum68O8X2I-dau5Ocl6FkCqn9aIXqQXF_hwwlrkxYF3l2TOvdjdgu_X8ZpS_yQz5PUS4oejDCv40kd HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEivHhITX6owDxF08CcdEBum68O8X2I-dau5Ocl6FkCqn9aIXqQXF_hwwlrkxYF3l2TOvdjdgu_X8ZpS_yQz5PUS4oejDCv40kd&google_hm=22LdjmPtT82-8o5tSwshQoI

Request Chain 283

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEL01whmwbo6wjmtNECfSalU&google_cver=1&google_push=AaAOQGGmOtQ0azta8oJb9Nv5YKWbA6W6bDIc46hXqFyXjcl1jQ1LV7KU-a8JQxEiK-tTWabVbMqWduMXxuEPh2xksDyg9bWzo3IDmaTG HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MTc3MDgzMDEwMjM5NTAzMg%3D%3D&google_push=AaAOQGGmOtQ0azta8oJb9Nv5YKWbA6W6bDIc46hXqFyXjcl1jQ1LV7KU-a8JQxEiK-tTWabVbMqWduMXxuEPh2xksDyg9bWzo3IDmaTG

Request Chain 284

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGXneEvJbi4vRmR_HjIjr7M&google_cver=1&google_push=AaAOQGHjUI53LCg5VW0gKWs8sxb1lIVBehUOqaU4HTXj3klXtT4aBF-n0sgiFT_4oI5lC_7XkaZEG46iZUMb9GgltxKOf8gU6IZ_DmAX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGHjUI53LCg5VW0gKWs8sxb1lIVBehUOqaU4HTXj3klXtT4aBF-n0sgiFT_4oI5lC_7XkaZEG46iZUMb9GgltxKOf8gU6IZ_DmAX&google_hm=eS1pNzFGVFd0RTJwR3laVVRDaWRpaTBKY3NHMjhOd18uen5B

Request Chain 285

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEGlPyBuoOn6qtltMGrpcTag&google_cver=1&google_push=AaAOQGEuI7pvMvUjgumuGJ2w8RQJy0jdDhyUPdhvCNSkd4mMlGDpolgHGsvsDiJ5VIqMt66UcArXUZrJEu098xrEL9u5xnU2Jfy4S6IL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEuI7pvMvUjgumuGJ2w8RQJy0jdDhyUPdhvCNSkd4mMlGDpolgHGsvsDiJ5VIqMt66UcArXUZrJEu098xrEL9u5xnU2Jfy4S6IL

Request Chain 295

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_cver=1&google_push=AaAOQGEczEaii-Yj-VeWQJCBnyXg_kYzZiYQo8hTDYDnH-oI1TT_-3bE0Kpw6R2kymLv7VV82PK_Q2yjW6MKmTgTMxGhLIWII9U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WktOM0pnQVdkWU54bFFCUw==&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_cver=1&google_push=AaAOQGEczEaii-Yj-VeWQJCBnyXg_kYzZiYQo8hTDYDnH-oI1TT_-3bE0Kpw6R2kymLv7VV82PK_Q2yjW6MKmTgTMxGhLIWII9U

Request Chain 296

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEBtAXpRBjqLQhYAAiovXrvk&google_cver=1&google_push=AaAOQGFWMNhVy8s1O8PD4y8Yy4je27e6ixNRGFiZMYxRW2HHzf7enijkUXmpl8o1OUEGUn3G1BiQ08nQbumRlXegLWZmFf9YHqs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGFWMNhVy8s1O8PD4y8Yy4je27e6ixNRGFiZMYxRW2HHzf7enijkUXmpl8o1OUEGUn3G1BiQ08nQbumRlXegLWZmFf9YHqs&google_hm=eoVf6ak9SCSwWlJULJGFn4I

Request Chain 298

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEAriH2QbsVUxclvRo_1WNro&google_cver=1&google_push=AaAOQGGYW_5Mpp2L6zESv0E4s9fQ-x29WroA20I36QYtdQHAva9xmtXkHvVW47cYhc67eKMuHc_9ApR77o68po8TTNIgyfYYwGc HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEAriH2QbsVUxclvRo_1WNro&google_cver=1&google_push=AaAOQGGYW_5Mpp2L6zESv0E4s9fQ-x29WroA20I36QYtdQHAva9xmtXkHvVW47cYhc67eKMuHc_9ApR77o68po8TTNIgyfYYwGc&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGGYW_5Mpp2L6zESv0E4s9fQ-x29WroA20I36QYtdQHAva9xmtXkHvVW47cYhc67eKMuHc_9ApR77o68po8TTNIgyfYYwGc&google_hm=G6_eqGZHdLbZT5OWT6OKsJzl

Request Chain 299

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEF8i5eccKAbPsNyPIKYLLz8&google_cver=1&google_push=AaAOQGFgKtwo4gJtbzEt3kA_-6PW58SWqmoh1pyqHz8j8AeIyPx-0dehVG4n-2C4dWYR9KIvYRZoj6NbGBIArxtDcjHe8ePfeQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGFgKtwo4gJtbzEt3kA_-6PW58SWqmoh1pyqHz8j8AeIyPx-0dehVG4n-2C4dWYR9KIvYRZoj6NbGBIArxtDcjHe8ePfeQ

Request Chain 300

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOmPQXh3hO77a9tp6wY7EnE&google_cver=1&google_push=AaAOQGGS5VIob_z4TBLahUlXvUmBdIFs03DlaYFHYaeGuUq1r5DTbPFeWjiOTMyC_3uVTrFQ1FDZ7wQ66_oyot2VvU94tjdmZ9b_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGGS5VIob_z4TBLahUlXvUmBdIFs03DlaYFHYaeGuUq1r5DTbPFeWjiOTMyC_3uVTrFQ1FDZ7wQ66_oyot2VvU94tjdmZ9b_ HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 306

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFtTxbTpcVdM5ZpkCFYdTTB_jPxcUny4B6qi8XRysb4eDqbDE6Ccipxt1WTPln8qlJ2-tQmoCG4FTCJr3iRbnem12zvXHkZ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFtTxbTpcVdM5ZpkCFYdTTB_jPxcUny4B6qi8XRysb4eDqbDE6Ccipxt1WTPln8qlJ2-tQmoCG4FTCJr3iRbnem12zvXHkZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFtTxbTpcVdM5ZpkCFYdTTB_jPxcUny4B6qi8XRysb4eDqbDE6Ccipxt1WTPln8qlJ2-tQmoCG4FTCJr3iRbnem12zvXHkZ

Request Chain 307

https://a.tribalfusion.com/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZK&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZK%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZK&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZK%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 308

https://um.simpli.fi/gp_match?google_gid=CAESEGXq-h0rS_6EFVZnW7bvBVM&google_cver=1&google_push=AaAOQGFlQTwAchAdOH_W0GvX0ooU166hQelwlevPW2Mijvagy1hwoUeKFvk46i3_nXdWW9BJz1bBD9ejAWroEPN3t-CFxPx19tA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1987F99561AD4CC99396BE570392C16D&google_push=AaAOQGFlQTwAchAdOH_W0GvX0ooU166hQelwlevPW2Mijvagy1hwoUeKFvk46i3_nXdWW9BJz1bBD9ejAWroEPN3t-CFxPx19tA

Request Chain 309

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGXneEvJbi4vRmR_HjIjr7M&google_cver=1&google_push=AaAOQGFbOOAh0lOjrs5Tw_HM2xR5eWHxsq4Emy_BThwKlHWZXLw3-Itbw-cV4x1lg8m5pOk8wqF-sfkIBLW-f2L81JXunMXE_swR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGFbOOAh0lOjrs5Tw_HM2xR5eWHxsq4Emy_BThwKlHWZXLw3-Itbw-cV4x1lg8m5pOk8wqF-sfkIBLW-f2L81JXunMXE_swR&google_hm=eS1KdGxucVZsRTJwR29BVld2bHo5d2hvWURHbXltMjBxen5B

Request Chain 311

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEGlPyBuoOn6qtltMGrpcTag&google_cver=1&google_push=AaAOQGFXAW0K-X4UTtpcnV2EHS05-YStIHHJkrB7xtvr1ZGouifq8NsC3n9l6cgMMWz4qEtv8As2DaE4v9y5Q0cafYvW4cOc8_dfIw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFXAW0K-X4UTtpcnV2EHS05-YStIHHJkrB7xtvr1ZGouifq8NsC3n9l6cgMMWz4qEtv8As2DaE4v9y5Q0cafYvW4cOc8_dfIw HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 335

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFJB2WZQ1H8zTn4L500uWwptVWD82cHt4QKtk3aeLtZ3nPv5XXcHSwDCxt5WXPP7KHxDtyuqW-hb6RW68FSuEUwhVf5JBZaNQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFJB2WZQ1H8zTn4L500uWwptVWD82cHt4QKtk3aeLtZ3nPv5XXcHSwDCxt5WXPP7KHxDtyuqW-hb6RW68FSuEUwhVf5JBZaNQ

Request Chain 337

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHefh5OzxGZGGDM-F4hxMko&google_cver=1&google_push=AaAOQGHIreAIL46DYwL1boZDlIxMRnIdgvqpRLIUusrfaQ0Z9iWPUYHIf_w4ACmgJeWAgoTr8MeSIM4vZKzBNLqji8PqPkoRfr8v HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGHIreAIL46DYwL1boZDlIxMRnIdgvqpRLIUusrfaQ0Z9iWPUYHIf_w4ACmgJeWAgoTr8MeSIM4vZKzBNLqji8PqPkoRfr8v

Request Chain 339

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBRBKt0crhew6PLVB_DAB80&google_cver=1&google_push=AaAOQGFtiXI3xlI0iX1xnYFi5mCDfkD9HT8FOO-6ZzNQwjXn0Jpu3CssRSLXjkdZp-YLOwGMtzFAKlbnxvqRUpbtAi7Bi9_pnPB0 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBRBKt0crhew6PLVB_DAB80&google_cver=1&google_push=AaAOQGFtiXI3xlI0iX1xnYFi5mCDfkD9HT8FOO-6ZzNQwjXn0Jpu3CssRSLXjkdZp-YLOwGMtzFAKlbnxvqRUpbtAi7Bi9_pnPB0&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ulnIeqjwSxGMPq8cAptF6w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGFtiXI3xlI0iX1xnYFi5mCDfkD9HT8FOO-6ZzNQwjXn0Jpu3CssRSLXjkdZp-YLOwGMtzFAKlbnxvqRUpbtAi7Bi9_pnPB0

Request Chain 340

https://match.360yield.com/match/ebda?google_gid=CAESEF4tICdxa837pUi2DkRT384&google_cver=1&google_push=AaAOQGFpiJqfxwZ5H-XueAv9yMhB_xbvqL0dvUgi_GvELWVhGIJUKDJjwmQ6qECEDvTBWVPjhjfx8KhaqIhVV8pa3L3uH1i6pjPy5Q HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEF4tICdxa837pUi2DkRT384&google_cver=1&google_push=AaAOQGFpiJqfxwZ5H-XueAv9yMhB_xbvqL0dvUgi_GvELWVhGIJUKDJjwmQ6qECEDvTBWVPjhjfx8KhaqIhVV8pa3L3uH1i6pjPy5Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2ZH6R-h2TN2QkIHIhyuB3Q&google_push=AaAOQGFpiJqfxwZ5H-XueAv9yMhB_xbvqL0dvUgi_GvELWVhGIJUKDJjwmQ6qECEDvTBWVPjhjfx8KhaqIhVV8pa3L3uH1i6pjPy5Q

Request Chain 341

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEEkBJjSM7_ZT1DzJwvInvDM&google_cver=1&google_push=AaAOQGE-pYiDxM3jQKMigZquyY0VgbUsnFNvJDad9-VCdYggYpwKpUPdMMCfTmU_1TGbErzZ4FdxNqGY51nLhZYTI5us84vy7tRrpw HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGE-pYiDxM3jQKMigZquyY0VgbUsnFNvJDad9-VCdYggYpwKpUPdMMCfTmU_1TGbErzZ4FdxNqGY51nLhZYTI5us84vy7tRrpw&google_gid=CAESEEkBJjSM7_ZT1DzJwvInvDM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY2NzkyNzA5MzM0OTMzODg0OTg3NA%3D%3D&google_push=AaAOQGE-pYiDxM3jQKMigZquyY0VgbUsnFNvJDad9-VCdYggYpwKpUPdMMCfTmU_1TGbErzZ4FdxNqGY51nLhZYTI5us84vy7tRrpw

Request Chain 360

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFpu_CJSnVWyZ_5L_yaA0Wv3OSRpAgztMtLVUJhLLnxk7GK4Tys4aWZdUhLlacE2LPjpzKSq_XR2z7rSH1bkbgeeivBJZqLFQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFpu_CJSnVWyZ_5L_yaA0Wv3OSRpAgztMtLVUJhLLnxk7GK4Tys4aWZdUhLlacE2LPjpzKSq_XR2z7rSH1bkbgeeivBJZqLFQ

Request Chain 361

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEBTe4Kjw0RdQLTa28GjaJVQ&google_cver=1&google_push=AaAOQGG4tPjcw9Uey9nSH4P7VYekem0RU8vz2RdfdOzkcN9asxugZqHWifo_elr6F4t3zAmrEq19HLAIAviS5zbtrHF--WwuYiLSBbY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGG4tPjcw9Uey9nSH4P7VYekem0RU8vz2RdfdOzkcN9asxugZqHWifo_elr6F4t3zAmrEq19HLAIAviS5zbtrHF--WwuYiLSBbY

Request Chain 362

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEL01whmwbo6wjmtNECfSalU&google_cver=1&google_push=AaAOQGF2_loIvbBNXfYgnd8i2laski4nsVlJDylaeTio3vqiqgA4sIMdBEVFoCQzkoZLJZBqfLHlnEfxWGWhqRDYKC-sD5Gsnyqo-cA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MTc3MDgzMDEwMjM5NTAzMg%3D%3D&google_push=AaAOQGF2_loIvbBNXfYgnd8i2laski4nsVlJDylaeTio3vqiqgA4sIMdBEVFoCQzkoZLJZBqfLHlnEfxWGWhqRDYKC-sD5Gsnyqo-cA

Request Chain 363

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHefh5OzxGZGGDM-F4hxMko&google_cver=1&google_push=AaAOQGFIEjcSrdJBF2FtBG4iWetPUFTpuRY0gBAPpzskfzYiXo-xmx6Y6FwVkxse3KMiwz8apv50tWn5s-4JMxNmStZCpWmMAf5uYg HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGFIEjcSrdJBF2FtBG4iWetPUFTpuRY0gBAPpzskfzYiXo-xmx6Y6FwVkxse3KMiwz8apv50tWn5s-4JMxNmStZCpWmMAf5uYg

Request Chain 364

https://d5p.de17a.com/cookies/google?google_gid=CAESELZTJfhrmbP-UY5-Y6YZDFI&google_cver=1&google_push=AaAOQGGtUtwf3jUPI_9RdpNtcrMc_9XyqzfchQolZVS33B8e7XvYpjaKf5VKr59Sv1UvFLghd06aHYpFjG2k98HFH6YW_Xj4FtZbnpY HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELZTJfhrmbP-UY5-Y6YZDFI&google_cver=1&google_push=AaAOQGGtUtwf3jUPI_9RdpNtcrMc_9XyqzfchQolZVS33B8e7XvYpjaKf5VKr59Sv1UvFLghd06aHYpFjG2k98HFH6YW_Xj4FtZbnpY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGGtUtwf3jUPI_9RdpNtcrMc_9XyqzfchQolZVS33B8e7XvYpjaKf5VKr59Sv1UvFLghd06aHYpFjG2k98HFH6YW_Xj4FtZbnpY

478 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x69807j0b5.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 420ms
100ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1318
Content-MD5: +Dz/d7Mp2GQfilgWrAkqiw==
Content-Type: text/html
Date: Tue, 04 Jul 2023 01:34:26 GMT
ETag: 0x8DB5ED0599CC10C
Last-Modified: Sat, 27 May 2023 16:35:15 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 950d3632-901e-005e-3217-aea9ed000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 97ms
97ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: 950d3684-901e-005e-7a17-aea9ed000000
Date: Tue, 04 Jul 2023 01:34:26 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 306ms
109ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 04 Jul 2023 01:34:26 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 950d370c-901e-005e-7d17-aea9ed000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 196ms
97ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 04 Jul 2023 01:34:26 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 950d36c8-901e-005e-3c17-aea9ed000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 297ms
156ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x69807j0b5
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:27 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 267ms
152ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:28 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 687D 77 KB
77 KB 267ms
55ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 88cb60b4d44cd46c08ad4fe0df8e4f868a7716688df347443fc7f4b905d1933a

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79003
content-type: text/html; charset=utf-8
date: Tue, 04 Jul 2023 01:34:27 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 687D 90 KB
33 KB 77ms
14ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 462484
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 17:06:24 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 687D 10 KB
2 KB 72ms
71ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Tue, 04 Jul 2023 01:34:27 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 687D 40 KB
12 KB 81ms
17ms Stylesheet
text/css 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 6625016
x-accel-date: 1681809452
x-77-nzt: AZySIYtmMC7/+BZlAA
x-accel-expires: @1713345452
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: cf878727fff1e80e2477a364fe46ec24
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 687D 233 KB
82 KB 67ms
31ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6B70JBQEWN

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

943e08cd7ad135592bbe2eda7f465c6a8fed653d149c41b5987f04da0888a00c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83390
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 04 Jul 2023 01:34:28 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame 687D 23 KB
23 KB 44ms
43ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Tue, 04 Jul 2023 01:34:27 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Fri, 28 Jun 2024 21:32:10 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 687D 542 B
896 B 13ms
13ms Image
image/png 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6625083
x-accel-date: 1681809385
content-length: 542
x-77-nzt: AZySIYt2TBD/OxdlAA
x-accel-expires: @1713345385
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: cf878727fff1e80e2477a3646461ac26
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 687D 2 KB
2 KB 14ms
13ms Image
image/png 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6625011
x-accel-date: 1681809457
content-length: 1651
x-77-nzt: AZySIYvHt9f/8xZlAA
x-accel-expires: @1713345457
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: cf878727fff1e80e2477a364a246b327
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-taze-fasulye-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame 687D 14 KB
15 KB 22ms
16ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/firinda-taze-fasulye-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2180f29f86c7567e451861d1c1db1df4e665191dbc790c421a2b168138336f3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 4806
x-accel-date: 1688429662
content-length: 14484
x-77-nzt: AZySIYsf+4b/xhIAAA
x-accel-expires: @1719965662
last-modified: Mon, 03 Jul 2023 23:14:30 GMT
server: CDN77-Turbo
etag: "64a35656-3894"
x-77-nzt-ray: cf878727fff1e80e2477a364e31f1428
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 visneli-dondurma-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame 687D 13 KB
14 KB 27ms
22ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/visneli-dondurma-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e7d8342248029f1df308d3f2cb02a6a7a87714307aca80532eb853c198cc92f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 96964
x-accel-date: 1688337504
content-length: 13657
x-77-nzt: AZySIYvff6X/xHoBAA
x-accel-expires: @1719873504
last-modified: Sun, 02 Jul 2023 22:22:54 GMT
server: CDN77-Turbo
etag: "64a1f8be-3559"
x-77-nzt-ray: cf878727fff1e80e2477a3642a511e28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bezelye-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame 687D 14 KB
14 KB 32ms
26ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/bezelye-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dd7419ac2c04d1920350f6b486f662f299717fb2b16b14a824f61cc4a362ad0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 182561
x-accel-date: 1688251907
content-length: 14413
x-77-nzt: AZySIYs7lZb/IckCAA
x-accel-expires: @1719787907
last-modified: Sat, 01 Jul 2023 22:15:24 GMT
server: CDN77-Turbo
etag: "64a0a57c-384d"
x-77-nzt-ray: cf878727fff1e80e2477a36480562528
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-kabak-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame 687D 11 KB
11 KB 36ms
31ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/terbiyeli-kabak-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3cf33fd1cc895fe26505c0677f183cec819f5d55d54905a1adf8e95322d67c19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 269135
x-accel-date: 1688165333
content-length: 11302
x-77-nzt: AZySIYt+cAz/TxsEAA
x-accel-expires: @1719701333
last-modified: Fri, 30 Jun 2023 22:20:09 GMT
server: CDN77-Turbo
etag: "649f5519-2c26"
x-77-nzt-ray: cf878727fff1e80e2477a364a07b2928
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantarli-kori-soslu-tavuk-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 687D 15 KB
15 KB 38ms
32ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/mantarli-kori-soslu-tavuk-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2efed30acdac9725b233f6d3d5bd8a16a9049980ceaa91525e061cc9c63da1e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624300
x-accel-date: 1681810168
content-length: 15410
x-77-nzt: AZySIYvZi8n/LBRlAA
x-accel-expires: @1713346168
last-modified: Tue, 07 Mar 2023 20:31:42 GMT
server: CDN77-Turbo
etag: "64079f2e-3c32"
x-77-nzt-ray: cf878727fff1e80e2477a3644ad62d28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/02/ Frame 687D 13 KB
13 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/02/nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624597
x-accel-date: 1681809871
content-length: 13272
x-77-nzt: AZySIYu4Mcn/VRVlAA
x-accel-expires: @1713345871
last-modified: Wed, 01 May 2019 22:22:18 GMT
server: CDN77-Turbo
etag: "5cca1c1a-33d8"
x-77-nzt-ray: cf878727fff1e80e2477a364f7373028
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-burger-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame 687D 11 KB
11 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/tavuk-burger-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 78aa3d973a83de17d8b856934f19a2613483fbfd3cd2b6c5bc50865014924659

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 206868
x-accel-date: 1688227600
content-length: 11304
x-77-nzt: AZySIYs99L3/FCgDAA
x-accel-expires: @1719763600
last-modified: Mon, 28 Feb 2022 17:23:23 GMT
server: CDN77-Turbo
etag: "621d050b-2c28"
x-77-nzt-ray: cf878727fff1e80e2477a36455803228
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-sultan-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/05/ Frame 687D 12 KB
12 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/05/tavuklu-sultan-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2214a9c42ac416d027c9814595f62b198356d64ee8eebd6cef1ab5ba1def247d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624703
x-accel-date: 1681809765
content-length: 11963
x-77-nzt: AZySIYumnib/vxVlAA
x-accel-expires: @1713345765
last-modified: Wed, 01 May 2019 22:58:17 GMT
server: CDN77-Turbo
etag: "5cca2489-2ebb"
x-77-nzt-ray: cf878727fff1e80e2477a3645d3a3b28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pusuruk-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/05/ Frame 687D 10 KB
10 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/05/pusuruk-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5687b49f792b9dd66f69e7ff2b2365ae5ab3dfb950f97e492a540503be95c201

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6622768
x-accel-date: 1681811700
content-length: 9920
x-77-nzt: AZySIYspOor/MA5lAA
x-accel-expires: @1713347700
last-modified: Sun, 12 May 2019 22:33:30 GMT
server: CDN77-Turbo
etag: "5cd89f3a-26c0"
x-77-nzt-ray: cf878727fff1e80e2477a36438963d28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 salcali-pirincli-sulu-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/08/ Frame 687D 13 KB
14 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/08/salcali-pirincli-sulu-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b1701639174cb872a535071c10f17980f509ef1588d3a06bc7f8aad5ef0d25aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6622712
x-accel-date: 1681811756
content-length: 13484
x-77-nzt: AZySIYuLG1D/+A1lAA
x-accel-expires: @1713347756
last-modified: Wed, 01 May 2019 22:27:36 GMT
server: CDN77-Turbo
etag: "5cca1d58-34ac"
x-77-nzt-ray: cf878727fff1e80e2477a3645ab57628
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 biberli-ekmek-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/08/ Frame 687D 14 KB
15 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/08/biberli-ekmek-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2fadfde5b4ce735fc466b9939d62d74300a90048395f1ab819fa4b677fd51eeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6621773
x-accel-date: 1681812695
content-length: 14575
x-77-nzt: AZySIYvziYX/TQplAA
x-accel-expires: @1713348695
last-modified: Wed, 01 May 2019 23:23:33 GMT
server: CDN77-Turbo
etag: "5cca2a75-38ef"
x-77-nzt-ray: cf878727fff1e80e2477a364bb6b7928
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 elbasan-tava-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 687D 13 KB
14 KB 38ms
34ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/elbasan-tava-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3a7cdd2a8d457a3a736abdd116f27948e56ad18163f6f31bc4191240fe28e312

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624062
x-accel-date: 1681810406
content-length: 13627
x-77-nzt: AZySIYs93t3/PhNlAA
x-accel-expires: @1713346406
last-modified: Fri, 22 May 2020 00:07:54 GMT
server: CDN77-Turbo
etag: "5ec717da-353b"
x-77-nzt-ray: cf878727fff1e80e2477a364da557b28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tencerede-etli-patlican-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/08/ Frame 687D 13 KB
13 KB 38ms
34ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/08/tencerede-etli-patlican-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8e2b2033aae5f2ebbc9b92291c3cdfa7a084429d21d85b382e39dfbd875b5f55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624265
x-accel-date: 1681810203
content-length: 13086
x-77-nzt: AZySIYuYnFP/CRRlAA
x-accel-expires: @1713346203
last-modified: Wed, 01 May 2019 23:03:11 GMT
server: CDN77-Turbo
etag: "5cca25af-331e"
x-77-nzt-ray: cf878727fff1e80e2477a364cc2c7d28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 saksi-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2013/08/ Frame 687D 14 KB
14 KB 38ms
34ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2013/08/saksi-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 27b521443caa2567c561c9a2bd377929f40cf7fb68113ccbc4b42669c6841e79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624392
x-accel-date: 1681810076
content-length: 13931
x-77-nzt: AZySIYtQDNL/iBRlAA
x-accel-expires: @1713346076
last-modified: Wed, 01 May 2019 22:17:07 GMT
server: CDN77-Turbo
etag: "5cca1ae3-366b"
x-77-nzt-ray: cf878727fff1e80e2477a364bb427f28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 patlican-oturtma-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2013/07/ Frame 687D 14 KB
14 KB 39ms
34ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2013/07/patlican-oturtma-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 82b26c270816480cac7ae6e6b713f4aa513bbfa78e68d5b6d2230ba9eb055519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624811
x-accel-date: 1681809657
content-length: 13962
x-77-nzt: AZySIYukcUj/KxZlAA
x-accel-expires: @1713345657
last-modified: Wed, 01 May 2019 22:16:19 GMT
server: CDN77-Turbo
etag: "5cca1ab3-368a"
x-77-nzt-ray: cf878727fff1e80e2477a364a3478128
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 et-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/07/ Frame 687D 13 KB
13 KB 39ms
34ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/07/et-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7b74b15c0e0224974c8f830453f4141254e43fc02d4d95a8bce9c1a27a893079

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624663
x-accel-date: 1681809805
content-length: 13282
x-77-nzt: AZySIYsEPNb/lxVlAA
x-accel-expires: @1713345805
last-modified: Wed, 01 May 2019 23:21:08 GMT
server: CDN77-Turbo
etag: "5cca29e4-33e2"
x-77-nzt-ray: cf878727fff1e80e2477a364ad038328
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-ic-pilavli-b%C3%BCt%C3%BCn-tavuk-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/08/ Frame 687D 16 KB
16 KB 39ms
35ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/08/firinda-ic-pilavli-b%C3%BCt%C3%BCn-tavuk-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 65676ff9ee174f1af8dd161a2b306631500e0e3ee01ace918e221312048e9bc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6621899
x-accel-date: 1681812569
content-length: 16247
x-77-nzt: AZySIYv5Vw7/ywplAA
x-accel-expires: @1713348569
last-modified: Wed, 01 May 2019 22:46:25 GMT
server: CDN77-Turbo
etag: "5cca21c1-3f77"
x-77-nzt-ray: cf878727fff1e80e2477a364b1a78528
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pesto-soslu-tavuklu-noodle-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/12/ Frame 687D 12 KB
12 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/12/pesto-soslu-tavuklu-noodle-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cb52111dd9f956e7d4e7aedafd0bb0f1785509e9d242eb245a82f1a165e6462a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6621996
x-accel-date: 1681812472
content-length: 12246
x-77-nzt: AZySIYsZX0D/LAtlAA
x-accel-expires: @1713348472
last-modified: Mon, 09 Dec 2019 21:34:21 GMT
server: CDN77-Turbo
etag: "5deebddd-2fd6"
x-77-nzt-ray: cf878727fff1e80e2477a3646bd18728
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-etimekli-besamel-soslu-tavuk-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/12/ Frame 687D 12 KB
13 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/12/firinda-etimekli-besamel-soslu-tavuk-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e041f359812b31ffb3d561c106435550a58d86540a0262a93e6e462624fada6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6623989
x-accel-date: 1681810479
content-length: 12566
x-77-nzt: AZySIYtbvVD/9RJlAA
x-accel-expires: @1713346479
last-modified: Wed, 01 May 2019 23:10:13 GMT
server: CDN77-Turbo
etag: "5cca2755-3116"
x-77-nzt-ray: cf878727fff1e80e2477a36464f38928
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-kalamar-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/06/ Frame 687D 14 KB
14 KB 43ms
40ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/06/tavuk-kalamar-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 879d5861c9bdf530e2c9a5194305a8753fc7d7a198fbb487d6535c994e82a19f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6622575
x-accel-date: 1681811893
content-length: 14115
x-77-nzt: AZySIYv4dDP/bw1lAA
x-accel-expires: @1713347893
last-modified: Wed, 01 May 2019 23:00:07 GMT
server: CDN77-Turbo
etag: "5cca24f7-3723"
x-77-nzt-ray: cf878727fff1e80e2477a364fba58b28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanak-borani-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/04/ Frame 687D 13 KB
13 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/04/ispanak-borani-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d8b4887a05128d173df033ad7b0ecf00bba347394d67b8800b831a90dfeff00c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6623745
x-accel-date: 1681810723
content-length: 13451
x-77-nzt: AZySIYveRMX/ARJlAA
x-accel-expires: @1713346723
last-modified: Wed, 01 May 2019 22:57:37 GMT
server: CDN77-Turbo
etag: "5cca2461-348b"
x-77-nzt-ray: cf878727fff1e80e2477a3646d789528
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 taze-fasulye-borani-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/07/ Frame 687D 14 KB
15 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/07/taze-fasulye-borani-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e333cb1305d380d1fea95d56af2665209ad86d60e8df0d3d0b1d6aba56d5836f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6621767
x-accel-date: 1681812701
content-length: 14550
x-77-nzt: AZySIYt+wOz/RwplAA
x-accel-expires: @1713348701
last-modified: Wed, 01 Jul 2020 23:09:11 GMT
server: CDN77-Turbo
etag: "5efd1797-38d6"
x-77-nzt-ray: cf878727fff1e80e2477a364732b9b28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 misir-mucveri-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame 687D 15 KB
16 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/misir-mucveri-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ebbe746368e0ba512f0d712c539e1a8cda25100af45df0c2cf185e3ed8fa2002

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6619344
x-accel-date: 1681815124
content-length: 15607
x-77-nzt: AZySIYtRoCb/0ABlAA
x-accel-expires: @1713351124
last-modified: Sun, 26 Feb 2023 15:11:41 GMT
server: CDN77-Turbo
etag: "63fb76ad-3cf7"
x-77-nzt-ray: cf878727fff1e80e2477a36440d6a028
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 patlican-baligi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/11/ Frame 687D 13 KB
13 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/11/patlican-baligi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1c9af0fc292c8fb8f9dc82487cf57b1854797659160b14b7afd9566c7d068c2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6621531
x-accel-date: 1681812937
content-length: 12996
x-77-nzt: AZySIYtFG+v/WwllAA
x-accel-expires: @1713348937
last-modified: Thu, 31 Oct 2019 23:15:55 GMT
server: CDN77-Turbo
etag: "5dbb6b2b-32c4"
x-77-nzt-ray: cf878727fff1e80e2477a36451e5a628
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 havuclu-brokoli-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/01/ Frame 687D 10 KB
10 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/01/havuclu-brokoli-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 08ea981d8e95685d3e51862b19b49ffad381b140f8389b86658b47b5eed2b0e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624019
x-accel-date: 1681810449
content-length: 10112
x-77-nzt: AZySIYs2stP/ExNlAA
x-accel-expires: @1713346449
last-modified: Sat, 29 Jan 2022 23:43:27 GMT
server: CDN77-Turbo
etag: "61f5d11f-2780"
x-77-nzt-ray: cf878727fff1e80e2477a3641f7ea828
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mercimekli-tarhana-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/08/ Frame 687D 13 KB
13 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/08/mercimekli-tarhana-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 31e62e0b092bc9ff94b2b8e841ae9305955b398a7cd80116a4d79bc9fe3b6e39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624811
x-accel-date: 1681809657
content-length: 12901
x-77-nzt: AZySIYtwtav/KxZlAA
x-accel-expires: @1713345657
last-modified: Mon, 23 Aug 2021 21:56:40 GMT
server: CDN77-Turbo
etag: "61241998-3265"
x-77-nzt-ray: cf878727fff1e80e2477a3649600ae28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-tarhana-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/12/ Frame 687D 11 KB
11 KB 45ms
41ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/12/sebzeli-tarhana-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 517c03e0d842cccda1bb3cd0c59fc1e781446b831451a1d30337fbe0b4fb143a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6622165
x-accel-date: 1681812303
content-length: 10889
x-77-nzt: AZySIYt1lrT/1QtlAA
x-accel-expires: @1713348303
last-modified: Mon, 19 Dec 2022 23:05:28 GMT
server: CDN77-Turbo
etag: "63a0ee38-2a89"
x-77-nzt-ray: cf878727fff1e80e2477a3645c5db028
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tel-sehriye-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/11/ Frame 687D 14 KB
14 KB 45ms
41ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/11/tel-sehriye-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 766844777d1c16918b612d47d36ee72c8b15083f988bac0db7634f1d26bc76c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624002
x-accel-date: 1681810466
content-length: 14241
x-77-nzt: AZySIYsSkcL/AhNlAA
x-accel-expires: @1713346466
last-modified: Thu, 17 Nov 2022 21:38:25 GMT
server: CDN77-Turbo
etag: "6376a9d1-37a1"
x-77-nzt-ray: cf878727fff1e80e2477a364e5cfb228
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 limon-soslu-muhallebi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/12/ Frame 687D 11 KB
11 KB 45ms
42ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/12/limon-soslu-muhallebi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 783777ff49b215d0f16502c394d35502c858facb8764b9d843ceb5a0ec30423f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 213639
x-accel-date: 1688220829
content-length: 11380
x-77-nzt: AZySIYtGw9H/h0IDAA
x-accel-expires: @1719756829
last-modified: Tue, 06 Dec 2022 20:02:37 GMT
server: CDN77-Turbo
etag: "638f9fdd-2c74"
x-77-nzt-ray: cf878727fff1e80e2477a364bfd6b428
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 gelin-pastasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/03/ Frame 687D 11 KB
11 KB 45ms
42ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/03/gelin-pastasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2f00c7b5956692521c8f769cdfbfc7e6fcf45d8f3db6d83667b09437c6440286

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624950
x-accel-date: 1681809518
content-length: 10837
x-77-nzt: AZySIYvUYH3/thZlAA
x-accel-expires: @1713345518
last-modified: Wed, 01 May 2019 23:14:27 GMT
server: CDN77-Turbo
etag: "5cca2853-2a55"
x-77-nzt-ray: cf878727fff1e80e2477a3646cadb628
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-kabak-tatlisi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/10/ Frame 687D 12 KB
13 KB 45ms
42ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/10/firinda-kabak-tatlisi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7bbb373c95c90c780398890817fe677beee013e62f55b6e0b380e2bf0889be46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6622903
x-accel-date: 1681811565
content-length: 12793
x-77-nzt: AZySIYtR2ub/tw5lAA
x-accel-expires: @1713347565
last-modified: Wed, 01 May 2019 23:06:35 GMT
server: CDN77-Turbo
etag: "5cca267b-31f9"
x-77-nzt-ray: cf878727fff1e80e2477a3647648b828
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 melisa-tatlisi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/08/ Frame 687D 17 KB
17 KB 45ms
42ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/08/melisa-tatlisi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 011ae79c8f02dd0f21d32a8cf0a1e5b9844958b27afeaf728f4b96e4c02d85b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624408
x-accel-date: 1681810060
content-length: 17446
x-77-nzt: AZySIYtf5t//mBRlAA
x-accel-expires: @1713346060
last-modified: Mon, 10 Aug 2020 22:50:05 GMT
server: CDN77-Turbo
etag: "5f31cf1d-4426"
x-77-nzt-ray: cf878727fff1e80e2477a364bd35e128
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lutenitsa-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/08/ Frame 687D 11 KB
12 KB 45ms
42ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/08/lutenitsa-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ca53194ced6bf23bde494f1c6f60f9f68d9315fae31295a6c43f63bad7963abf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 313758
x-accel-date: 1688120710
content-length: 11512
x-77-nzt: AZySIYvKeWH/nskEAA
x-accel-expires: @1719656710
last-modified: Sun, 29 Aug 2021 21:37:58 GMT
server: CDN77-Turbo
etag: "612bfe36-2cf8"
x-77-nzt-ray: cf878727fff1e80e2477a364376de328
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sodali-pamuk-acma-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/05/ Frame 687D 12 KB
13 KB 45ms
42ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/05/sodali-pamuk-acma-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c145205eb5090e66757c98f489cc75049eb7d028374d62418eb7660ed19f1548

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6624499
x-accel-date: 1681809969
content-length: 12499
x-77-nzt: AZySIYvMXgH/8xRlAA
x-accel-expires: @1713345969
last-modified: Wed, 01 May 2019 23:17:00 GMT
server: CDN77-Turbo
etag: "5cca28ec-30d3"
x-77-nzt-ray: cf878727fff1e80e2477a364b09be828
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sucuk-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/09/ Frame 687D 14 KB
15 KB 45ms
43ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/09/sucuk-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: daffc7fcc9b29db5ccb50c31f317749cc2127c773b9f45f6cc7f247a073f3483

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 4805
x-accel-date: 1688429663
content-length: 14609
x-77-nzt: AZySIYtFjxL/xRIAAA
x-accel-expires: @1719965663
last-modified: Thu, 08 Sep 2022 22:29:36 GMT
server: CDN77-Turbo
etag: "631a6cd0-3911"
x-77-nzt-ray: cf878727fff1e80e2477a364317eea28
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantarli-ispanakli-yumurta-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 687D 16 KB
16 KB 46ms
43ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/mantarli-ispanakli-yumurta-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b626cb98565e377b5fbb449fcb91acaaa421a333bcea9850b70ac58cf9fc4432

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 2686796
x-accel-date: 1685747672
content-length: 15966
x-77-nzt: AZySIYv+wmr/TP8oAA
x-accel-expires: @1717283672
last-modified: Fri, 02 Jun 2023 23:01:10 GMT
server: CDN77-Turbo
etag: "647a74b6-3e5e"
x-77-nzt-ray: cf878727fff1e80e2477a364a435f528
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 687D 5 KB
6 KB 62ms
12ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:28 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1688434468.cds320.fr8.hn,1688434468.cds153.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 687D 56 B
362 B 296ms
11ms Script
text/javascript 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-114.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 04 Jul 2023 01:34:28 GMT
server: Oracle API Gateway
opc-request-id: /E8630ABD6E97BFDBADC9C89493C362F1/3DABDA5401A67D6DB819E5FA83A6D4CE
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 687D 465 B
585 B 64ms
14ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:28 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1688434468.cds320.fr8.hn,1688434468.cds057.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 687D 75 KB
26 KB 318ms
51ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:28 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 687D 3 KB
2 KB 29ms
9ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa2d302ba2a2f679282a87b6d28dcea5bbb18c63ecc717760b536032ae2ea8eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 04 Jul 2023 01:34:28 GMT
content-md5: aiEP7gshlUxOqMl1ckEfXw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-debug: QAah8KhMD8fM++kWToZ3ap4mO8y7XiYgKOydUcJUoXjgGZStLQ8TrG19R5pXTA4trCRsBA3IOsWxnT2ezK+Ydg==
x-fb-content-md5: 86df6ad164d62831e9d30d88826bc31d
cross-origin-opener-policy: same-origin-allow-popups
etag: "9bb0d467d208ceffdb4afbc71201d127"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:45:55 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 687D 21 KB
21 KB 43ms
42ms Image
image/png 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 04 Jul 2023 01:34:28 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6625011
x-accel-date: 1681809457
content-length: 21525
x-77-nzt: AZySIYvYsBb/8xZlAA
x-accel-expires: @1713345457
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: cf878727fff1e80e2477a3643b74fb28
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 687D 307 KB
87 KB 29ms
13ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=3c8f01b7d0ce027fd41ed0630afd4f82

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0297f5dcd4a513141b8af8cbf6989a5608d7efa50d260a925d1d7e3b00779283

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 04 Jul 2023 01:34:28 GMT
content-md5: VqjxSPjPMmjsED4F0eAPXw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88852
x-fb-debug: DOES6UaRhlz2HUT9xriHBTHNmts6wBP3z8ccwr4ruBSMu3CjtafhG3gJHeGJw9UImGHZ9tdXg+KA6zSC+nQbAw==
x-fb-content-md5: 37c1c814e071f615d9e1e751f4dbf2a1
cross-origin-opener-policy: same-origin-allow-popups
etag: "2f7df7aaf5fb4d1d9d411cfbc5fad604"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Wed, 03 Jul 2024 01:25:56 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 687D 75 KB
26 KB 77ms
41ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ec2e49faae65cb7cfb9d3b5609524ad107f66ad078700ed8ad64034e6193006

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26082
x-xss-protection: 0
server: cafe
etag: 689 / 19542 / m202306280101 / config-hash: 16290895573865757289
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 687D 120 B
306 B 48ms
47ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame FEB8 891 B
1 KB 48ms
47ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Tue, 04 Jul 2023 01:34:29 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 687D 141 KB
49 KB 75ms
32ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3654213c39e9adab0c2bffdf2a1fb69a908d2197bd8fb841beffb5736e0feaec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49366
x-xss-protection: 0
server: cafe
etag: 11701948108566348629
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 687D 489 KB
182 KB 53ms
53ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 687D 236 KB
58 KB 45ms
9ms Script
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 00:37:37 GMT
content-encoding: gzip
via: 1.1 c60125e7f3465aceafb0abd071a41a36.cloudfront.net (CloudFront), 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P6
age: 3413
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: hEozDhEOn17zbjJ-yyhSSJ_w3068BMAX8KOoNuUriRTrN2SBxbyL9w==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 687D 33 KB
5 KB 148ms
93ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1688434469045&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.960792868210544
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 34df1fc65d0ed952af799e8d836268682bdf17dea7d3e5782d98010e6c5a8f32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 687D 12 KB
2 KB 48ms
47ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19542
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 687D 50 KB
5 KB 143ms
93ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=469009
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 80add1529fb0d0a80d813129431305fa1df527dfcd4d8fa32967ba637d74e9a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 687D 0
307 B 9ms
9ms XHR
text/plain 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:14:45 GMT
via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
age: 11983
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: 28tbMoJC37KkqINrI2ANWnnDSUw5DDGoUEyiI3k86DN5KUqDttMNow==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 687D 6 KB
3 KB 27ms
8ms XHR
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
date: Mon, 03 Jul 2023 05:29:20 GMT
x-amz-cf-pop: FRA56-P6
age: 72310
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: giaoaahzgVc4kLDbbDVhS-LGxJJhqTF0VlBUJyD6o6HW31YWVvo-QA==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/ Frame 687D 392 KB
125 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ab758e32437cf86d59e683d808940365c56bf6893f391a96d19e731b21bf154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:54:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42009
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127514
x-xss-protection: 0
server: cafe
etag: 13498126467117012333
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 02 Jul 2024 13:54:20 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/ Frame 687D 346 KB
119 KB 92ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075623

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e670e5f819950774edd58a50abd7e6e80944b5f03816401f31cb033647d2033

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121744
x-xss-protection: 0
server: cafe
etag: 8054244287796967967
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/ Frame 4572 10 KB
5 KB 49ms
13ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 31400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 16:51:09 GMT
etag: 12368291122986407432
expires: Mon, 17 Jul 2023 16:51:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 687D 10 KB
3 KB 48ms
48ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 687D 23 B
458 B 411ms
327ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=pH7Pdxa0oDXJd&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: MV0SXPM0R3J9H9XETQX7
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: sDSYSgl0jHrCBptsbmagj0ZRo7p5IodN1qDsEylJ6E72cki_3uHYFg==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 687D 11 KB
5 KB 49ms
48ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=469009
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 687D 17 KB
5 KB 64ms
15ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19542
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 00:51:31 GMT
content-encoding: gzip
age: 2578
x-guploader-uploadid: ADPycduekCI03weQQM5HiAunsfwgICoqEVjM2IDNoL8ftn-C1aguwUCEfz43vpzMdvd6aZKtKmQZBTULNhGzPz6QaLifXys5hdw7
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 687D 0
209 B 48ms
48ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688434469230&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnetac2305d7-3763-4e40-b58c-79645b958670&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.9493508887748616
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:29 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 687D 107 B
456 B 59ms
23ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 687D 28 KB
12 KB 599ms
599ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3190572881593442&correlator=2368077242017420&eid=31074948%2C31075593%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=2&adks=2520051120&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688434469045%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetac2305d7-3763-4e40-b58c-79645b958670%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetac2305d737634e40b58c79645b958670&sc=1&cdm=ye-mek.net&abxe=1&dt=1688434469259&lmt=1688434469&dlt=1688434468552&idt=639&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=pt4y49u3of9t&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b82ee30b16922c3d43b7e6f8c0c409f596572f4cdff2355e404844c8dc62fee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11805
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425927494
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 687D 28 KB
12 KB 224ms
223ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3190572881593442&correlator=2368077242017420&eid=31074948%2C31075593%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=3&adks=2233359564&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688434469045%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetac2305d7-3763-4e40-b58c-79645b958670%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetac2305d737634e40b58c79645b958670&sc=1&cdm=ye-mek.net&abxe=1&dt=1688434469266&lmt=1688434469&dlt=1688434468552&idt=639&adxs=349&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=aekzolkz2bpw&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3883d74e906a15c08308ad14d81f875d2c210859d3436b675f718570c6f937c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11819
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425927815
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 687D 65 KB
15 KB 774ms
774ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3190572881593442&correlator=2368077242017420&eid=31074948%2C31075593%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=4&adks=1571377013&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688434469045%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetac2305d7-3763-4e40-b58c-79645b958670%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetac2305d737634e40b58c79645b958670&sc=1&cdm=ye-mek.net&abxe=1&dt=1688434469269&lmt=1688434469&dlt=1688434468552&idt=639&adxs=985&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=o1yq18h6l49j&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e00b74109d6acff2297e0df091ba38919e0d36a5495d1239695a15cc5d7b21e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15562
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 687D 28 KB
12 KB 233ms
232ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3190572881593442&correlator=4265581565991199&eid=31074948%2C31075593%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=5&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688434469045%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetac2305d7-3763-4e40-b58c-79645b958670%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetac2305d737634e40b58c79645b958670&sc=1&cdm=ye-mek.net&abxe=1&dt=1688434469272&lmt=1688434469&dlt=1688434468552&idt=639&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=zfhe6sdec96l&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00e6f13fc31a2651a378aa6ff48ec22051889f33451f28e7bc5e22fc50517ffa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11875
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425219174
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4305 6 KB
3 KB 112ms
24ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
expires: Wed, 03 Jul 2024 01:34:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 687D 7 KB
3 KB 319ms
47ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19542
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 11 Jul 2023 01:34:29 GMT

GET
H2 200 zoneview
ng.virgul.com/ Frame 687D 0
209 B 49ms
48ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688434469301&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnetac2305d7-3763-4e40-b58c-79645b958670&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.3848265113205329
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:29 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 19B1 603 B
218 B 70ms
69ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469152&bpp=4&bdt=601&idt=154&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=1019039689748&frm=24&ife=1&pv=2&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759842%2C31075623%2C31075757%2C44788441&oid=2&pvsid=3190572881593442&tmod=1742401616&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.okum14cd53g7&fsb=1&dtd=167

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075623

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tag Show response
feed.pghub.io/ Frame DF16 13 B
257 B 77ms
23ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Tue, 04 Jul 2023 01:34:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 container.html Show response
a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 56EB 6 KB
3 KB 15ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
expires: Wed, 03 Jul 2024 01:34:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 081D 6 KB
3 KB 14ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
expires: Wed, 03 Jul 2024 01:34:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 56EB 24 KB
7 KB 63ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 480698
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 56EB 140 KB
48 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f804f604076c09c8076152de029283476bb1d725558001440e6de8dd5d2acfdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Origin: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49206
x-xss-protection: 0
server: cafe
etag: 9005429718226064468
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 56EB 179 KB
56 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 081D 24 KB
6 KB 55ms
16ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 480698
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 081D 138 KB
48 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44923cbc87f6f2a893b3b8d0e884bd096199631342b7e513ba4d27630d3ce96a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Origin: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48744
x-xss-protection: 0
server: cafe
etag: 5382559696799915162
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 081D 179 KB
56 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 56EB 0
0 55ms
55ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuL8hL3ys1D2xE8oPSIvEedDC8eUND9tQ8AmyUmzhBw78b_bOfwWq4-8_J13jCs1oRP_OdAaFQDJQ6Ror4eCd9J6vOEh6uWNAeazlhql7sK-Vn7LT5-jHaDwqwi_ijAZ99t31jJl8-33F8TI-VeosxAukiDnaeNXJXEzE7iOz7DPGR8ZIHvXwmsGz19iMqVGBcA5VldPXqb9OdgRpT0fA9uFha38kD2Ool-97AxH3k1rdmuWPUGEpnoooEfUMpCIeySEzP2AjJfkngOQuV-i_cuzavH9a8iYXHuu7AnyjKRGu_08gFKnLFb8IAkYCRSC07z9_aLH8SVlOScZMN4KqxKKBOZgBZCBvyfpDVc&sai=AMfl-YTEwD05sbv3XJgS85nDk26mmu74Ch2h37AMPmzmkKGU2HcDrA0A1Oo40Ig7dlgA_minFIFS9IDqbny7NnDKOrheRc3InqSvtx4MIf7IK-A&sig=Cg0ArKJSzIsQ5iWMgZGQEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/ Frame 56EB 346 KB
119 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daa2c52cea0d20298e0bd68c7b48b7ea5ff219b07c0e281d42ea88d2379ab494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121737
x-xss-protection: 0
server: cafe
etag: 15869725197381230347
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 687D 107 B
165 B 25ms
24ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 687D 61 KB
14 KB 425ms
425ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3190572881593442&correlator=2869154654072682&eid=31074948%2C31075593%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=6&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688434469045%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetac2305d7-3763-4e40-b58c-79645b958670%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetac2305d737634e40b58c79645b958670&sc=1&cdm=ye-mek.net&abxe=1&dt=1688434469694&lmt=1688434469&dlt=1688434468552&idt=639&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=e4zmp4cd5fg7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABnkTfCUwAWkFtpN59AK-GEdtiOm0gA8wFTUsa07D9S33RBhTQGcJb16Be_gDdpkriKBJAMp1iKXk77PnGsTGpbSkQ%2CABnkTfAf_5g8Mi-Nz0ljs_O0vuDylYV1MZ10PJU4VmpzGCoKhLhNItYQ5usBCG15Dra4Mtc3psipoQ2cTF_6nW1z3w&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73de152e783d2f1297f5f7857379d5199ae759521c350c8618a30ee4f9d7e641

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14014
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 687D 24 KB
11 KB 369ms
368ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3190572881593442&correlator=1407230246762931&eid=31074948%2C31075593%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=7&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688434469045%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetac2305d7-3763-4e40-b58c-79645b958670%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetac2305d737634e40b58c79645b958670&sc=1&cdm=ye-mek.net&abxe=1&dt=1688434469697&lmt=1688434469&dlt=1688434468552&idt=639&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=azz8sud1sfm2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&psts=ABnkTfCUwAWkFtpN59AK-GEdtiOm0gA8wFTUsa07D9S33RBhTQGcJb16Be_gDdpkriKBJAMp1iKXk77PnGsTGpbSkQ%2CABnkTfAf_5g8Mi-Nz0ljs_O0vuDylYV1MZ10PJU4VmpzGCoKhLhNItYQ5usBCG15Dra4Mtc3psipoQ2cTF_6nW1z3w&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c70172d4ad97655536201f9b23792318497c7367cd9c5d546f67f19efeecaae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11460
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 687D 61 KB
14 KB 401ms
401ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3190572881593442&correlator=1142789152963837&eid=31074948%2C31075593%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=8&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688434469045%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetac2305d7-3763-4e40-b58c-79645b958670%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetac2305d737634e40b58c79645b958670&sc=1&cdm=ye-mek.net&abxe=1&dt=1688434469699&lmt=1688434469&dlt=1688434468552&idt=639&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=egonyco1zuu7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABnkTfCUwAWkFtpN59AK-GEdtiOm0gA8wFTUsa07D9S33RBhTQGcJb16Be_gDdpkriKBJAMp1iKXk77PnGsTGpbSkQ%2CABnkTfAf_5g8Mi-Nz0ljs_O0vuDylYV1MZ10PJU4VmpzGCoKhLhNItYQ5usBCG15Dra4Mtc3psipoQ2cTF_6nW1z3w&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94e9321831e01ad49d1d6804f118ec824b87038aad6ac50742c2e8cf205395f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13912
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 687D 25 KB
12 KB 411ms
410ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3190572881593442&correlator=3946305574096199&eid=31074948%2C31075593%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=9&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688434469045%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetac2305d7-3763-4e40-b58c-79645b958670%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetac2305d737634e40b58c79645b958670&sc=1&cdm=ye-mek.net&abxe=1&dt=1688434469703&lmt=1688434469&dlt=1688434468552&idt=639&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=lbpdghu9axt5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABnkTfCUwAWkFtpN59AK-GEdtiOm0gA8wFTUsa07D9S33RBhTQGcJb16Be_gDdpkriKBJAMp1iKXk77PnGsTGpbSkQ%2CABnkTfAf_5g8Mi-Nz0ljs_O0vuDylYV1MZ10PJU4VmpzGCoKhLhNItYQ5usBCG15Dra4Mtc3psipoQ2cTF_6nW1z3w&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a079e7d766457ec7d397c3cef3fa4a0aa7c5a35ebb520af2930af90328a671d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11796
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 687D 24 KB
11 KB 400ms
400ms Fetch
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3190572881593442&correlator=1337137095296998&eid=31074948%2C31075593%2C31075339&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=10&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688434469045%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetac2305d7-3763-4e40-b58c-79645b958670%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetac2305d737634e40b58c79645b958670&sc=1&cdm=ye-mek.net&abxe=1&dt=1688434469706&lmt=1688434469&dlt=1688434468552&idt=639&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=p5kqmjpe3dzm&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&psts=ABnkTfCUwAWkFtpN59AK-GEdtiOm0gA8wFTUsa07D9S33RBhTQGcJb16Be_gDdpkriKBJAMp1iKXk77PnGsTGpbSkQ%2CABnkTfAf_5g8Mi-Nz0ljs_O0vuDylYV1MZ10PJU4VmpzGCoKhLhNItYQ5usBCG15Dra4Mtc3psipoQ2cTF_6nW1z3w&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9cde07e0bdd0ecb6e244f72f7fa6f945dfa947d9372f3927ea04c438a0d76c88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11498
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 56EB 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd0cd6d78264020d1bd0a622ae3d2fe8bc40d0bd259efd901ee88cf562f4bb66

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 687D 361 KB
121 KB 82ms
24ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19542

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 687D 398 KB
128 KB 61ms
61ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/4/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19542
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 11 Jul 2023 01:34:29 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 081D 0
0 51ms
51ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvZDiITJKTXCTprovJNHPOy6HmDD65IHBlu8Bw30TRYpnVK6ugZnzmDUvkHXpw4VSaakGq7HCUyDykxX1FWgvc-1WY7qWdVVkqm6bCYL1Fho-LhV6cSYf0MC0rJ8F4Z4jxHpeBKTON0_42mJfuGbS2_tYxoiR9skUUjMD__azbw3x2UbY-3aIbDAgUhUgf0yyh1mwSOr4m4jyMzN0aJr3viu0hxGiHP4IJvJNE2Wfg5fZL5tMWLx7HwLs8xe1QyTalnaILEG4dMfmIVSfwv8fX_EtgnA3E3bdk_vr2ienw4l-mNPhDbBBAtIIA2FR1eXs9K_VHPOKTCgjQvFMfm8x_wHB7QkNt-CdNB_0ye8o8BMFjTnfuCHW0hFQ&sai=AMfl-YQCTkfmUPhb0qKeJ0pNRDnhB8ucRdTSkvRB1NIHLzSviBSDsLxMRgUzbR0n3Y-Ao-3PexNQE9k4wTvNwoEho2No4yomH3_g0Uw2PhAo1qw&sig=Cg0ArKJSzOXq92pLfRwoEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306260101/ Frame 081D 344 KB
118 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com&bust=31075720

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d719df8da55b9e8934e65f0fbc552f25b4809a36b556ed040a67307af9aa8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121167
x-xss-protection: 0
server: cafe
etag: 744934513833078245
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
DATA 200
OK truncated
/ Frame 081D 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 626f0a9606723534aa328beaa16889e571c7dccc4246585ef4cee9be40fe430e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 56EB 107 B
122 B 22ms
22ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8982 0
16 B 94ms
93ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469665&bpp=7&bdt=130&idt=100&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=6952096147840&frm=8&ife=1&pv=2&ga_vid=1967166655.1688434470&ga_sid=1688434470&ga_hid=763540579&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1591888921&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31075643%2C44788441&oid=2&pvsid=1771576481624570&tmod=2143859329&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.ax4ukjm9ptw7&fsb=1&dtd=114

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7528 40 KB
15 KB 268ms
267ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469673&bpp=2&bdt=139&idt=111&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6952096147840&frm=8&ife=1&pv=1&ga_vid=1967166655.1688434470&ga_sid=1688434470&ga_hid=763540579&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1591888921&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31075643%2C44788441&oid=2&pvsid=1771576481624570&tmod=2143859329&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.hewjabwrvl9w&fsb=1&dtd=114

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

747e78abf4d234d1b7a713ee07dddf20296f3ee8ebbd9614d282490973ecff2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 14928
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 081D 107 B
122 B 23ms
23ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com&bust=31075720

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8390 0
16 B 97ms
96ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407280060&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469755&bpp=2&bdt=209&idt=75&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&nras=1&correlator=4316939624482&frm=8&ife=1&pv=2&ga_vid=1622227721.1688434470&ga_sid=1688434470&ga_hid=995122130&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1330051604&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075720%2C44788442%2C21065724&oid=2&pvsid=1047029687176492&tmod=857679626&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.mhj3ponx5y2g&fsb=1&dtd=88

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3E4A 23 KB
11 KB 502ms
502ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469757&bpp=1&bdt=211&idt=91&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4316939624482&frm=8&ife=1&pv=1&ga_vid=1622227721.1688434470&ga_sid=1688434470&ga_hid=995122130&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1330051604&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075720%2C44788442%2C21065724&oid=2&pvsid=1047029687176492&tmod=857679626&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.404gpo8jyt3q&fsb=1&dtd=94

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fbf81e0d97d6e931c400c9836f733321913decf16e6e630ae8214f80dd8f408

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 11080
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame ED9B 6 KB
3 KB 16ms
16ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
expires: Wed, 03 Jul 2024 01:34:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame ED9B 24 KB
6 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 480698
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame ED9B 140 KB
48 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d007ead397222e77f19087194a07285000fba7ee4f4a32b4d0872ef83a6d6ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Origin: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49210
x-xss-protection: 0
server: cafe
etag: 3723984929503061858
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame ED9B 179 KB
56 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ED9B 0
0 55ms
54ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssPCw5wHRdxg2XdL6mkHhZVHuLDpgc-J3Z6P_by-fCRQ6Ms0gDAH3c2CctNWc0gzvef0YMFy849NpBqcWD6d9Axci4DySOGXK0MrMze5HZBDDULuf5l4Obq2dBd-8oYbJhfUZ9i8kaesAPMoDhQ_Wk5J9EwwUXyAoxl9gv5o_fX2xTzUWvdmP6sLa7QMHaIFfdouwFt-CpqOrAdkjNoc1UhLfVmp3sp79SGDG69DgUJUK8arkS7oN0mpb2euHi0MKWQx0kCwB9DTY-CY4hVkHmzYtBKN9Nu0s3-z6rhkki2lwQhy3im16StQG7hzDhfd71FA6TtoRcc3MT4LoPcUdmwHLDFgOl9J_uyN-cf&sai=AMfl-YT4y6CTuHI6iKm8eGPS8Iw4eH3Jf1o7Qn73SxG4VIhW51O1i4oD5rW0avgbObQlKAapOWX0NIE70IX7xCA6In60ckn_dEkBk6EmDAnPHQ4&sig=Cg0ArKJSzNSfly64okUWEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame ED9B 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7fa3bd9fb02adcdbda79e6f4bcd98e5a34d60e3d6e1a51fd4e00e8ea36a21b97

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/ Frame ED9B 346 KB
119 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

531efcf467f07f13139ede98550d0e1a5f4e047caccc429c803c9458980a0e95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121736
x-xss-protection: 0
server: cafe
etag: 4088375048874906450
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame ED9B 107 B
122 B 22ms
22ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A5DA 0
16 B 69ms
69ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407281013&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A66048%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469975&bpp=2&bdt=77&idt=70&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=7063830586675&frm=8&ife=1&pv=2&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.kz6ptqq7btoi&fsb=1&dtd=82

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 18A4 32 KB
14 KB 253ms
252ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=4198791702&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469977&bpp=1&bdt=79&idt=86&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7063830586675&frm=8&ife=1&pv=1&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.p9fsirxhsypb&fsb=1&dtd=104

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1cc0edd260beaf907ec352cce5412dbd6b3e59c1686f561c798942670a706dfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 13893
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5641 6 KB
3 KB 14ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
expires: Wed, 03 Jul 2024 01:34:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9A94 0
0 60ms
60ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CjGfHJXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTTAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCI2F-RXV20T7a-ARRukSp4bVPl4qxuA15j1Ll0QgsjyhgLBf6h7Q2ABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNjU5MzUyMzIxMDAxMDE1NBgA&sigh=OGAHoY306WQ&uach_m=[UACH]&cid=CAQSKQBygQiDrviBqJh_XSFonXt75kpZp94w80KbUG6Dr9KYnVFrVywfud8jGAE

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469673&bpp=2&bdt=139&idt=111&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6952096147840&frm=8&ife=1&pv=1&ga_vid=1967166655.1688434470&ga_sid=1688434470&ga_hid=763540579&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1591888921&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31075643%2C44788441&oid=2&pvsid=1771576481624570&tmod=2143859329&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.hewjabwrvl9w&fsb=1&dtd=114
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 9A94 0
0 70ms
22ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1kb9xhd9w660wnztwtkvm77c7ey3y7eh1f3btdqsjjtw273mpb1xgatbeqbst7ah8t05rj0hcajfqtyatjrcftdx0phsbxqdrmt3pwbhsm0929gxjned15zmmz0nsajjta920zcfpzca4a9cw8b3qmym88bym9sfx85rpy3s6mvmam9gcf6dpc50dac0nysezhmxn3pvn8ne0gn5r723m4x2vvw8w3gecmsqkcsnpazjgb2yds92zvy8tqm8j45hwh2kcxwr8na8tegb3dxrz1xvwxe6dvnr0p4r31h7thgpb24g6js3mjg34wbvpjzs3x8knhe46k5wjyxdz7w7x9cr2h75dv00wz4ntmh3zy453vmz20njxvs3byr7mhrqtrmf8xazeqz8js6y&b=ZKN3JQAMmEwKwl6eAARc4_Lvr9t3rfIUtRpx6A
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame B349 2 KB
2 KB 55ms
29ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1gxp9bvx45prbx5xcv28rrhgj9jmnte2j733q5gh7t3zyr2kzn0p1yzs3kfqpxgshnsq0gv36jr6cwfdg6tyx03ngz809b7fbf5733z5qtd1zbcqbzmpmkggrktsxy6c8krfwd5f8bqw0r74qr38s8r068j48xpv32ke8ve79r5t5sxb69abnrc8hwzbxy0mvegedeb57z8d2nkdmp2q3aw34ga91hymgz0kmn2vtr7r1rrnnfmgddzrxnt57de1xgz23a6ktpe2xd0cbqvp6n409anr2vqtykghyrz5bvcf2rxes0pz2avtg3fajyy9yzw44f5y828k140wn1crccf6bw79d4t9qj9pkg8nfk82ndqk088m78scb17yqabz04v9h3fnyykws2vk5gskprgccznwaabsxtzd7e0hepv409483847ccpxnhdp0k9zndyk0rk350&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469673&bpp=2&bdt=139&idt=111&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6952096147840&frm=8&ife=1&pv=1&ga_vid=1967166655.1688434470&ga_sid=1688434470&ga_hid=763540579&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1591888921&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31075643%2C44788441&oid=2&pvsid=1771576481624570&tmod=2143859329&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.hewjabwrvl9w&fsb=1&dtd=114

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de9ba43245468758a82e5d578144ef63641d63158b7a2caf4cbbc74c0f2d1e9d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e13a04e6a875c4a-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 9A94 3 KB
1 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8E70 1 KB
643 B 14ms
14ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64698
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 9A94 20 KB
8 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9A94 0
0 59ms
22ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQCyc7cm5FH_vx1ROkN9w6wSdGyltL2ETXzFSN1EkV5ZyJZmInQTQnZl1VG0TE_Xqu_-5MecQxhdcGFhX49kdFRWj-49g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469673&bpp=2&bdt=139&idt=111&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6952096147840&frm=8&ife=1&pv=1&ga_vid=1967166655.1688434470&ga_sid=1688434470&ga_hid=763540579&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1591888921&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31075643%2C44788441&oid=2&pvsid=1771576481624570&tmod=2143859329&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.hewjabwrvl9w&fsb=1&dtd=114
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9A94 179 KB
56 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 container.html Show response
a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3859 6 KB
3 KB 15ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
expires: Wed, 03 Jul 2024 01:34:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E9D3 6 KB
3 KB 14ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
expires: Wed, 03 Jul 2024 01:34:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/022306200257000/ Frame F050 222 KB
62 KB 69ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abfe6a17fc75d4b26c8f3e39ec2ce6b16c89dbf538c25f38c5dadc2667234060

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61942
x-xss-protection: 0
server: sffe
etag: "b4cd76c609c43877"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/022306200257000/v0/ Frame F050 15 KB
5 KB 109ms
56ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5232
x-xss-protection: 0
server: sffe
etag: "b6c1e0819a00bf67"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/022306200257000/v0/ Frame F050 94 KB
28 KB 104ms
51ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28873
x-xss-protection: 0
server: sffe
etag: "cc5f81c980c60298"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/022306200257000/v0/ Frame F050 5 KB
2 KB 108ms
55ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "777d926b63ef2b03"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/022306200257000/v0/ Frame F050 40 KB
13 KB 109ms
56ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12958
x-xss-protection: 0
server: sffe
etag: "f8cf730e7f998e5a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame F050 14 KB
1 KB 84ms
25ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 00:32:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 tr_bl.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F050 3 KB
3 KB 15ms
15ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr_bl.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb8e687f8ef4d4838ea77f88aa15f238529f8273aa2d22b7efc8ff18460f7757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:03:50 GMT
x-content-type-options: nosniff
server: cafe
age: 48640
etag: 2395455429816220802
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3040
x-xss-protection: 0
expires: Tue, 04 Jul 2023 12:03:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F050 344 B
368 B 15ms
15ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 23441
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 04 Jul 2023 19:03:49 GMT

GET
H3 200 container.html Show response
a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 78ED 6 KB
3 KB 16ms
15ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:29 GMT
expires: Wed, 03 Jul 2024 01:34:29 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 5641 8 KB
1 KB 71ms
24ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 00:53:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 5641 15 KB
3 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.css

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 560515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2883
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 5641 371 KB
127 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 560515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130330
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 5641 20 KB
8 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 5641 24 KB
6 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 480699
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
DATA 200
OK truncated
/ Frame F050 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F050 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 279e1166ebe0e7d7d3aa3f8ffd9db6569495f0f4d8b9aa8fdc468898f449471c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/022306200257000/ Frame 4F87 222 KB
61 KB 57ms
40ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abfe6a17fc75d4b26c8f3e39ec2ce6b16c89dbf538c25f38c5dadc2667234060

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61942
x-xss-protection: 0
server: sffe
etag: "b4cd76c609c43877"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/022306200257000/v0/ Frame 4F87 15 KB
5 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5232
x-xss-protection: 0
server: sffe
etag: "b6c1e0819a00bf67"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/022306200257000/v0/ Frame 4F87 94 KB
28 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28873
x-xss-protection: 0
server: sffe
etag: "cc5f81c980c60298"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/022306200257000/v0/ Frame 4F87 5 KB
2 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "777d926b63ef2b03"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/022306200257000/v0/ Frame 4F87 40 KB
13 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022306200257000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 27 Jun 2023 21:54:02 GMT
age: 531628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12958
x-xss-protection: 0
server: sffe
etag: "f8cf730e7f998e5a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jun 2024 21:54:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4F87 14 KB
1 KB 48ms
25ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 01:23:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 tr_bl.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4F87 3 KB
3 KB 15ms
15ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr_bl.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb8e687f8ef4d4838ea77f88aa15f238529f8273aa2d22b7efc8ff18460f7757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:03:50 GMT
x-content-type-options: nosniff
server: cafe
age: 48640
etag: 2395455429816220802
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3040
x-xss-protection: 0
expires: Tue, 04 Jul 2023 12:03:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4F87 344 B
368 B 15ms
15ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 23441
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 04 Jul 2023 19:03:49 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4F87 0
0 23ms
22ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSpIhVf-EVY5fOr1VmfbSZY4M94LC7RMNj2U7YB0hgJvodlp9FsjsX3bVDiP-DaDBZWDdxMAd8Qm33xPu8c9SVotNpQxQ
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/imp/ Frame 687D 0
209 B 49ms
49ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/6363a944e4b0125bde9e6739?g=1&t=cpc_annotation&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688434469045&userId=vnetac2305d7-3763-4e40-b58c-79645b958670
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:30 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame B349 114 KB
14 KB 21ms
20ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gxp9bvx45prbx5xcv28rrhgj9jmnte2j733q5gh7t3zyr2kzn0p1yzs3kfqpxgshnsq0gv36jr6cwfdg6tyx03ngz809b7fbf5733z5qtd1zbcqbzmpmkggrktsxy6c8krfwd5f8bqw0r74qr38s8r068j48xpv32ke8ve79r5t5sxb69abnrc8hwzbxy0mvegedeb57z8d2nkdmp2q3aw34ga91hymgz0kmn2vtr7r1rrnnfmgddzrxnt57de1xgz23a6ktpe2xd0cbqvp6n409anr2vqtykghyrz5bvcf2rxes0pz2avtg3fajyy9yzw44f5y828k140wn1crccf6bw79d4t9qj9pkg8nfk82ndqk088m78scb17yqabz04v9h3fnyykws2vk5gskprgccznwaabsxtzd7e0hepv409483847ccpxnhdp0k9zndyk0rk350&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1gxp9bvx45prbx5xcv28rrhgj9jmnte2j733q5gh7t3zyr2kzn0p1yzs3kfqpxgshnsq0gv36jr6cwfdg6tyx03ngz809b7fbf5733z5qtd1zbcqbzmpmkggrktsxy6c8krfwd5f8bqw0r74qr38s8r068j48xpv32ke8ve79r5t5sxb69abnrc8hwzbxy0mvegedeb57z8d2nkdmp2q3aw34ga91hymgz0kmn2vtr7r1rrnnfmgddzrxnt57de1xgz23a6ktpe2xd0cbqvp6n409anr2vqtykghyrz5bvcf2rxes0pz2avtg3fajyy9yzw44f5y828k140wn1crccf6bw79d4t9qj9pkg8nfk82ndqk088m78scb17yqabz04v9h3fnyykws2vk5gskprgccznwaabsxtzd7e0hepv409483847ccpxnhdp0k9zndyk0rk350&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 483684
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYEqZz3fCS4H2fSy%2BS2y1F4mC32BTsn2cwrDFZcHw8Cr9%2B8y%2FnJqAYlkdRZ7g%2Bx2REGPs%2F27Lku3%2BSJmjs%2B8JD6hArl%2BomreLNMH18ZR2ZcNtWpdh5utt0Y3w8WgMpsXWUAeLeKBA5w%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e13a04eeadc5c4a-FRA
expires: Tue, 04 Jul 2023 02:34:30 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame B349 25 KB
10 KB 41ms
22ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gxp9bvx45prbx5xcv28rrhgj9jmnte2j733q5gh7t3zyr2kzn0p1yzs3kfqpxgshnsq0gv36jr6cwfdg6tyx03ngz809b7fbf5733z5qtd1zbcqbzmpmkggrktsxy6c8krfwd5f8bqw0r74qr38s8r068j48xpv32ke8ve79r5t5sxb69abnrc8hwzbxy0mvegedeb57z8d2nkdmp2q3aw34ga91hymgz0kmn2vtr7r1rrnnfmgddzrxnt57de1xgz23a6ktpe2xd0cbqvp6n409anr2vqtykghyrz5bvcf2rxes0pz2avtg3fajyy9yzw44f5y828k140wn1crccf6bw79d4t9qj9pkg8nfk82ndqk088m78scb17yqabz04v9h3fnyykws2vk5gskprgccznwaabsxtzd7e0hepv409483847ccpxnhdp0k9zndyk0rk350&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 560911
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTL%2BGXxrshzi%2BxpbOtflINXQEfnn9Btk977eH6OrF6vRdmibOE54YD0Cf1xvUuQS8UGWTZhl31waTA9RhlqOBREDA3yZJW2%2FXA0c1Kp0g0PCqI1QBBYn4N45KT1jBW3Jj8VQ1cY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7e13a04f0afe5c4a-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 20 Jun 2023 13:46:18 GMT

GET
DATA 200
OK truncated
/ Frame 4F87 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4F87 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9293a96016a7c949a07a2c83d3ac8e460c11c7ecbfeead17c2d24e7532174bd5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 70FF 624 B
245 B 27ms
26ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNViawO1M0zSDcq4-NKvWgI9OMvJ6Fmf0FygNp5pEN7UlJrUNpml4FiBntEJK_KLCojsucqXWRnSz7csxRIvAqO1biz4YYRjqhCcWVIlODnHf09isBT2sz4MK8oNIJkyaP3bJQM1iS28S5LdiOxxMcxzNaZGuk6XJVb07icofutKi8KWHbI

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
expires: Tue, 04 Jul 2023 01:34:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3859 78 KB
27 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3859 42 B
63 B 48ms
47ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BYuZ5bsD9SkbtxnEpxSjORV6eael86Y1GHTlFoYGbkxZNXTzC175t2VCUh4VGCm6FdACKk5eOLvuuBhyFSmnOWcBxbDCsgR1b9u-ubfsp-RZw9IX8

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3859 0
20 B 86ms
85ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16649778528959869898&x=1&ct=76

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 3859 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 3859 20 KB
8 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3859 0
0 23ms
22ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTvXlH9EHUUs3QkWxjA8VVUtecfEyJWoQX51O2ywzLjs5efGI1mnMIOZXa6CmkOPr9Wwn6sn7d96_8qP1RD_8UT0TTnVg
Requested by: Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3859 179 KB
56 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4615 640 B
265 B 33ms
30ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNUiQPyqOTWSbu0HyQh_H0LKFFC3j3FWDlcWrJgyjhEOXVXnuuK8gQkzvCmCeR5Bhgkn6c7crZa_RybcKjoM7P1dc6nLVN0F493Y0NsgiykVvIrIrRjQznC9-iD4eV4NYxYXRJYnBO2lHe6qhWnk4lvCMThIje8xWGH3YoWzHRfHC3_8Y5o

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
expires: Tue, 04 Jul 2023 01:34:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E9D3 78 KB
27 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E9D3 42 B
63 B 53ms
49ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C91PjG14aGjEunAqzfgv_BxsgzobmpCgcpqgY4TBMvkb9yysQ2ppcSbCoArXKmANwaMgmxWTIy8UQjMIZqEkOEQQbs5AM0IUv3LvpR-Wrw-kEGBn8

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E9D3 0
20 B 50ms
46ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4327747964730546047&x=1&ct=76

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame E9D3 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame E9D3 20 KB
8 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E9D3 0
0 26ms
24ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT48901VTjXBzE5hoa3r67nu8EUBHbfJ5bqc0xL1H8NW_posymGW7Qvt3J5YhXhbTwSGUtYqRZpH6LfiZoBbB9lZ3xl9w
Requested by: Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E9D3 179 KB
56 KB 32ms
30ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 8E70 0
104 B 98ms
25ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEJBIgNB5mTnjKpG4CLbjYqs&google_cver=1&google_push=AaAOQGH4xz2MvMSry1IyLEZgGBfDs5dZqgRD45-QV0khjk5xKQOwyHmWnjF-zV-EyB8UX7yLuOnR8Xs_3pQv8e8d8D_gcMVzk19SFJY
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469673&bpp=2&bdt=139&idt=111&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6952096147840&frm=8&ife=1&pv=1&ga_vid=1967166655.1688434470&ga_sid=1688434470&ga_hid=763540579&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1591888921&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31075643%2C44788441&oid=2&pvsid=1771576481624570&tmod=2143859329&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.hewjabwrvl9w&fsb=1&dtd=114
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8E70
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEBTe4Kjw0RdQLTa28GjaJVQ&google_cver=1&google_push=AaAOQGESqxSqtcrI0Gw2HWfZJwLlqtfT2iZPBdCO4aMa3PIKITekSOlZUE4T_rnYu39p1dCe9gC7jUwt9DhSHlJv...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGESqxSqtcrI0Gw2HWfZJwLlqtfT2iZPBdCO4aMa3PIKITekSOlZUE4T_rnYu39p1dCe9gC7jUwt9DhSHlJvpkYEyPwC7jUV4g

170 B
243 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGESqxSqtcrI0Gw2HWfZJwLlqtfT2iZPBdCO4aMa3PIKITekSOlZUE4T_rnYu39p1dCe9gC7jUwt9DhSHlJvpkYEyPwC7jUV4g

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 04 Jul 2023 01:34:30 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x5 config_version:"1524"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGESqxSqtcrI0Gw2HWfZJwLlqtfT2iZPBdCO4aMa3PIKITekSOlZUE4T_rnYu39p1dCe9gC7jUwt9DhSHlJvpkYEyPwC7jUV4g
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 04 Jul 2023 01:34:29 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8E70
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_push=AaAOQGFn-Iki_QAy4ayUw9wHZZexqLqNa41du53j0oP2nspHKKGDMgwhnN...

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_push=AaAOQGFn-Iki_QAy4ayUw9wHZZexqLqNa41du53j0oP2nspHKKGDMgwhnNSYNG12UV99ZJdZYQzfHUHxHEKzutjCXPir7lrRf0HaG0c

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230056-FRA
pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1688434470.303720,VS0,VE96
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_push=AaAOQGFn-Iki_QAy4ayUw9wHZZexqLqNa41du53j0oP2nspHKKGDMgwhnNSYNG12UV99ZJdZYQzfHUHxHEKzutjCXPir7lrRf0HaG0c
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8E70
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEGXq-h0rS_6EFVZnW7bvBVM&google_cver=1&google_push=AaAOQGG230A_kJR4YRHYPY6rHWmlNAO9V26ckJUp6lx8-XJe_5pRaNIAID6sQla4qGInsZQwr4YI59LrmRd9nP4UhVS3hlJ1LlnqUfg
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1987F99561AD4CC99396BE570392C16D&google_push=AaAOQGG230A_kJR4YRHYPY6rHWmlNAO9V26ckJUp6lx8-XJe_5pRaNIAID6sQla4qGInsZQwr4YI59LrmRd9nP4...

170 B
232 B

25ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1987F99561AD4CC99396BE570392C16D&google_push=AaAOQGG230A_kJR4YRHYPY6rHWmlNAO9V26ckJUp6lx8-XJe_5pRaNIAID6sQla4qGInsZQwr4YI59LrmRd9nP4UhVS3hlJ1LlnqUfg

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1987F99561AD4CC99396BE570392C16D&google_push=AaAOQGG230A_kJR4YRHYPY6rHWmlNAO9V26ckJUp6lx8-XJe_5pRaNIAID6sQla4qGInsZQwr4YI59LrmRd9nP4UhVS3hlJ1LlnqUfg
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 03 Jul 2023 01:34:30 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 8E70 0
173 B 60ms
19ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEJYhYq1FiG51ax3Ygw6AJP0&google_cver=1&google_push=AaAOQGEA_nk9dlte3qjlQ9_lOOilG51D67pON3_NQPWDO6MNuEVgpKMoWt_cupe1YgtmjgGKwOidQyyotCubXn8K894_yWn3k9G-l6w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=100&slotname=3173123908&adk=2061921259&adf=4198790052&pi=t.ma~as.3173123908&w=320&fwrn=16&format=320x100&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469673&bpp=2&bdt=139&idt=111&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6952096147840&frm=8&ife=1&pv=1&ga_vid=1967166655.1688434470&ga_sid=1688434470&ga_hid=763540579&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1591888921&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759926%2C44759875%2C31075643%2C44788441&oid=2&pvsid=1771576481624570&tmod=2143859329&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.hewjabwrvl9w&fsb=1&dtd=114
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8E70
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHefh5OzxGZGGDM-F4hxMko&google_cver=1&google_push=AaAOQGHC_InihgvCaEIke92U7Oq0h54Yt3UR1AuM1488OJ6Z95bsWR2O2XiHvV9sz7QEkU2nT2_-2HuXqSEuILnE...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGHC_InihgvCaEIke92U7Oq0h54Yt3UR1AuM1488OJ6Z95bsWR2O2XiHvV9sz7QEkU2nT2_-2HuXqSEuILnETEMwurHVnkwZQg

170 B
232 B

25ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGHC_InihgvCaEIke92U7Oq0h54Yt3UR1AuM1488OJ6Z95bsWR2O2XiHvV9sz7QEkU2nT2_-2HuXqSEuILnETEMwurHVnkwZQg

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGHC_InihgvCaEIke92U7Oq0h54Yt3UR1AuM1488OJ6Z95bsWR2O2XiHvV9sz7QEkU2nT2_-2HuXqSEuILnETEMwurHVnkwZQg
x-host: tde-deliveryengine-production-7c97bc8457-bn8lx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 8E70 43 B
363 B 71ms
16ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEBPtUc9nQvmYwZMH0FWHXjs&google_cver=1&google_push=AaAOQGG0o2XtronnFKeOa5c5wzKRDG0r0CjVbepa6KK9q_t1xZPZjvf6mAnR0hsMzgHy_zoOe__CGC7-6hmtWPPhlo9yA5PgH6TkeQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 281795
expires: Tue, 04 Jul 2023 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 8E70 0
139 B 75ms
21ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JMqXggVx1XiWvQZnmUYZ-O9b1SLps3LJIqhIJpfQFwXaGh-F5HJ8FVkudQPNK6DMjXWYfU

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 9A94 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 20dc60e8301bdd09821099c5dcdcf491bd85bff57412af9d1af5da82b57f5c89

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B7B3 466 B
235 B 28ms
26ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNUEoiRsoXTutyADv4owyItYM5xUAlMwV09IKo4m0x8vA7R1DV9BzLaAC7DQRdkHD7YSMkwx02I0rNByP-PXIvxzOAZXrTniNOylqt5K9CpDigY3-sqIpiCMRznpVSesI_lp5sf3xG1Uqt24jybwfFGXRJyQExFog9HbzLZMD57exqj7ye4

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 78ED 78 KB
27 KB 35ms
33ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 78ED 42 B
63 B 52ms
50ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cna2jlONeTdKaLDkH-G4Pxs01Ii2a7EqRW_L7vretNy7vtcFNHcjU7oyd9p1E5ILSjX9meI9Xhd_87hrO_o1UGhfTVJjZmApk6Si0dYQ8NSZsSQZU

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 78ED 0
20 B 88ms
86ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5753422534519287465&x=1&ct=76

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 78ED 3 KB
1 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 78ED 20 KB
8 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 78ED 0
0 24ms
22ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS9u6bL2sWV4prG-GEBkJ-4dwK13hqcdW-4pYDYjm3_4yWBBTgNVs41QcyS7zJvWOVs_FLXTkFO4nq0PYr5g5BODisT9A
Requested by: Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 78ED 179 KB
56 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 70FF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlsXZV7QFtlm5dlEV-dG70&google_cver=1

43 B
766 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlsXZV7QFtlm5dlEV-dG70&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNViawO1M0zSDcq4-NKvWgI9OMvJ6Fmf0FygNp5pEN7UlJrUNpml4FiBntEJK_KLCojsucqXWRnSz7csxRIvAqO1biz4YYRjqhCcWVIlODnHf09isBT2sz4MK8oNIJkyaP3bJQM1iS28S5LdiOxxMcxzNaZGuk6XJVb07icofutKi8KWHbI
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jul 2023 01:34:30 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlsXZV7QFtlm5dlEV-dG70&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 70FF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKN3JtHzhkwBhM-FvgQQkgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlsXZV7QFtlm5dlEV-dG70&google_cver=1

43 B
766 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlsXZV7QFtlm5dlEV-dG70&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNViawO1M0zSDcq4-NKvWgI9OMvJ6Fmf0FygNp5pEN7UlJrUNpml4FiBntEJK_KLCojsucqXWRnSz7csxRIvAqO1biz4YYRjqhCcWVIlODnHf09isBT2sz4MK8oNIJkyaP3bJQM1iS28S5LdiOxxMcxzNaZGuk6XJVb07icofutKi8KWHbI
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jul 2023 01:34:30 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlsXZV7QFtlm5dlEV-dG70&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 70FF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBMj8BarI8a_fvdCzll4AEU&google_cver=1

43 B
1 KB

20ms
12ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBMj8BarI8a_fvdCzll4AEU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNViawO1M0zSDcq4-NKvWgI9OMvJ6Fmf0FygNp5pEN7UlJrUNpml4FiBntEJK_KLCojsucqXWRnSz7csxRIvAqO1biz4YYRjqhCcWVIlODnHf09isBT2sz4MK8oNIJkyaP3bJQM1iS28S5LdiOxxMcxzNaZGuk6XJVb07icofutKi8KWHbI

Protocol

HTTP/1.1

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jul 2023 01:34:30 GMT
AN-X-Request-Uuid: d227e82f-6c50-4ed0-ba36-b5b3f79c8ab8
Server: nginx/1.23.4
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.130; 178.162.209.130; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBMj8BarI8a_fvdCzll4AEU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 70FF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM5NTQzMzU3Nzg5NTgzNzg4OQ%3D%3D

170 B
188 B

27ms
26ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM5NTQzMzU3Nzg5NTgzNzg4OQ%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 04 Jul 2023 01:34:30 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 178.162.209.130; 178.162.209.130; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 2c048951-e915-4f5e-b88c-387d27830b61
Server: nginx/1.23.4
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM5NTQzMzU3Nzg5NTgzNzg4OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 4615
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG9sb54_uR02nCI5ah-7ex8&google_cver=1

43 B
114 B

20ms
19ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG9sb54_uR02nCI5ah-7ex8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNUiQPyqOTWSbu0HyQh_H0LKFFC3j3FWDlcWrJgyjhEOXVXnuuK8gQkzvCmCeR5Bhgkn6c7crZa_RybcKjoM7P1dc6nLVN0F493Y0NsgiykVvIrIrRjQznC9-iD4eV4NYxYXRJYnBO2lHe6qhWnk4lvCMThIje8xWGH3YoWzHRfHC3_8Y5o
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG9sb54_uR02nCI5ah-7ex8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 4615 43 B
304 B 58ms
19ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNUiQPyqOTWSbu0HyQh_H0LKFFC3j3FWDlcWrJgyjhEOXVXnuuK8gQkzvCmCeR5Bhgkn6c7crZa_RybcKjoM7P1dc6nLVN0F493Y0NsgiykVvIrIrRjQznC9-iD4eV4NYxYXRJYnBO2lHe6qhWnk4lvCMThIje8xWGH3YoWzHRfHC3_8Y5o
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 4615
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEFKsPv0AvbdSTa2b1WqLMXQ&google_cver=1

23 B
163 B

33ms
33ms

Image
image/gif

2.18.161.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEFKsPv0AvbdSTa2b1WqLMXQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNUiQPyqOTWSbu0HyQh_H0LKFFC3j3FWDlcWrJgyjhEOXVXnuuK8gQkzvCmCeR5Bhgkn6c7crZa_RybcKjoM7P1dc6nLVN0F493Y0NsgiykVvIrIrRjQznC9-iD4eV4NYxYXRJYnBO2lHe6qhWnk4lvCMThIje8xWGH3YoWzHRfHC3_8Y5o
Protocol: H2
Server: 2.18.161.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-51.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 04 Jul 2023 01:34:30 GMT
pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEFKsPv0AvbdSTa2b1WqLMXQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 4615 23 B
163 B 81ms
34ms Image
image/gif 2.18.161.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNUiQPyqOTWSbu0HyQh_H0LKFFC3j3FWDlcWrJgyjhEOXVXnuuK8gQkzvCmCeR5Bhgkn6c7crZa_RybcKjoM7P1dc6nLVN0F493Y0NsgiykVvIrIrRjQznC9-iD4eV4NYxYXRJYnBO2lHe6qhWnk4lvCMThIje8xWGH3YoWzHRfHC3_8Y5o
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-51.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 04 Jul 2023 01:34:30 GMT
pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame F050 33 KB
34 KB 53ms
14ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 19:09:17 GMT
x-content-type-options: nosniff
age: 541513
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 19:09:17 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 4F87 33 KB
33 KB 64ms
29ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 19:09:17 GMT
x-content-type-options: nosniff
age: 541513
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 19:09:17 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3859 0
20 B 49ms
49ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6978809534426&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3859 0
20 B 50ms
49ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6978809534426&version=m202301230201&ct=76&x=1&cor=16649778528959869000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3859 92 KB
37 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwsLOsioDqENgIwNRwc9KTDb83oGAfrgWpnjfdKXpO8ib9VV1JoEMtWbsiF7slWFB_u491_9QuRkgvJVZbctyMEK_2jKnFWc9-xSjl8SwqveI-mqs&cry=1&dbm_d=AKAmf-DKGWUphd7dYTRpGnU2hgxqBmdXA6vPzetHvMo8yd0nbCcNqZcH0ATQYjb_upYuXZua3iJMEVYIfRDSNLiXVWMECDbV_Gn9fSz6A_Jq5stAon6TJhg_-XAdVun5tjPt6cAZdn87jHkfrbARhd7cQdPaUK6qo4kYMMoPUgLoeRxMxL3Rg_H2IgJelBWZ9XuazBlspreEGXw13m_v2x_bnatYZMEhStF7PEATkfaScEQEkUb6ee_08zUOqd4x0nlQgWDRMCUkyVTlhWjypODmDcHk7-ZrrE84Sanr9CeG-J_4sOSLpSKWxWJEdLAIbCMG7xEXA2EJ6DrhZhs6AVtbjt7iGptzZeUu7Dd8gNWMCNc-moyld9AGJ32kiJbmbGHNLlN5D0D0DghNqjGwXuBWRRclBsitl-0TDoDCZRwPCl0h2e-mi9PW8-3fYMjXn0N0rWRSuw0XbiGQd6k5HzoLujJH5lV1pAHF7FNz-bT3e_r_I1JOYPUP5IqqfedaVc595cMm8s99XypwG359SpTedRQlfJUTAg_4qz_18HKs0uQHv_iwg3xwJ9v1aQWrJyk5leG1GQIi3VP7g80yx2m9Rg58jzntkb35ks0-pJRj1qkYIHGhlRLtndbFRuUgNJ8av877qu2sB2NFQLkkgIst5dbgbLWVP3I5LZDDRRWXEkyCExTn0b-7FZ_MEzTrlACOkEyaxXwO1qKHM3jF2Bqd05jGkrhYRXYCRIMFBBomhr7rKtHiAnd01WxYWqb8Y2Kci9NQ6h074NlwgH0-fHAPGFfBz-_68l3Y8wXD04i_NkQamNvsdFyHowmw80mXRjbwI-Cjh8NhIexheCKYZu00hdci8z3-SAhL7bJ43KK2SGlwccNiBjoD40J2qElKNJvkpWoLkPE17snUjXuM-WR-MruCdT_SLHVyd2UYvGfcUWPqPU8uIuHPaTFIogHQhvDS5_A35jLvQ0gjeILAbSTQH03emQFc9UrqVrHay3XhhKyu39etYoehLFqkAL52L3Mu42D4_MyV7WfyBePXCSMMbpFVxZh_mHfsiDSrVv3D7fE-7nRFM_gVuDI_gHhmjf_yefCr5GEjIx1bYp6BoJrhPXDGDjqMaaoGua2eNcjF3wBWJ_gZzxZXRbhziIynZWvRqKPDa8TxXSLzz_lgzRBdRJdSCjeFcRlFAR-f4x032fD9YPV0N1AcF243Ukwwhs5ERXL-XTTuw3Ex2ns6qyml2_qAkPwmRhQQm6ePqd3ehkVPfbJH3YBDiXAbGw5v-qOhms7rVOJsRG96Cv9cxohQKf_hSyiSkxyMpdGZVnGlvJKN6pvZWZzjsOAFSOKCRRgUCAtv8EURjtK4O2o7E5SoVEKjq6ycdYaO204VYGprGc5VCvyEcLv314P5Ay55Ynjql4XBIjSY4zg8RODp6RaiXw8VVnchLQxHdggznTjno19CSwKx0NN63kN-KB0tlUtqc-3XW2zzl26gUT3FV3dJUHOCg-s0vjZQN-VateiiFyEJGG-8MRmz4Aicwcy5-fzYT6VtNJg1WOzm3cLTy53AtnghHhzl7TM6LLoOVdPpEkirK2vdmN1AjFA4vply7PDXiWM14Cdd2pVfWYFsx8TUa9xO4aaDZ-0meAYWf9YgU5976lTiXkHowgLYcS_C9QrR0YCYSaD8YolzUISW3rIaZSV_wpaIzoFakou2iXmpAxgU4iXV3d1_eKfQffjkVtWxppUqOsK3CMRv4jI83-VMrx2oR_PQbociHDtDS26RrYhLmh4nPeJc7xBjhYunbEBed4Hwn64ZYhuSZfnybTIArUfEUI9leP-ZLj1xflNJnMlgfnAFPBak_qy7_-lx2qLV9U6cmBuJ2iB6iAJWpGT28_CGvUAspbOBfmAaoxbTJBx_hVBVJ2V1_ej3rVHptq_rsO2mcQbsHsQvbRJ5cDKijPHYtO1wJRwIc2TfF1Ll7g_MsVyXh_MHXhPj7khCBY1yfgIHHtwnvbJ_f00UXyY5Aps7cXkQzHX6EaSXkStHERyszs_TB8qkzoVqPnPtc2etGlowzUF2MMHl-82FsFXbVHRMBUIfurRoMgVv6xIuYDOmEG8Xlw51ePK5efsAjo7X3bt-iPEJeFQGHu0GfUxM3OzFdjQlgQqEnoeW9-R41jStue6ijwrlPIas1CH9_l5wzCLlrjgejNE8f8F9UJUfYQvhFXP3xjywzGqyOEnmkDwiNhX7kAyI_q-C7ffxeBB_Rt33RrykFYZPYi6plV9rS0BEMt08-eR3kMNfUVd8aSMm2pm2iFIewqnu8-s124eRPcM8dM721JXR3uD9wthHwOGt2DEXvmWbgJz6mMlp5njO_HWzuC9z-A7ViLecv94jOwMhrebTKmM9eZUZoZ8K-TndMCPdAJoF-AGbABVDmBwVqxsB1FIHmsY345xpxGwL7glxtA8vCiUnm3Cb5sD0whWoxZI_2sXnis18dWGKhfTD10Tc-rxREdYPSyb_9b25WGGjN7dHvKXjlWcx3woi55mqIM-TyUnm9_N6odnKA8OelmxfdEjKtqsc0gbmiVKsGBWrSD4R83LTI1uMYdPwLt92FovQjlk0KIoeM27jqrUFImYXABpxA0Ld52XKq6Aku9y4tu_SEubyqfk9ifzbZge7ec7AIQjoo4po2TkFR9V_ZgTrimLbpLbZ5d0mCqMJ7EMeNV4F1n-0jIuF0Cpeutxlc4fFNwvVUvfLpzVu1_lA4HfuV9D-HyB3G-QGTs2Ps3Ps7w9kOCnu10d-yvdiL7dd5x9Jh8sa8i96aRXZsbdxAVUc_RZ4wMOslVZVTpa3O1tvM2coNRptaq9Xu9O8NV9OH-wZOdGzxiSNFa9Dy_CfoMAtAW9bXKXVBBG1JxbmtACpNHdJi9d7KZ3Q0inhdQf03KoQOpnHkY1jwS3GiG0E55eD4o14AC5BvFEQDqgWGhLLnFvzzTKAIS-O8odAWcx0hiM7hkzHtTe_tah8So80F3zi6wu13XXamXm2XOo5aOGkHAJNNUJfqAHC9fYfzWtp1d1pFmw7VkMpK9nUi5J3DGHkLCiGshbWjNP8U0X3uPBR_BIGIJzhvtKnqoa-aNiBoYgXg66F3djLbbLAttId0TrALFRqE6JbcPpSl73XwR62lilgbr3yZMA08AUQ48YU8hiK6XteMsYOGs1epCU2G1lKaia--Xnja4jvxADewFjKb6UZmgugm_rB7Q1gZPq6nPEEwPgdK28W-0kWguVjx9eHBXdupUIHBgOFI_Mf23nEWA18VgNiYe8ej5k8vI3r1nNJ4NCjqen_gb40lgLkcjWLNAnqPdZGPf1S_DuGr1h7zt9VMCjmkuyTHODvALfxiqlu3ij5f3TKQABIyjpLsltzCoWtnwBbkX60G8eAx2mSjN5FxmcGZviKQwHj3Rr2pWNm8TUfp-Ikd0J9TPF_iMA4AAHfqx2ZzsF-K1KmjvUEwvsT7cryfCLJFew4uc3pGpAx-eE8dG_z8NPB2I1jmmpo8I3RmwrMZeJE4Mxw03UZBjqh1t-cHZoUz6pvoY4V0NnuWgxp-8wTk9O6vCnqLVxHecsThwIuBi_i1ObWuqWHDGY5FO2oIOtILwgv6cBbYL66JiBFPZseLg2d_iZuudWTcQ8&cid=CAQSOwBygQiDnsytparIctgIkuBC5INXMfv2LqQYNsKR8w-7ZlT7AzBq4e3KwGGF_pmvevJuLXQvBQC7C2loGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16649778528959869000&adk=212707235&idt=39&cac=0&dtd=27

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

242336f1cb2351e4c84680154c2893179d5dc82952962d9a48b54919d746fa82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37952
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame B7B3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELOm_BQprrHd55DWOrkf7jg&google_cver=1

43 B
548 B

46ms
16ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELOm_BQprrHd55DWOrkf7jg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNUEoiRsoXTutyADv4owyItYM5xUAlMwV09IKo4m0x8vA7R1DV9BzLaAC7DQRdkHD7YSMkwx02I0rNByP-PXIvxzOAZXrTniNOylqt5K9CpDigY3-sqIpiCMRznpVSesI_lp5sf3xG1Uqt24jybwfFGXRJyQExFog9HbzLZMD57exqj7ye4
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 04 Jul 2023 01:34:30 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 45
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELOm_BQprrHd55DWOrkf7jg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B7B3
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZWJkZDA4N2QtMWEwYS0xMWVlLTgxMjctMWUzNTA0YzQwMzA2

170 B
188 B

24ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZWJkZDA4N2QtMWEwYS0xMWVlLTgxMjctMWUzNTA0YzQwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNUEoiRsoXTutyADv4owyItYM5xUAlMwV09IKo4m0x8vA7R1DV9BzLaAC7DQRdkHD7YSMkwx02I0rNByP-PXIvxzOAZXrTniNOylqt5K9CpDigY3-sqIpiCMRznpVSesI_lp5sf3xG1Uqt24jybwfFGXRJyQExFog9HbzLZMD57exqj7ye4

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 04 Jul 2023 01:34:30 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZWJkZDA4N2QtMWEwYS0xMWVlLTgxMjctMWUzNTA0YzQwMzA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 14
Connection: keep-alive
Content-Length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame B7B3 0
125 B 79ms
12ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E9D3 0
20 B 50ms
50ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3542657005873&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E9D3 0
20 B 85ms
85ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3542657005873&version=m202301230201&ct=76&x=1&cor=4327747964730546000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E9D3 92 KB
37 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-APWJYe1CIQBOmqv713Rk7Dw2cMJZmfq_9XiQh_ob4VeNxTDOMwvFmF3_Aaxc47HSCku47HgWjlPMbDunrxdOTqeljjQ7Oo6l57rv4jQdD1f8bH3RQ&cry=1&dbm_d=AKAmf-BU1YpZIRvDsXckChpUeoVeEnV0IjQHfZNJ6-30D2mvLEXd8DThTpkeCqkHBNdzPIS97xz1VruJMVZzu2ve749LOnkmI3U-f5HdDod92tBi0TNa9cvoOqt6EAtuPbwGPgvRBSjsghwWdnjlqo31hWHJ2Ir0UYf4_XboUIzrlWyP92-95uBNGW-M-UH6EiaJKg-TLLHMxPrZGEkxkgwEEhBCoKH7qoXdlLNLujJISVzrmSt6Guph9-bwFAiwZMIWvDd4qEe-JQjHs7PAGuONlBoNZq_OPnO3PWNzKc8wP2-cqbCuI8gmP9TKm8c-Kaphr2tRWtdwZ039S_qVcnzMIRbrOE2ns2rNEMML39Teq3pGllUyLZn3ItRukb4RlKF9TtXJRCoQcQisjt0wcQSgy5fEvMUG7Nif2PWct-yoIFBQfMD9B_--i-23LOSO2aKMQ-K-WNZ2-0LM-HqvIjL26jAn4hEE8r8KHm2MyKHtxNQo1J6ITHJm6DpIje8TIrhlDBzpoJUp5fR3AoGD1xIQWzDdQgc7taG-mZJicj-4nT0p06PjGaeHczhJSbfEkioe8iAsrfzeV2htQeRDLcBdIcBElCi4KS5jUZmTyLLwZ4ptPYqQfNbu6VQCQ_s92LdhZuxuI03e6LlrVU6MsTs8T0FUyR-GPG4LUNXyUW8C3a2aOtU1n9dwtLaE0yDg66VjG9aWYi5NXQaEie7kNoXlgyzVLuatSmetgDtWAphyGbqMF-16tXCHJ9jhcydsC8HnENS2cvpJuNiG2k4_KZnQjsBg3x-yLe5ANhcXNdI6CJZWNxLBXV1Ih2lKO7HYDGMGY5kYrSdOetlcGTXo3jVkYqDSpZEpcsV7X5LjxuIasfDNc3VuwgLRyqeUdYxBPcEkbHjRmNc5wYzSSkPfs7qxLPCtB3glXYzDLSiZ3Zi0ZdTABxW0skBAOUB1_R11ak5ysw-MjSKCyrQXAfXMnXSjNcfNM48GP78cHaYeuOe0vc8hiy22yI52KByWBXAcbZoTOTE7oSjDOjYKCkjMA2oYmcGzjNTxdF2LebKKTiNS2a7LuxkkbgESnUEnTSY5G5V1_u0nME4fzJK8vLTPXje_vJMiURlWD2159k3Q31BdKBSpWNnVHvrtib5z5S4yGjxwVwOwaRDv9gpqBFAg9sFx4xq1hU5Zh4Ln2xfOvog_UzfawPqS_nWFFpR98ZgsUfjALB-KknC-gCUM8Trupry8NC2Cg65vKPiB5fCuVgi1fhKRCwhEcW2XxYSSNV4jrs4h3xQf0PMN_Np98iLWvEIUxzTQIZRqOuvSl__TlOiJp8sPFN3DFPoXlG0GexEoc9CCWLpMM02L8qunlf-ukplU0BBwv_Ycm7i6ynrFh6FdxgaRIHr2-tjHgpqgSh3LzxSliIodbcD4BobRHa0TiT5LENRnRpyopgwkWhWDij0m_belVhucGbj4l48oqm80AGUTgrORXbax4wTIbXHI3nt6AOy4LbYvA8ip54WuRl6RkkUnfhwfKFFwlXWwtoUSbMvkAa0Ok2fF1U7fuc3CihCeEGYfN7XW0gV0koeQDCA1p7KEaMbXYJQhoLAnyPpNNRjReWQO-TWpvfwSwzWYJbGKQvChznku6Z5VW_-D1vxYgWN5bxgTbxupuut4lJgYu9TCssGeO-S4q1cL0Baz_BBtWa0ygLi4rpz8ONRQJywG_DWeglAV4_cJRcq8rQ-x1hD_UgwzOvKFkoGPVPy71BXzfxfWKTWTnywJnpxLGGy6YDPo9bkUG2MFIvOU8X8jRkbNl8fMLxemBg3pX2-P2xqgAYXmNCVAvyKK6xhivp2LH4u6JYxpdwdItFWGVjc9CWqilYaciykwktRY1Cx_6mfee8xjdJdVYHDExsEsA3X8lG2fRlG8L41T5nwuCuSpcL8ZP2zH5S0TU2CqtEUeOX2DhV-9HBy-izRhaIFTUQ8_nDgZDhNh3ApqXnVc5AnVqx3MXfr0SMBjhsvftCQfEt6aAJuMP1tZomV1104dz9AjTVnt3Vk2g1eg3UnfjCDHV9YxtssNUDz3pA2xGszfxH8ZfuPqmxnxMpGiWy-oZPxbRWGozgP2rFd1uz44oo2HOzP7cINumyI-kQ8wuZbrr0tIjHhCZWf_NzsNOIMJgSgi7Z8fsDiYR9LN8SCOhBrlqzBRq5wX6vETqoiqzH0GefGnsFVQhPf7B9JOIS2a3YciYZYt8igTjTQzjoGSFJ3K_lrXdRCTUICBLGa2wuoDDyKP8foegm5Z8rEMfL6XkeZnov0Zw6qrKszf_2HfchyzpmA4oa_9bvuzK7firbw2nivCPt3R39nqvXIsaoNmaplohMtfPbkVRfHyC_cQfWqnvxyRp38y1F6xE2XFugkeBWOFe-HaTx1W8tGHEyKcmcqN4k0G4HEyZCbWCLkZvSw19bQ9DQ9k00Gauw-6372dngDXUNwB1QS2QvTvTD-HzGQwDheYp2sqS8MrkDalL_d_5ECfEBIxy7xQ_4T7uWfe5mL9J2J0h5FVQnS0Y-MzL5nyAonPYERnci0FDjA5mF5o1Tdf1quVRxd5Q2Sf7pFko8yo8GUyYD-cHpTcpP2SclzvUlhLAb-A3SFm-SWBBp3nVisjPEHFBO-seylpx0LgrbGItlUch3kkzJdyora1X8Ghmq6H82mgdctlUhSdVrLoCZlmNjwBjENa_1mLMX9MhXDJrVykY-9A0OPGzy8L_qqw8ZpWohc92lUQDHAo-8bZVtDqt1pUVIo58GDUeY6Hdv6An3ZTZ67khtpDVxxPkqqm1KQUZiF42YErmlqI6Dm16R0tjJTpyxteTBoTmrn-i9JcpkdOKSIIm3dfDJ6VfA8TtAfPiMwDkfaLratL4YJnT5i5Q62hPUKUv29-0qKySHzTvsAfYkC6BdDLFG1AVFC4P_MQxS4PGOsf-_Hssf_kcNSjC6WMLBmDWcc97-VJc8xH1odJvRdQj7mKYxsKb6OGykBkDEYFwhl5EA0zl4z4dnJhbsCN1pi6xdMTJoAy5pU3zoCN-kPQgY0AM7YCeFo-IUFFDnWA-T8LPyDTzdq-dJEqSRiZwVd668CcqhlWwx74iDDIZJ_Wj1-Jifp3yuMGHGAzrWtzTYyHvUSORbgUh2C5qVPUVcJUkYlEl5obHJUUOTnzSx9U8fxgeMdAMSBtUMokq5GVA_1Cjm6C0VZGNKiEUG1GY_9ZmeKc3rUDCrv32354bROblmQ6IeSYccXJZ2uEfVphPtwLwyeQncFAM4kYiu41Fh4lO0Mgv7YYPD7jXItCMcZ5xTZCmINw_Qse7G6LBDBwkih3g6jzBkQSgC6_0-LL4K28R6DBMCRNzgqMa7MsCyPwBuwqJqkmvqtdx5hB8TPLk-VKiJSlTeBGxxuJlczMFMhG41D98-PGSJ8fUtEfo3aTxpPiKP9tmzw6oLI3N5gmnhEsbgUzQVe5V7WJIeERIUG6TeCwVsixOaCOgsl8CDLxwDFCKUbtSYrbzjnEMbt9DI32Bi-5hn3c0TpTkDAXVz-ETZ107xQCCfrcB8RtH6jwP55Dkku44Kpvjdws5XooG6YvDy89PPXvhHoxj_XjmLOeLYHcCDTIXHaJL-jz2lZWzZoFXH5ltBsRbDf1Z3z4LAw&cid=CAQSOwBygQiDlAZQmfnQlrJihpX_Wzq3E_zLQ3qb6hFWteeid-Fvozmc6_h2zV_Bf-_n2-onDDnpxkY9MM79GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4327747964730546000&adk=3587751834&idt=45&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

33546667387118293c17136a7458e5ffc39508efb20c36c2865984de46ebfb64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37875
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 18A4 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=4198791702&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469977&bpp=1&bdt=79&idt=86&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7063830586675&frm=8&ife=1&pv=1&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.p9fsirxhsypb&fsb=1&dtd=104

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 18A4 20 KB
8 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 18A4 0
0 28ms
28ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQCBdj_svTgTk8pQFJ5_I2G9poc7XVNWLyX28FQD9iVtasNgOw30inrC5kOB6ggK2e8BT8-17vZYPUUtMjRgym-4A_sHg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=4198791702&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469977&bpp=1&bdt=79&idt=86&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7063830586675&frm=8&ife=1&pv=1&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.p9fsirxhsypb&fsb=1&dtd=104
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 18A4 179 KB
56 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E4A 42 B
63 B 50ms
50ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DKURf5CdRPeFe8Wt5cAWEMn7GAdOlb-_NkZKlT4-pW50lX-Uw6PUM49W5KX0HCvE7H4SwAJs-YyRzf6wG6lqT8CYDYAgaJ2ZMyAKQ33pdCYUkjIo8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469757&bpp=1&bdt=211&idt=91&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4316939624482&frm=8&ife=1&pv=1&ga_vid=1622227721.1688434470&ga_sid=1688434470&ga_hid=995122130&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1330051604&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075720%2C44788442%2C21065724&oid=2&pvsid=1047029687176492&tmod=857679626&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.404gpo8jyt3q&fsb=1&dtd=94

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E4A 0
20 B 82ms
82ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7834955896851066028&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3E4A 78 KB
27 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 3E4A 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 3E4A 20 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3E4A 0
0 23ms
22ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRSU8Ss7Adbmd8YHxRegnnSiFjvv3vRMeK5S5d_XMX_mRg6nq_zBbm8GnteGOUVppPvhc2q9EdiN5YFmdtUBnnCZ96NEw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469757&bpp=1&bdt=211&idt=91&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4316939624482&frm=8&ife=1&pv=1&ga_vid=1622227721.1688434470&ga_sid=1688434470&ga_hid=995122130&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1330051604&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075720%2C44788442%2C21065724&oid=2&pvsid=1047029687176492&tmod=857679626&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.404gpo8jyt3q&fsb=1&dtd=94
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3E4A 179 KB
56 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame B349 3 KB
4 KB 50ms
20ms Image
image/png 2606:4700:20::681a:61b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:61b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1064
x-guploader-uploadid: ADPycduTog6A2JPifmWwDYui9vUCCU5W1ZNEVFDzlBRMT9l9xNdgptaa0KpBuLLbjaWfVX7sXot7cGI-Oc2HEQNQ3r-JUA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 3262
last-modified: Tue, 21 Jun 2022 12:31:17 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1655814677405990
content-type: image/png
content-language: en
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dCdPBwlQFJaXXfdmhY0rUTGZx%2B6r2C2%2FqUoTtGCqf7yfjWuX5fOX3t1FxF8yBLNHMsRmY7B3fzg3InC0JR4wp9MNfCSXh%2FJdzd0GV2NYOJ16aO8LmcJSDdrbY%2BcaRCj0qudfyBhmz6SJ4y7rIb%2BYm9z8"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7e13a0507b42916b-FRA
expires: Tue, 04 Jul 2023 02:16:46 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5641 0
54 B 1093ms
377ms Ping
image/gif 2404:6800:4009:832::2003

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ljnmafaa&c=5486482016042&slotId=2743241008021&qqid=CPvptcb08_8CFYVq4Aodzx8HMg&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:832::2003 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5641 15 KB
16 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 203415
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Jun 2024 17:04:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5641 15 KB
15 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 252243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Jun 2024 03:30:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5641 0
20 B 68ms
68ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CDaf9JXejZLvDNIXVgQfPv5yQA8me0rFc1Z2R93DAjbcBEAEgAGCVip6CsAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC438ICoFNsj7gAgCoAwHIAwKqBPcBT9De5b-3XtA_z5tpv-K1Osyee2lku_DwUZ2fC_6UedU4TEmxX3Us4T9wlxyFIMsIeFXrZZV4OO6F-vcA1AwF5O3qkJ4DKjQGmTaw4iEosyI4unsDQqWCu6KOBs69IGaOL1cXrcHM0q8FuCV_8lZDUyqkwE2Fc0S49mh7b3Lpc5XOp7efImFRWOlnYw3BT0qemzka2GXM_OMHwq-x384-uowf0xxrklsg7p5-xFrKAjuqTLqyXRaZwyVY8_GEttfc23o9s9ffyWQz8F9wID-PtAT-NzSzRyJl2rrtLc14zYU2ifAlZhXtivnswJ2Qto5T4PLu9qtyhOAEAYAG2LSo1PSRzsw0oAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE&eventType=clickstring&clientTime=1688434470453&ai=CDaf9JXejZLvDNIXVgQfPv5yQA8me0rFc1Z2R93DAjbcBEAEgAGCVip6CsAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC438ICoFNsj7gAgCoAwHIAwKqBPcBT9De5b-3XtA_z5tpv-K1Osyee2lku_DwUZ2fC_6UedU4TEmxX3Us4T9wlxyFIMsIeFXrZZV4OO6F-vcA1AwF5O3qkJ4DKjQGmTaw4iEosyI4unsDQqWCu6KOBs69IGaOL1cXrcHM0q8FuCV_8lZDUyqkwE2Fc0S49mh7b3Lpc5XOp7efImFRWOlnYw3BT0qemzka2GXM_OMHwq-x384-uowf0xxrklsg7p5-xFrKAjuqTLqyXRaZwyVY8_GEttfc23o9s9ffyWQz8F9wID-PtAT-NzSzRyJl2rrtLc14zYU2ifAlZhXtivnswJ2Qto5T4PLu9qtyhOAEAYAG2LSo1PSRzsw0oAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5641 0
234 B 1078ms
377ms Ping
image/gif 2404:6800:4009:832::2003

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ljnmafcn&c=5486482016042&slotId=2743241008021&qqid=CPvptcb08_8CFYVq4Aodzx8HMg&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.x9&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:832::2003 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast.php Show response
ads.eu.criteo.com/delivery/r/0.1/ Frame 5641 11 KB
7 KB 47ms
18ms XHR
text/xml 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/0.1/vast.php?z=ZKN3JQANIbsK4GqFAAcfz5oPYSFy0YNhKwqWxg&u=%7Cj7TopBEcXBj5KdS8OWeyFx5Dwo%2Bch7gRuX7bpAHGrh4%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5jSfwMInGQwVgkAr581akMSiH_fr7BMm_BzTo8qWaUW82kg8KaPIh8jYEyIPyzacRNRojsRKGMNEG3CNaNx89aCYcK1Nhgt9olLRqjGWXWDPqgMSjlGtgLFuHVUdG57xKp1UBtg1KUPVFzm7_CW-aSsEkwzSl6fMyR1GrR66Hmuk9FCfsoTOjvOyIRIJRLI8Wi7z2KHuQcemigUYZMg8Vefb9GYY_T0kdBfBWL2s1FxTn5UFK_bi7NueVYCjHVqxg_ZIaqht1_KTM7L20xyd3StP1lPC1JInjNhH5LjORiuqkIZw_bOR94oWLReCr_5yw8U5FC299yL367Vky6sk4PTCY_ppfvVSmVeBdvFCRAFu9L23fGG5Z6BFh-lI8JI1Fa5F89mjHHeTxXGbBtelzgjTyfmpmkYs8Qh7wiKTsLgMpJeaOWwL_VMYE3faI7arcMr0o9spBCmVdV35pImnbmxfOC4BNLDyXSF2Kf7hniIld-JGRjDjZHoyB3Lw9udprzMeDluNTkN00EeJ15LjibYN_bAP1VaCHiNUlJTonh74bMEfriGvuxP8MuCYNutRd8CdG-1YhFcRbKQB6JYSTuQ8jQKlhm8Hsw&ct0=https://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDaf9JXejZLvDNIXVgQfPv5yQA8me0rFc1Z2R93DAjbcBEAEgAGCVip6CsAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC438ICoFNsj7gAgCoAwHIAwKqBPcBT9De5b-3XtA_z5tpv-K1Osyee2lku_DwUZ2fC_6UedU4TEmxX3Us4T9wlxyFIMsIeFXrZZV4OO6F-vcA1AwF5O3qkJ4DKjQGmTaw4iEosyI4unsDQqWCu6KOBs69IGaOL1cXrcHM0q8FuCV_8lZDUyqkwE2Fc0S49mh7b3Lpc5XOp7efImFRWOlnYw3BT0qemzka2GXM_OMHwq-x384-uowf0xxrklsg7p5-xFrKAjuqTLqyXRaZwyVY8_GEttfc23o9s9ffyWQz8F9wID-PtAT-NzSzRyJl2rrtLc14zYU2ifAlZhXtivnswJ2Qto5T4PLu9qtyhOAEAYAG2LSo1PSRzsw0oAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1O73tRsBpTygt3aP2URZ6YW91aJQ%26client%3Dca-pub-7983651257838282%26adurl%3D

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

77aace1012834225281ef239701f7301c9091869e57dab53628989e077387d73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
p3p: CP='CUR ADM OUR NOR STA NID'
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3536245
pragma: no-cache
server: Kestrel
access-control-max-age: 1000
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/xml
access-control-allow-origin: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame F050
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

29ms
28ms

Image
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 78ED 0
20 B 64ms
64ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=831181978972&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 78ED 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=831181978972&version=m202301230201&ct=76&x=1&cor=5753422534519288000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 78ED 93 KB
37 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AWxZ5xFDCLdzvgUT_nowLzCZkTuoHqYzDjKlSHh_P2nF7nzjf5iziFSMK_0TrgpkuqU8zIKJIhFO3rMQvA4FSZIFdFQxZjDrmKLG33-gR0idudELk&cry=1&dbm_d=AKAmf-D8TuPQeGXOqENf2yakb1NW7tiCq9bOtD4rqGhZzmlXAf3H1iEwCNNSwRzoC3GsglEr938wBWjuSfv2rcFftpCWiHYRWkr44uTFZBu-OLx5-rFxDwe981CidpvtI69iy4BTwzhY-Dfq7AYJCrwDTFt8NQXWsGKwfHv2W3w_hEkl0gcl7qmEX06Iny3A4IaUG7kbNk6bfhUaf8DVdrqPztaFtW55LMMxX3cBmi_35JxfK__hiibOw0V3pxVK1VjvNOTn7xNAhfmEP1l2xIJslgGYwiZvgQYzYDcPptBhLWs3BES1AdwHkPSHL-PE4rSF2xx4XSovKvFEr5kXsfYp2N9lJQxoGINPalTXVvyKmahdBauZHCrO-FLUAyeKB7BjhZBt_eIb5nJ1LNh_kLRUewsXaoy4EXEr5alW9imOljWSpXFvlswN4QBio9kVp5HBzxz8hZsKZiNjwq_qAVMBh9Q0ca04TwkEehJjJBPUlFY71OsQ3S5uMso2w-cssSvc9v5XiQukSc3j85CVUN0bIxanlBT8jJBwYO3ZkthwB_aiqJrtkfq-b4wSTHBOylDFi9j0Y4OvoGJUetczY680B7-lHNLonilnu_dw5kTL-vJPWjoT7jMUx_DsfB5knwUd1dI5GG4hCHrixX6YJ2NLaK54EUyCZ6sKqVwpwl2jDMY6VaC0qrNA5Xb-uzqqpYk5zYGQBCOcSwzsL_R3GKm0Y7EgG7Fdkds7IqaAxkfS8UbG3I6LvM8HQEthGCuLk6puv9jH74GsDvlyGe6LIfYeXwyRYNbkL5k2B69KPUmpRcp3vLy-3bR7q_P3oK4S0kumHStpUMJxCpvjeJz5VfJlAwf7ifSDJ97gyAhbWYZ98rh0qP56EowMAv7cOCQkENXEdEOQBrKOLyu1Bmg2UcDrA3W1h-0rn4eANL_ec1qGWz0JctBhSSbpSFoqXqt-XtuH-L9P7YQj0EtcECzBHMF0Pg3ZTLX7lxV5AK4vomT8nlbVufhOSi4f3HPgyYkMxp8s-_bxva2wBcjs384asKdXwYhWK_A2dVjteh8HZb1qTz0w3yKuWBX5HBt6XtfXRrP2U8nW-uMhFLaeTkELPfpA8JBrXgiz-jw9PHIpOmx3qmLuatemeSekypzMQEQZoRCutJLtQ_Nc1AaVD4xen1gw0C74P0snUetGrvlw5cWqE2xj6Vq4Vc2G1cEUMEjOWQTjRZR5KZ-HbxTsgegkcD1GtNSKrp6tb26tp4qQqsFiUPOwX59eGnvU28FaU_htYfza94NfKPXDf-H_KJPYlyohhthcUGKAU4BfAogO8YcUAG1DcH3hZXwQAN1ZTmBPNv5viUVjeKhOBEcEQjRANDvQZjuuqDPfLbEAuAygIhn1qCVj3K7N5_2qJJWLkZG7pRWBLcXrq1M3PbZCNmRnGlwkLOeH9wSnCteAOC7EggCP5K9pal_xZ7Eg-pRFU7cr3BmMqZ8K_kLEgs-jWgm9OHc2pqEsX5IzuytylOYSl4T6dZz3o2uicCDn309hEHzm1dCoBHrquFlCHFfe1Xw_O2gaT4VAbBjvjxcnPcGYJhXYpwkm5Ln9tW6BpCRm7Vw-aVoXkDejQR6-ZrXyn2KIboqzlhO72AW79Xa3XB5wbwbpgGVm_whAv2XVhggnKuJRR9OIhuQHHLKI7qgHW1DuQZuLiGM41X84PJeseG8A1evxkOET9FO4lRhnbci6G6ogXdp6i6LVGmSar87yIBhk93fGJMDFcapxiTT7nNYGGOOQZu7rok2CUbILJ6hkPbyf9FawnjzmjxWiCQsNIz0T1AcfSRasehspTDo1Jgyudb0JahF407d3WUee4ubKU71k8A67rk17KGI9m2QoUipkq_kGDqHKK_1BL2S0ykkuFavKdtPP4NVftMk3wnkpst8zdbBT3X7L93e2LH2nYxSyXIjS2w5h1FcPug8layKqKDvsWbZH_R1pH4z_fyGKMVnXMK3lz-aFcYdGLTxmJ5Tini2qoUvHC8xnoyA5FEQ9n0AGMKbJ_Ck6s9_R4l6BziAjqVIzRx5ztuIQgifNh-NIZoqiBOOTo9spB19xCwQPQtV2WBmNTXSeCt-02Zb7QXcqhvrLDHaZb1zR9EzetoRO6-gjM6I3vYL2wPvI_FxmuK0WGxwhCw9yHw2eKD-xHlq9fY_79fR0qqztDrGBHceG0HNW4KJBleNJcoIz3JEq0E-Nt6knpighNKGReVOgjHGS2nCyq220GUQ5s7oNoknXFzC9himA-XDWMRKjsLT39xJkfxSssNw_oShMRWd7B2Rn-oGoYwFLBo3KMuJBvKuW9xKb4ghBsm8YDgjsikaE1Eu5I58tUH2AAqCGRkkZRpjzk08rHyCygO5yEpEyU3zF_mqxhJKWELPqebctf4F69ma6HpGItTVgqZY4xypTecFmdH2rQ19QveaBFdK4FlhjoYA329jo0CWx0NEtGmk_hHVW3aAUhC8UYe_J7HS3K6pb3p6BBwEJMY280uVWhykXJrhCnNzYL7o0Lx2YE1ta-aOEc9RJgQC15WIUFcjCB3TDpqQMfrnwz5F69sOIZAr4Fxv4aKR_1o5jYe-MWLZ8xWxO-OXjmDS7e9mbjL8MmSt-lolrD57NItEhlh0KLS8PVGCInQgR5dXPSsPsbW_qx2EE8wPD3SKVaoJ55YrXfOAMXkCs83AGxV2DHRX-SHS8vspWP3L6k-uDk8XgWF9QSmnlKqrPQ5dqJ_TLnncN70fZ1bja3WTNxgOojeZ0zw95PfLnd_t7vwnGlUqHusTc7lUOj12HZDE1wrsiVq-kwVHHomko_m5_r61LzTreBiTXq3BpS7OZHZVpbgUDpz3ZiZK8CJncN8ZjtJktE7mg2ExlPZcw3m3Un72cDik2DasMlrQuqPql89ODmWJFGQO9HG7JGC4y3lqhcEsqovGTy4RCJPK2QCBZONyC5Dall74zNTw_rBSQm0KDt7tRyO5KM0JDAxb-2UYlcxn_PXN673tQZhag_0Ne3AUycEwo7ZJFLxMgbVQfj4LExCt16eqcD9lajKNMf7-dTrwP0FJXpyRSSJEaCSwiseaM8VyzfOTWcqlJed05u5STsfHntSZtb-835OdNPL8mp8VFvgOAy1ojtKOc3nCblG3mgRNuWhqe1oCitIpGG-he9eda97EBKeKPdIqaVVbCKFFC1ybnJSnUd1xucXaypXgC9DKhoQ9m9XVYYkyyXOuHdHj4DJQZ8G88zh7biRdqArTCJqYZ3lAE0KbPFXqhljGxDrXFsHARWSAqk-HMd0A_Clm7gLk11GPrt_bk1wK462qDzG9A5lBiPrANmngCPxplW7se5-YSNNzVuOEU_kCr7i-wEnFLkc1zvuWiBuJ4QekOZDj72OCn6Bx8zRvl5km9IywPmXXNF6bQhGl-1lis6sEGFUOY2ArhijCpILp072Tn3uOWx9mAeZFHaVEviVsEhygO97lMjxSlGqzCnsweeJ9acl655HdhxeRcApU9GSQ_2YL34atgmpE6ti0IFNjIHk1_xxJb5YXIgIjC6VTLyajrdLIooUIaoPjwXhQh-gspV7uVCN6Jmhd-uPrnd49RDo28pwFrTHr7l5IM6bVK0TqzfU-nceTma3knQY7APBofXTVLhPB65v4hV_suGpQhVrrZ6Wg7SbbU2fbvai0h4pAY01Mxq25gWRX_U3rzmIlvhHf-5Wwj5jMUjP-7CRvuQIL8JOlF9vOIUAWkGquZ5Au2wBUIxFiIWcMPIXZKn6I&cid=CAQSOwBygQiDNNHQIwD9ZqSpWhT82szGw5tmIvaEhSyzpqHMMdhD6numjE6wZ04UkLsZXEAhMFdhnXSiN4iBGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5753422534519288000&adk=3860319555&idt=37&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8422accd63b50611bf9ed50b6a22c25e1f9ba18c3a2ee7b31ec3acd5f64d661f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38153
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 4F87
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

26ms
26ms

Image
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 18A4 0
0 60ms
59ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnuqiJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoErwFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxOv30UItBmhAxv1zN217udif-r34Cw8pFxvse7PmK8HO6CNuZicNgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNjU5MzUyMzIxMDAxMDE1NBgA&sigh=yxir04Z0SZo&uach_m=[UACH]&cid=CAQSKQBygQiDtFuXkjYWMg2e1rDZ3UdZkeYcG33YOXY84tgBS8ZJjSmEU1QOGAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=4198791702&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469977&bpp=1&bdt=79&idt=86&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7063830586675&frm=8&ife=1&pv=1&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.p9fsirxhsypb&fsb=1&dtd=104
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 18A4 0
0 23ms
22ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1j82geae4xk9nvxz8jzhdcqg8f3sbdc1b27n95wy035q2zb83sh6pafhs5w34yvxs7eppekawbbw5mkj082k3nc5agsak8xrb3vff2p76tbr7xnf0jbtx3fnhavvv1b9ggt7rjhehg5vmk7g6sar0zn5jrv76m27v7wrqaa56b6e0ptkqzy20vwh29x6mz4z2676wjtz52mb2j60d62z98z5nm3a4zjeq01dtx1nt1ed1pz2c6y3r0wn0pa91t5t6a6q70we5bacp1atv1a943h7dw8fr4jknp1f3j0g2b2358dze781x3b1qjrz3md0hbxhddchzxm5z8rmh6t5dj2kymcge8ygvcdfew09aa9daxyvxj9m023frxqwe6ax6v4qezpe1essjdq8&b=ZKN3JgABpqgIu-iyAA48_GnHXAmXdvKtkb0ixA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=4198791702&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469977&bpp=1&bdt=79&idt=86&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7063830586675&frm=8&ife=1&pv=1&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.p9fsirxhsypb&fsb=1&dtd=104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 dr Show response
as.ad4m.at/ad/ Frame B03A 2 KB
2 KB 27ms
27ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1gw06pqymg36p5t8p3eer7dvqkvh116nza3sxgva84mva4rjfawq3rxhsq0t09jpx9s4m2kxney5tq7281k76r7rx9nvvz68kpj61hpn9256k6bjsw8ktcxekdba4stz2v9tjjsjc1pxg35w60nqe8frcn6e5449td01cy9arekck9n04vw59vfeps9b5fdfkh62p77vscn7183k41cxdswwzzkzde4dxjtpjha71kzbspvcjztd6h18fdg53zfk8kxty3dykjmmnzyhk19817tr629ty5mhmhd90ewgrqv5fpq175vhr46bpjkb4xbzw35g0kaxryz9m6kr48hgsgzw2b79k17tjfmbqg6f3gnygsff5h13jdjnt4y8dbh4f9hv6vrj4ben3sgezndb222g8cm99ghcb0wmb32r3t812f6jgsve748rjkafn0b64914kceh7n00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b59eac802f22e81565b88541435cdcbc56420edfffb4c8de07456b41e038e958

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e13a050aeb12bdc-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C59E 1 KB
643 B 15ms
14ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64698
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 tr_bl.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F050 3 KB
3 KB 15ms
15ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr_bl.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/022306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb8e687f8ef4d4838ea77f88aa15f238529f8273aa2d22b7efc8ff18460f7757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:03:50 GMT
x-content-type-options: nosniff
server: cafe
age: 48640
etag: 2395455429816220802
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3040
x-xss-protection: 0
expires: Tue, 04 Jul 2023 12:03:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F050 344 B
368 B 15ms
15ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/022306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 23441
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 04 Jul 2023 19:03:49 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 65FF 398 B
222 B 33ms
33ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjfobXcATAB&v=APEucNUI2Q19-70DGJYbM76L_S2Z34VcG_lgZMcdWY8-5mqRI9V6Y0jr7JEwsTb_FXmu4Xk9NWctSguzFkNPiWmY4yVU6B8prBelpA8zf4M5g-_XGwIJjjndF9SGhuDULqXwUNGbO79RYMqiOELAQIXwr4xIjZTXiDHjAEEZN_ZGsh47okvXAP4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469757&bpp=1&bdt=211&idt=91&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4316939624482&frm=8&ife=1&pv=1&ga_vid=1622227721.1688434470&ga_sid=1688434470&ga_hid=995122130&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1330051604&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075720%2C44788442%2C21065724&oid=2&pvsid=1047029687176492&tmod=857679626&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.404gpo8jyt3q&fsb=1&dtd=94
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 202
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 tr_bl.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4F87 3 KB
3 KB 14ms
14ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr_bl.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/022306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb8e687f8ef4d4838ea77f88aa15f238529f8273aa2d22b7efc8ff18460f7757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:03:50 GMT
x-content-type-options: nosniff
server: cafe
age: 48640
etag: 2395455429816220802
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3040
x-xss-protection: 0
expires: Tue, 04 Jul 2023 12:03:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4F87 344 B
368 B 19ms
18ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/022306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 23441
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 04 Jul 2023 19:03:49 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5641 0
0 57ms
56ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLztNJXejZLvDNIXVgQfPv5yQA8me0rFc1Z2R93DAjbcBEAEgAGCVip6CsAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC438ICoFNsj7gAgCoAwGqBPQBT9De5b-3XtA_z5tpv-K1Osyee2lku_DwUZ2fC_6UedU4TEmxX3Us4T9wlxyFIMsIeFXrZZV4OO6F-vcA1AwF5O3qkJ4DKjQGmTaw4iEosyI4unsDQqWCu6KOBs69IGaOL1cXrcHM0q8FuCV_8lZDUyqkwE2Fc0S49mh7b3Lpc5XOp7efImFRWOlnYw3BT0qemzka2GXM_OMHwq-x384-uowf0xxrklsg7p5-xFrKAjuqTLqyXRaZwyVY8_GEttfc23o9s9ffyWQz8F9wID_NtiVssLsvVJ35zhk9EGuAxJE8P_oLfpdZQsRKMiKOmpbWSnb9SeAEAYAG2LSo1PSRzsw0oAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=x2uma5_nACY&uach_m=[UACH]&cid=CAQSLQBygQiDlPkHrJkS7qR59Ct5Py1N68hBut2bYhZ-Z9yQS1L64vAL3ALhDVzNGhgB&vt=10
Requested by: Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 frame.html Show response
ad4m.at/ Frame 5782 2 KB
1 KB 23ms
23ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2091885
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7e13a050eee12bdc-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Tue, 04 Jul 2023 01:34:30 GMT
expires: Thu, 08 Jun 2023 00:41:56 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BIXDJJGcthSfKCUUSDLeH3W0q2cn5RlH8mVMUMbOXZWacbGsw%2Fx17%2B%2B1PFO20nmLVPX0hSWURYxR%2FsaLWWawBVKjHEQkRj98H9h1EqjgMgsePhl9jn4syTyiwucU7Wjx9M9o5rs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 3859 172 KB
61 KB 93ms
14ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Origin: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42115
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 3859 11 KB
4 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwsLOsioDqENgIwNRwc9KTDb83oGAfrgWpnjfdKXpO8ib9VV1JoEMtWbsiF7slWFB_u491_9QuRkgvJVZbctyMEK_2jKnFWc9-xSjl8SwqveI-mqs&cry=1&dbm_d=AKAmf-DKGWUphd7dYTRpGnU2hgxqBmdXA6vPzetHvMo8yd0nbCcNqZcH0ATQYjb_upYuXZua3iJMEVYIfRDSNLiXVWMECDbV_Gn9fSz6A_Jq5stAon6TJhg_-XAdVun5tjPt6cAZdn87jHkfrbARhd7cQdPaUK6qo4kYMMoPUgLoeRxMxL3Rg_H2IgJelBWZ9XuazBlspreEGXw13m_v2x_bnatYZMEhStF7PEATkfaScEQEkUb6ee_08zUOqd4x0nlQgWDRMCUkyVTlhWjypODmDcHk7-ZrrE84Sanr9CeG-J_4sOSLpSKWxWJEdLAIbCMG7xEXA2EJ6DrhZhs6AVtbjt7iGptzZeUu7Dd8gNWMCNc-moyld9AGJ32kiJbmbGHNLlN5D0D0DghNqjGwXuBWRRclBsitl-0TDoDCZRwPCl0h2e-mi9PW8-3fYMjXn0N0rWRSuw0XbiGQd6k5HzoLujJH5lV1pAHF7FNz-bT3e_r_I1JOYPUP5IqqfedaVc595cMm8s99XypwG359SpTedRQlfJUTAg_4qz_18HKs0uQHv_iwg3xwJ9v1aQWrJyk5leG1GQIi3VP7g80yx2m9Rg58jzntkb35ks0-pJRj1qkYIHGhlRLtndbFRuUgNJ8av877qu2sB2NFQLkkgIst5dbgbLWVP3I5LZDDRRWXEkyCExTn0b-7FZ_MEzTrlACOkEyaxXwO1qKHM3jF2Bqd05jGkrhYRXYCRIMFBBomhr7rKtHiAnd01WxYWqb8Y2Kci9NQ6h074NlwgH0-fHAPGFfBz-_68l3Y8wXD04i_NkQamNvsdFyHowmw80mXRjbwI-Cjh8NhIexheCKYZu00hdci8z3-SAhL7bJ43KK2SGlwccNiBjoD40J2qElKNJvkpWoLkPE17snUjXuM-WR-MruCdT_SLHVyd2UYvGfcUWPqPU8uIuHPaTFIogHQhvDS5_A35jLvQ0gjeILAbSTQH03emQFc9UrqVrHay3XhhKyu39etYoehLFqkAL52L3Mu42D4_MyV7WfyBePXCSMMbpFVxZh_mHfsiDSrVv3D7fE-7nRFM_gVuDI_gHhmjf_yefCr5GEjIx1bYp6BoJrhPXDGDjqMaaoGua2eNcjF3wBWJ_gZzxZXRbhziIynZWvRqKPDa8TxXSLzz_lgzRBdRJdSCjeFcRlFAR-f4x032fD9YPV0N1AcF243Ukwwhs5ERXL-XTTuw3Ex2ns6qyml2_qAkPwmRhQQm6ePqd3ehkVPfbJH3YBDiXAbGw5v-qOhms7rVOJsRG96Cv9cxohQKf_hSyiSkxyMpdGZVnGlvJKN6pvZWZzjsOAFSOKCRRgUCAtv8EURjtK4O2o7E5SoVEKjq6ycdYaO204VYGprGc5VCvyEcLv314P5Ay55Ynjql4XBIjSY4zg8RODp6RaiXw8VVnchLQxHdggznTjno19CSwKx0NN63kN-KB0tlUtqc-3XW2zzl26gUT3FV3dJUHOCg-s0vjZQN-VateiiFyEJGG-8MRmz4Aicwcy5-fzYT6VtNJg1WOzm3cLTy53AtnghHhzl7TM6LLoOVdPpEkirK2vdmN1AjFA4vply7PDXiWM14Cdd2pVfWYFsx8TUa9xO4aaDZ-0meAYWf9YgU5976lTiXkHowgLYcS_C9QrR0YCYSaD8YolzUISW3rIaZSV_wpaIzoFakou2iXmpAxgU4iXV3d1_eKfQffjkVtWxppUqOsK3CMRv4jI83-VMrx2oR_PQbociHDtDS26RrYhLmh4nPeJc7xBjhYunbEBed4Hwn64ZYhuSZfnybTIArUfEUI9leP-ZLj1xflNJnMlgfnAFPBak_qy7_-lx2qLV9U6cmBuJ2iB6iAJWpGT28_CGvUAspbOBfmAaoxbTJBx_hVBVJ2V1_ej3rVHptq_rsO2mcQbsHsQvbRJ5cDKijPHYtO1wJRwIc2TfF1Ll7g_MsVyXh_MHXhPj7khCBY1yfgIHHtwnvbJ_f00UXyY5Aps7cXkQzHX6EaSXkStHERyszs_TB8qkzoVqPnPtc2etGlowzUF2MMHl-82FsFXbVHRMBUIfurRoMgVv6xIuYDOmEG8Xlw51ePK5efsAjo7X3bt-iPEJeFQGHu0GfUxM3OzFdjQlgQqEnoeW9-R41jStue6ijwrlPIas1CH9_l5wzCLlrjgejNE8f8F9UJUfYQvhFXP3xjywzGqyOEnmkDwiNhX7kAyI_q-C7ffxeBB_Rt33RrykFYZPYi6plV9rS0BEMt08-eR3kMNfUVd8aSMm2pm2iFIewqnu8-s124eRPcM8dM721JXR3uD9wthHwOGt2DEXvmWbgJz6mMlp5njO_HWzuC9z-A7ViLecv94jOwMhrebTKmM9eZUZoZ8K-TndMCPdAJoF-AGbABVDmBwVqxsB1FIHmsY345xpxGwL7glxtA8vCiUnm3Cb5sD0whWoxZI_2sXnis18dWGKhfTD10Tc-rxREdYPSyb_9b25WGGjN7dHvKXjlWcx3woi55mqIM-TyUnm9_N6odnKA8OelmxfdEjKtqsc0gbmiVKsGBWrSD4R83LTI1uMYdPwLt92FovQjlk0KIoeM27jqrUFImYXABpxA0Ld52XKq6Aku9y4tu_SEubyqfk9ifzbZge7ec7AIQjoo4po2TkFR9V_ZgTrimLbpLbZ5d0mCqMJ7EMeNV4F1n-0jIuF0Cpeutxlc4fFNwvVUvfLpzVu1_lA4HfuV9D-HyB3G-QGTs2Ps3Ps7w9kOCnu10d-yvdiL7dd5x9Jh8sa8i96aRXZsbdxAVUc_RZ4wMOslVZVTpa3O1tvM2coNRptaq9Xu9O8NV9OH-wZOdGzxiSNFa9Dy_CfoMAtAW9bXKXVBBG1JxbmtACpNHdJi9d7KZ3Q0inhdQf03KoQOpnHkY1jwS3GiG0E55eD4o14AC5BvFEQDqgWGhLLnFvzzTKAIS-O8odAWcx0hiM7hkzHtTe_tah8So80F3zi6wu13XXamXm2XOo5aOGkHAJNNUJfqAHC9fYfzWtp1d1pFmw7VkMpK9nUi5J3DGHkLCiGshbWjNP8U0X3uPBR_BIGIJzhvtKnqoa-aNiBoYgXg66F3djLbbLAttId0TrALFRqE6JbcPpSl73XwR62lilgbr3yZMA08AUQ48YU8hiK6XteMsYOGs1epCU2G1lKaia--Xnja4jvxADewFjKb6UZmgugm_rB7Q1gZPq6nPEEwPgdK28W-0kWguVjx9eHBXdupUIHBgOFI_Mf23nEWA18VgNiYe8ej5k8vI3r1nNJ4NCjqen_gb40lgLkcjWLNAnqPdZGPf1S_DuGr1h7zt9VMCjmkuyTHODvALfxiqlu3ij5f3TKQABIyjpLsltzCoWtnwBbkX60G8eAx2mSjN5FxmcGZviKQwHj3Rr2pWNm8TUfp-Ikd0J9TPF_iMA4AAHfqx2ZzsF-K1KmjvUEwvsT7cryfCLJFew4uc3pGpAx-eE8dG_z8NPB2I1jmmpo8I3RmwrMZeJE4Mxw03UZBjqh1t-cHZoUz6pvoY4V0NnuWgxp-8wTk9O6vCnqLVxHecsThwIuBi_i1ObWuqWHDGY5FO2oIOtILwgv6cBbYL66JiBFPZseLg2d_iZuudWTcQ8&cid=CAQSOwBygQiDnsytparIctgIkuBC5INXMfv2LqQYNsKR8w-7ZlT7AzBq4e3KwGGF_pmvevJuLXQvBQC7C2loGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16649778528959869000&adk=212707235&idt=39&cac=0&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27544
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 3859 30 KB
11 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27418
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3859 41 KB
13 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 560515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5641 0
54 B 993ms
379ms Ping
image/gif 2404:6800:4009:832::2003

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~ljnmafd1&c=5486482016042&slotId=2743241008021&qqid=CPvptcb08_8CFYVq4Aodzx8HMg&fb=outstream-lima&vast_v=3.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=AdChoices&icdi=15x19&vmfc=1&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:832::2003 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 5641 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44f355531813246fce967bdc9533bab991e584a16551ec13f47976677c582be3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 5641 2 KB
1 KB 59ms
18ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 28 Jun 2024 01:34:30 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame E9D3 172 KB
60 KB 73ms
36ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Origin: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42115
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame E9D3 11 KB
4 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-APWJYe1CIQBOmqv713Rk7Dw2cMJZmfq_9XiQh_ob4VeNxTDOMwvFmF3_Aaxc47HSCku47HgWjlPMbDunrxdOTqeljjQ7Oo6l57rv4jQdD1f8bH3RQ&cry=1&dbm_d=AKAmf-BU1YpZIRvDsXckChpUeoVeEnV0IjQHfZNJ6-30D2mvLEXd8DThTpkeCqkHBNdzPIS97xz1VruJMVZzu2ve749LOnkmI3U-f5HdDod92tBi0TNa9cvoOqt6EAtuPbwGPgvRBSjsghwWdnjlqo31hWHJ2Ir0UYf4_XboUIzrlWyP92-95uBNGW-M-UH6EiaJKg-TLLHMxPrZGEkxkgwEEhBCoKH7qoXdlLNLujJISVzrmSt6Guph9-bwFAiwZMIWvDd4qEe-JQjHs7PAGuONlBoNZq_OPnO3PWNzKc8wP2-cqbCuI8gmP9TKm8c-Kaphr2tRWtdwZ039S_qVcnzMIRbrOE2ns2rNEMML39Teq3pGllUyLZn3ItRukb4RlKF9TtXJRCoQcQisjt0wcQSgy5fEvMUG7Nif2PWct-yoIFBQfMD9B_--i-23LOSO2aKMQ-K-WNZ2-0LM-HqvIjL26jAn4hEE8r8KHm2MyKHtxNQo1J6ITHJm6DpIje8TIrhlDBzpoJUp5fR3AoGD1xIQWzDdQgc7taG-mZJicj-4nT0p06PjGaeHczhJSbfEkioe8iAsrfzeV2htQeRDLcBdIcBElCi4KS5jUZmTyLLwZ4ptPYqQfNbu6VQCQ_s92LdhZuxuI03e6LlrVU6MsTs8T0FUyR-GPG4LUNXyUW8C3a2aOtU1n9dwtLaE0yDg66VjG9aWYi5NXQaEie7kNoXlgyzVLuatSmetgDtWAphyGbqMF-16tXCHJ9jhcydsC8HnENS2cvpJuNiG2k4_KZnQjsBg3x-yLe5ANhcXNdI6CJZWNxLBXV1Ih2lKO7HYDGMGY5kYrSdOetlcGTXo3jVkYqDSpZEpcsV7X5LjxuIasfDNc3VuwgLRyqeUdYxBPcEkbHjRmNc5wYzSSkPfs7qxLPCtB3glXYzDLSiZ3Zi0ZdTABxW0skBAOUB1_R11ak5ysw-MjSKCyrQXAfXMnXSjNcfNM48GP78cHaYeuOe0vc8hiy22yI52KByWBXAcbZoTOTE7oSjDOjYKCkjMA2oYmcGzjNTxdF2LebKKTiNS2a7LuxkkbgESnUEnTSY5G5V1_u0nME4fzJK8vLTPXje_vJMiURlWD2159k3Q31BdKBSpWNnVHvrtib5z5S4yGjxwVwOwaRDv9gpqBFAg9sFx4xq1hU5Zh4Ln2xfOvog_UzfawPqS_nWFFpR98ZgsUfjALB-KknC-gCUM8Trupry8NC2Cg65vKPiB5fCuVgi1fhKRCwhEcW2XxYSSNV4jrs4h3xQf0PMN_Np98iLWvEIUxzTQIZRqOuvSl__TlOiJp8sPFN3DFPoXlG0GexEoc9CCWLpMM02L8qunlf-ukplU0BBwv_Ycm7i6ynrFh6FdxgaRIHr2-tjHgpqgSh3LzxSliIodbcD4BobRHa0TiT5LENRnRpyopgwkWhWDij0m_belVhucGbj4l48oqm80AGUTgrORXbax4wTIbXHI3nt6AOy4LbYvA8ip54WuRl6RkkUnfhwfKFFwlXWwtoUSbMvkAa0Ok2fF1U7fuc3CihCeEGYfN7XW0gV0koeQDCA1p7KEaMbXYJQhoLAnyPpNNRjReWQO-TWpvfwSwzWYJbGKQvChznku6Z5VW_-D1vxYgWN5bxgTbxupuut4lJgYu9TCssGeO-S4q1cL0Baz_BBtWa0ygLi4rpz8ONRQJywG_DWeglAV4_cJRcq8rQ-x1hD_UgwzOvKFkoGPVPy71BXzfxfWKTWTnywJnpxLGGy6YDPo9bkUG2MFIvOU8X8jRkbNl8fMLxemBg3pX2-P2xqgAYXmNCVAvyKK6xhivp2LH4u6JYxpdwdItFWGVjc9CWqilYaciykwktRY1Cx_6mfee8xjdJdVYHDExsEsA3X8lG2fRlG8L41T5nwuCuSpcL8ZP2zH5S0TU2CqtEUeOX2DhV-9HBy-izRhaIFTUQ8_nDgZDhNh3ApqXnVc5AnVqx3MXfr0SMBjhsvftCQfEt6aAJuMP1tZomV1104dz9AjTVnt3Vk2g1eg3UnfjCDHV9YxtssNUDz3pA2xGszfxH8ZfuPqmxnxMpGiWy-oZPxbRWGozgP2rFd1uz44oo2HOzP7cINumyI-kQ8wuZbrr0tIjHhCZWf_NzsNOIMJgSgi7Z8fsDiYR9LN8SCOhBrlqzBRq5wX6vETqoiqzH0GefGnsFVQhPf7B9JOIS2a3YciYZYt8igTjTQzjoGSFJ3K_lrXdRCTUICBLGa2wuoDDyKP8foegm5Z8rEMfL6XkeZnov0Zw6qrKszf_2HfchyzpmA4oa_9bvuzK7firbw2nivCPt3R39nqvXIsaoNmaplohMtfPbkVRfHyC_cQfWqnvxyRp38y1F6xE2XFugkeBWOFe-HaTx1W8tGHEyKcmcqN4k0G4HEyZCbWCLkZvSw19bQ9DQ9k00Gauw-6372dngDXUNwB1QS2QvTvTD-HzGQwDheYp2sqS8MrkDalL_d_5ECfEBIxy7xQ_4T7uWfe5mL9J2J0h5FVQnS0Y-MzL5nyAonPYERnci0FDjA5mF5o1Tdf1quVRxd5Q2Sf7pFko8yo8GUyYD-cHpTcpP2SclzvUlhLAb-A3SFm-SWBBp3nVisjPEHFBO-seylpx0LgrbGItlUch3kkzJdyora1X8Ghmq6H82mgdctlUhSdVrLoCZlmNjwBjENa_1mLMX9MhXDJrVykY-9A0OPGzy8L_qqw8ZpWohc92lUQDHAo-8bZVtDqt1pUVIo58GDUeY6Hdv6An3ZTZ67khtpDVxxPkqqm1KQUZiF42YErmlqI6Dm16R0tjJTpyxteTBoTmrn-i9JcpkdOKSIIm3dfDJ6VfA8TtAfPiMwDkfaLratL4YJnT5i5Q62hPUKUv29-0qKySHzTvsAfYkC6BdDLFG1AVFC4P_MQxS4PGOsf-_Hssf_kcNSjC6WMLBmDWcc97-VJc8xH1odJvRdQj7mKYxsKb6OGykBkDEYFwhl5EA0zl4z4dnJhbsCN1pi6xdMTJoAy5pU3zoCN-kPQgY0AM7YCeFo-IUFFDnWA-T8LPyDTzdq-dJEqSRiZwVd668CcqhlWwx74iDDIZJ_Wj1-Jifp3yuMGHGAzrWtzTYyHvUSORbgUh2C5qVPUVcJUkYlEl5obHJUUOTnzSx9U8fxgeMdAMSBtUMokq5GVA_1Cjm6C0VZGNKiEUG1GY_9ZmeKc3rUDCrv32354bROblmQ6IeSYccXJZ2uEfVphPtwLwyeQncFAM4kYiu41Fh4lO0Mgv7YYPD7jXItCMcZ5xTZCmINw_Qse7G6LBDBwkih3g6jzBkQSgC6_0-LL4K28R6DBMCRNzgqMa7MsCyPwBuwqJqkmvqtdx5hB8TPLk-VKiJSlTeBGxxuJlczMFMhG41D98-PGSJ8fUtEfo3aTxpPiKP9tmzw6oLI3N5gmnhEsbgUzQVe5V7WJIeERIUG6TeCwVsixOaCOgsl8CDLxwDFCKUbtSYrbzjnEMbt9DI32Bi-5hn3c0TpTkDAXVz-ETZ107xQCCfrcB8RtH6jwP55Dkku44Kpvjdws5XooG6YvDy89PPXvhHoxj_XjmLOeLYHcCDTIXHaJL-jz2lZWzZoFXH5ltBsRbDf1Z3z4LAw&cid=CAQSOwBygQiDlAZQmfnQlrJihpX_Wzq3E_zLQ3qb6hFWteeid-Fvozmc6_h2zV_Bf-_n2-onDDnpxkY9MM79GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4327747964730546000&adk=3587751834&idt=45&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27544
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame E9D3 30 KB
11 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27418
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E9D3 41 KB
13 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 560515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame B03A 114 KB
14 KB 20ms
19ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gw06pqymg36p5t8p3eer7dvqkvh116nza3sxgva84mva4rjfawq3rxhsq0t09jpx9s4m2kxney5tq7281k76r7rx9nvvz68kpj61hpn9256k6bjsw8ktcxekdba4stz2v9tjjsjc1pxg35w60nqe8frcn6e5449td01cy9arekck9n04vw59vfeps9b5fdfkh62p77vscn7183k41cxdswwzzkzde4dxjtpjha71kzbspvcjztd6h18fdg53zfk8kxty3dykjmmnzyhk19817tr629ty5mhmhd90ewgrqv5fpq175vhr46bpjkb4xbzw35g0kaxryz9m6kr48hgsgzw2b79k17tjfmbqg6f3gnygsff5h13jdjnt4y8dbh4f9hv6vrj4ben3sgezndb222g8cm99ghcb0wmb32r3t812f6jgsve748rjkafn0b64914kceh7n00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1gw06pqymg36p5t8p3eer7dvqkvh116nza3sxgva84mva4rjfawq3rxhsq0t09jpx9s4m2kxney5tq7281k76r7rx9nvvz68kpj61hpn9256k6bjsw8ktcxekdba4stz2v9tjjsjc1pxg35w60nqe8frcn6e5449td01cy9arekck9n04vw59vfeps9b5fdfkh62p77vscn7183k41cxdswwzzkzde4dxjtpjha71kzbspvcjztd6h18fdg53zfk8kxty3dykjmmnzyhk19817tr629ty5mhmhd90ewgrqv5fpq175vhr46bpjkb4xbzw35g0kaxryz9m6kr48hgsgzw2b79k17tjfmbqg6f3gnygsff5h13jdjnt4y8dbh4f9hv6vrj4ben3sgezndb222g8cm99ghcb0wmb32r3t812f6jgsve748rjkafn0b64914kceh7n00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 483681
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gh2imf2xJjpbBBewnIOggEzrEf6D%2BGiVm5wOtmxDml4pMA4ffVV6wpGei1YqKT%2BKswMoI2b1fZ5S29YgPXCOocGDi0UuGgRpIGyl838wtFH6VjJWme%2FKrKoHF%2ByqoyFIcoVQ4TMlVOI%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e13a0514f252bdc-FRA
expires: Tue, 04 Jul 2023 02:34:30 GMT

GET
H3 200 r62eglto.js Show response
ad4m.at/ Frame B03A 25 KB
10 KB 28ms
27ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gw06pqymg36p5t8p3eer7dvqkvh116nza3sxgva84mva4rjfawq3rxhsq0t09jpx9s4m2kxney5tq7281k76r7rx9nvvz68kpj61hpn9256k6bjsw8ktcxekdba4stz2v9tjjsjc1pxg35w60nqe8frcn6e5449td01cy9arekck9n04vw59vfeps9b5fdfkh62p77vscn7183k41cxdswwzzkzde4dxjtpjha71kzbspvcjztd6h18fdg53zfk8kxty3dykjmmnzyhk19817tr629ty5mhmhd90ewgrqv5fpq175vhr46bpjkb4xbzw35g0kaxryz9m6kr48hgsgzw2b79k17tjfmbqg6f3gnygsff5h13jdjnt4y8dbh4f9hv6vrj4ben3sgezndb222g8cm99ghcb0wmb32r3t812f6jgsve748rjkafn0b64914kceh7n00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 377566
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=poHl46LjDS7hlBAsDRcDupP655W2gYUBYxq8dEWJkLrDmpjhOImGvAQTQuaVDcOHwEjRlMA685it4jaf8pV2lRulrNQOSAip0KzKtyJ0QboYVrhlfbRsUe7yNPF%2BaqPqkTskPvo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7e13a0514f282bdc-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 27 Jun 2023 13:46:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4B69 1 KB
643 B 14ms
14ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64698
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3859 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 239a2494900c90f6c4e1281d2dc78298d29e017d847c361d74068e8df92553f7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 65FF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEFzfgGPA2T_r9KtUvRsONM8&google_cver=1

43 B
163 B

29ms
29ms

Image
image/gif

185.86.138.154
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEFzfgGPA2T_r9KtUvRsONM8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjfobXcATAB&v=APEucNUI2Q19-70DGJYbM76L_S2Z34VcG_lgZMcdWY8-5mqRI9V6Y0jr7JEwsTb_FXmu4Xk9NWctSguzFkNPiWmY4yVU6B8prBelpA8zf4M5g-_XGwIJjjndF9SGhuDULqXwUNGbO79RYMqiOELAQIXwr4xIjZTXiDHjAEEZN_ZGsh47okvXAP4
Protocol: HTTP/1.1
Server: 185.86.138.154 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:29 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEFzfgGPA2T_r9KtUvRsONM8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 65FF 43 B
163 B 84ms
21ms Image
image/gif 185.86.138.154
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjfobXcATAB&v=APEucNUI2Q19-70DGJYbM76L_S2Z34VcG_lgZMcdWY8-5mqRI9V6Y0jr7JEwsTb_FXmu4Xk9NWctSguzFkNPiWmY4yVU6B8prBelpA8zf4M5g-_XGwIJjjndF9SGhuDULqXwUNGbO79RYMqiOELAQIXwr4xIjZTXiDHjAEEZN_ZGsh47okvXAP4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.154 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 206 fe32ce65c2394a479f101342b6cbeaee_summer-sale_70-unisex_1080x1080.mp4
static.criteo.net/design/dt/48044/4775507/ Frame 5641 2 MB
2 MB 24ms
24ms Media
video/mp4 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/48044/4775507/fe32ce65c2394a479f101342b6cbeaee_summer-sale_70-unisex_1080x1080.mp4

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

fbd8f8954cfe33bc7d50ea3d6510120231b5fd91a00812bde70039ee7b73fd81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range: bytes=0-

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Jun 2023 08:55:30 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64819782-23cc68"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-2346087/2346088
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 2346088
expires: Fri, 28 Jun 2024 01:34:30 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5641 0
54 B 902ms
378ms Ping
image/gif 2404:6800:4009:832::2003

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~ljnmaffg&c=5486482016042&slotId=2743241008021&qqid=CPvptcb08_8CFYVq4Aodzx8HMg&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&msm=1&aits=0&webm=0&vp9=0&vamt=video%2Fmp4&hvmf=false&vms=1&bit=0&hcn=0&met.4=arp_a_e.zt~videopreviewvisible.129&umsem=0&ape=1&ple=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:832::2003 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9315 1 KB
643 B 14ms
14ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64698
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E9D3 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77bbf7efde19c9a4c8a6b0513338349476501aec1de78095b10cbe5c9b777c1f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 78ED 172 KB
60 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Origin: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42115
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 78ED 11 KB
4 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AWxZ5xFDCLdzvgUT_nowLzCZkTuoHqYzDjKlSHh_P2nF7nzjf5iziFSMK_0TrgpkuqU8zIKJIhFO3rMQvA4FSZIFdFQxZjDrmKLG33-gR0idudELk&cry=1&dbm_d=AKAmf-D8TuPQeGXOqENf2yakb1NW7tiCq9bOtD4rqGhZzmlXAf3H1iEwCNNSwRzoC3GsglEr938wBWjuSfv2rcFftpCWiHYRWkr44uTFZBu-OLx5-rFxDwe981CidpvtI69iy4BTwzhY-Dfq7AYJCrwDTFt8NQXWsGKwfHv2W3w_hEkl0gcl7qmEX06Iny3A4IaUG7kbNk6bfhUaf8DVdrqPztaFtW55LMMxX3cBmi_35JxfK__hiibOw0V3pxVK1VjvNOTn7xNAhfmEP1l2xIJslgGYwiZvgQYzYDcPptBhLWs3BES1AdwHkPSHL-PE4rSF2xx4XSovKvFEr5kXsfYp2N9lJQxoGINPalTXVvyKmahdBauZHCrO-FLUAyeKB7BjhZBt_eIb5nJ1LNh_kLRUewsXaoy4EXEr5alW9imOljWSpXFvlswN4QBio9kVp5HBzxz8hZsKZiNjwq_qAVMBh9Q0ca04TwkEehJjJBPUlFY71OsQ3S5uMso2w-cssSvc9v5XiQukSc3j85CVUN0bIxanlBT8jJBwYO3ZkthwB_aiqJrtkfq-b4wSTHBOylDFi9j0Y4OvoGJUetczY680B7-lHNLonilnu_dw5kTL-vJPWjoT7jMUx_DsfB5knwUd1dI5GG4hCHrixX6YJ2NLaK54EUyCZ6sKqVwpwl2jDMY6VaC0qrNA5Xb-uzqqpYk5zYGQBCOcSwzsL_R3GKm0Y7EgG7Fdkds7IqaAxkfS8UbG3I6LvM8HQEthGCuLk6puv9jH74GsDvlyGe6LIfYeXwyRYNbkL5k2B69KPUmpRcp3vLy-3bR7q_P3oK4S0kumHStpUMJxCpvjeJz5VfJlAwf7ifSDJ97gyAhbWYZ98rh0qP56EowMAv7cOCQkENXEdEOQBrKOLyu1Bmg2UcDrA3W1h-0rn4eANL_ec1qGWz0JctBhSSbpSFoqXqt-XtuH-L9P7YQj0EtcECzBHMF0Pg3ZTLX7lxV5AK4vomT8nlbVufhOSi4f3HPgyYkMxp8s-_bxva2wBcjs384asKdXwYhWK_A2dVjteh8HZb1qTz0w3yKuWBX5HBt6XtfXRrP2U8nW-uMhFLaeTkELPfpA8JBrXgiz-jw9PHIpOmx3qmLuatemeSekypzMQEQZoRCutJLtQ_Nc1AaVD4xen1gw0C74P0snUetGrvlw5cWqE2xj6Vq4Vc2G1cEUMEjOWQTjRZR5KZ-HbxTsgegkcD1GtNSKrp6tb26tp4qQqsFiUPOwX59eGnvU28FaU_htYfza94NfKPXDf-H_KJPYlyohhthcUGKAU4BfAogO8YcUAG1DcH3hZXwQAN1ZTmBPNv5viUVjeKhOBEcEQjRANDvQZjuuqDPfLbEAuAygIhn1qCVj3K7N5_2qJJWLkZG7pRWBLcXrq1M3PbZCNmRnGlwkLOeH9wSnCteAOC7EggCP5K9pal_xZ7Eg-pRFU7cr3BmMqZ8K_kLEgs-jWgm9OHc2pqEsX5IzuytylOYSl4T6dZz3o2uicCDn309hEHzm1dCoBHrquFlCHFfe1Xw_O2gaT4VAbBjvjxcnPcGYJhXYpwkm5Ln9tW6BpCRm7Vw-aVoXkDejQR6-ZrXyn2KIboqzlhO72AW79Xa3XB5wbwbpgGVm_whAv2XVhggnKuJRR9OIhuQHHLKI7qgHW1DuQZuLiGM41X84PJeseG8A1evxkOET9FO4lRhnbci6G6ogXdp6i6LVGmSar87yIBhk93fGJMDFcapxiTT7nNYGGOOQZu7rok2CUbILJ6hkPbyf9FawnjzmjxWiCQsNIz0T1AcfSRasehspTDo1Jgyudb0JahF407d3WUee4ubKU71k8A67rk17KGI9m2QoUipkq_kGDqHKK_1BL2S0ykkuFavKdtPP4NVftMk3wnkpst8zdbBT3X7L93e2LH2nYxSyXIjS2w5h1FcPug8layKqKDvsWbZH_R1pH4z_fyGKMVnXMK3lz-aFcYdGLTxmJ5Tini2qoUvHC8xnoyA5FEQ9n0AGMKbJ_Ck6s9_R4l6BziAjqVIzRx5ztuIQgifNh-NIZoqiBOOTo9spB19xCwQPQtV2WBmNTXSeCt-02Zb7QXcqhvrLDHaZb1zR9EzetoRO6-gjM6I3vYL2wPvI_FxmuK0WGxwhCw9yHw2eKD-xHlq9fY_79fR0qqztDrGBHceG0HNW4KJBleNJcoIz3JEq0E-Nt6knpighNKGReVOgjHGS2nCyq220GUQ5s7oNoknXFzC9himA-XDWMRKjsLT39xJkfxSssNw_oShMRWd7B2Rn-oGoYwFLBo3KMuJBvKuW9xKb4ghBsm8YDgjsikaE1Eu5I58tUH2AAqCGRkkZRpjzk08rHyCygO5yEpEyU3zF_mqxhJKWELPqebctf4F69ma6HpGItTVgqZY4xypTecFmdH2rQ19QveaBFdK4FlhjoYA329jo0CWx0NEtGmk_hHVW3aAUhC8UYe_J7HS3K6pb3p6BBwEJMY280uVWhykXJrhCnNzYL7o0Lx2YE1ta-aOEc9RJgQC15WIUFcjCB3TDpqQMfrnwz5F69sOIZAr4Fxv4aKR_1o5jYe-MWLZ8xWxO-OXjmDS7e9mbjL8MmSt-lolrD57NItEhlh0KLS8PVGCInQgR5dXPSsPsbW_qx2EE8wPD3SKVaoJ55YrXfOAMXkCs83AGxV2DHRX-SHS8vspWP3L6k-uDk8XgWF9QSmnlKqrPQ5dqJ_TLnncN70fZ1bja3WTNxgOojeZ0zw95PfLnd_t7vwnGlUqHusTc7lUOj12HZDE1wrsiVq-kwVHHomko_m5_r61LzTreBiTXq3BpS7OZHZVpbgUDpz3ZiZK8CJncN8ZjtJktE7mg2ExlPZcw3m3Un72cDik2DasMlrQuqPql89ODmWJFGQO9HG7JGC4y3lqhcEsqovGTy4RCJPK2QCBZONyC5Dall74zNTw_rBSQm0KDt7tRyO5KM0JDAxb-2UYlcxn_PXN673tQZhag_0Ne3AUycEwo7ZJFLxMgbVQfj4LExCt16eqcD9lajKNMf7-dTrwP0FJXpyRSSJEaCSwiseaM8VyzfOTWcqlJed05u5STsfHntSZtb-835OdNPL8mp8VFvgOAy1ojtKOc3nCblG3mgRNuWhqe1oCitIpGG-he9eda97EBKeKPdIqaVVbCKFFC1ybnJSnUd1xucXaypXgC9DKhoQ9m9XVYYkyyXOuHdHj4DJQZ8G88zh7biRdqArTCJqYZ3lAE0KbPFXqhljGxDrXFsHARWSAqk-HMd0A_Clm7gLk11GPrt_bk1wK462qDzG9A5lBiPrANmngCPxplW7se5-YSNNzVuOEU_kCr7i-wEnFLkc1zvuWiBuJ4QekOZDj72OCn6Bx8zRvl5km9IywPmXXNF6bQhGl-1lis6sEGFUOY2ArhijCpILp072Tn3uOWx9mAeZFHaVEviVsEhygO97lMjxSlGqzCnsweeJ9acl655HdhxeRcApU9GSQ_2YL34atgmpE6ti0IFNjIHk1_xxJb5YXIgIjC6VTLyajrdLIooUIaoPjwXhQh-gspV7uVCN6Jmhd-uPrnd49RDo28pwFrTHr7l5IM6bVK0TqzfU-nceTma3knQY7APBofXTVLhPB65v4hV_suGpQhVrrZ6Wg7SbbU2fbvai0h4pAY01Mxq25gWRX_U3rzmIlvhHf-5Wwj5jMUjP-7CRvuQIL8JOlF9vOIUAWkGquZ5Au2wBUIxFiIWcMPIXZKn6I&cid=CAQSOwBygQiDNNHQIwD9ZqSpWhT82szGw5tmIvaEhSyzpqHMMdhD6numjE6wZ04UkLsZXEAhMFdhnXSiN4iBGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5753422534519288000&adk=3860319555&idt=37&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27544
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 78ED 30 KB
11 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27418
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 78ED 41 KB
13 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 560515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E4A 0
20 B 50ms
50ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8301600058193&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E4A 0
20 B 50ms
49ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8301600058193&version=m202301230201&ct=76&x=1&cor=7834955896851066000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3E4A 92 KB
37 KB 73ms
72ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPthsdfMlFn88QWeBjENySH3SMYwOHzo-R69YJ3imtEk-l2QrV97nIRfY-UTta62WQnobQkxpQN5EyWwsvo9SKbUeacQ8So2sujmEHp1mozENHE6A&cry=1&dbm_d=AKAmf-BoCmRurYCXZQPLqQktQ25IPJe0ELWTBnZfxd5KRUttk0VRtqOlc6aH1K97Ge_NvH1i3NAjvBCJlmhCG_a3ZedK3V5WKmKJqSQFHncbNZI34cefdEElfYdVAChTTOn4Pia9Uk8Y9CYWoBd_66XIxDYFVQJrnllOd_h73H4TaRV9Pz8y7ESrb2onJd-sJ2-_55gfhXXx97EedbLMtDkqUodKDKsf0dhUBkZ7bluzPAtAqFeAECE1aIrimdfOa1cvwh6iMVQ0GxbTjbbMqAj4kA-TsTIn-OK_50BzgIyms6bRp6Z5gXh8Nu2l8zoFtEN4CXJgVOwIMj35rNglpcK3t4udXn6N09MWaxZp62IPWF_i-EtJNiMX6AK_J80EN-MV5nBtlvihPejUz_eIsL3vVz3bIJcIPSHyajIkl2LQfSy-DmlZby_DAJYpAglhJ84CfUKaLJC_drCZ4uOEr_OjGWESpv-dvvsjP5VINzsKVJX2GZrn7AVIUhA84BG6_VoiW9P4ubACsqDEUyLLdptAbBReTtWJ1__xV2Dgw_A9yzgCUQP4LHhTH8IgTOzcTX6uT7ZvlsBTqDHeLmVO0hHPg7PSLXyqHzLwgcU5uTt9L2RJNiqTg9DvcYsjYsfpD-fLJrme3nCqa93A4EQNL7S5d-iUxSjCW1WeZ7t4EHD_uxmp_ljm1YJQnZ9Pp0vfddlCMW4hcpjnREX8iCdFl9bF9DshBQxzJeEw2eFmJE7jj7a1JIKPRLCwRVJ8-obG-KLsff9XLLTr5MWFsjwc55zSlXSEbmnGTkmLm8X_ELH1eiIPgARRVqErTphBg5vNc0diRe5gBDgXtEyQd7J2M9NDo4qRupovkYs__ndcryOmNAFNMKIVeaWM0rbY7DWYlucRMfBtaYk95qGYOa2rtkvwd472-s4MdSA2adTys3IFrj5IKZgvkP4wJ7uy3iqp6Vl9vh--pP0w5fsM85yzDgcuhBgtQTCYynrx5RcJ9E7KMXhx8EXpjVa_WVKrb9aix00DwbO0W38YV3erxtQ7QYz3ta7sqkP-hSOJPyy3dhEZ8Pt87OwPsyanfkjf5oMKnW0RAufQxRLUn_dErDq1OqCl7268LWDw1HKnEoX9stenp4smEVIC11-5H5hnxiKxNgXvXCmqX_Jzgsh917QJiXiI9_nCuMfCHOThQNqLUjC9BtybVfgPPyQY4Hm2qBAK9cscFlj5M6GZiWE9bq74gBPlJEwMjqoexGiM-NOTdwXBQnf0ASZuq6XaqCYmA8yJBEWYypRMCrebv0upZDuAkZInPjk1r-w1T0rAq6HGx30YDR6BR0W8k8AtuUXkaAizGJZcYcMecbFisRsMRqn0w-4wyGieHb5fbSZmvrpsuNKPTAihVIKjAfz8_eFIjTbN6-UTaKZMUcwu0MIYC1KIGF9ntsJjy3jvjpXf4ZDUYPQP0C3vGrxK3xLefeNeY1QidU-s0aDmqc4U4_0_zVRsXIquYuB_Mx1lq676EdtvAiKYXRYKO-6aoZFT9O3xN5Z2Pk5HG0MqPsnqKYkTdqKX4ZZTQlKF4a2AlSJg9z5c8IAflJ9WwlLIsCNEQyo-VjaEPqfNlaTPjSrSHzCWaWu-QhaNKGUWod6qhFfNXN9HsoNYO5mGi14b-cwPUgo3tedhEfSfO_vw4QwzXY4IB5O0QbdrJwdcEZmoGO4BPoi4N-QiTAe-MN-nY8vK0S05LT6dQeTLh8A823Dv4ZHgQ7PXMnpn3duhX699xu-YxDGKYK4Fus7Qf_qrtZhRQUw9ymXOYeN7gnJMSceNHhDk4cVUn12UAUAhIR30sVU7crA25duc3Vl0V4Ez7Owu_8X_lc5tU5EyAg9f-0jmmg98q-c-nBvqsGFJGGvmwbMGL-HYy87hI6IT6VdV6V4DyX-f6XgOoOCTf5vNV1PzLMOwbtQ8B_xZXKSLiIQc7cUdjNNmwN4HL6Thchfud9cyXJzO8_tCUDVslIZ9oTBsE0y58m5mbvhgyjQNrxJAMFShboE_48luu7xppjoLwk3rC3p-9l9k32Oa8xu5UTDXKIq95OAKwxPb2ZIw9EO5foxJ-INtmMj1wsuDZfXsfmeTVj-wEKADFwDH_zbOjrSqb1Fe69RuZP0MKRfqAhETWybNnuOxEstTVmuWrXSfbqUDk2MWJIqWxINPttvrJ1nmL5E6WqIQNzFYondin1R_MKlZWzNRBLkcLjHB8_wVgs1ZroVPxHTBfNG2ms1xVpWVvnjOcrgu_CYDdoGLBHacx6oE97U1MbBGoGJKVSVdzT4tv91GWBS4EqA385PHGyTVagsKS4VqfEbZtYPmcqR1ny6Cx2Y6NGyQ5lSBa1UziFmwPgDqJeFI2pSp8aQPF0Gu0nZ8zwDwi2mIBoEJ7-plTKuznr5zxaM-CImljFaJhFqeT1O02rK75somG_fjagrEhOGQ-RYaONQnkspaYU-JhZxfj3eYyqflJ2Tx123jhTTp5DMfuzWhvBSnfJSwHnVJ0ZrTzFTAwpmWt5qmtDo2zjDAjPj5m50RefUoy6hSAz3tkuqM-0kH4c0Hj6ljwRMl2acSFkjffkd7GTTz8ufy2Zbb5FGmWBEti7F6y1rL0TaT9DWXPEtIr5GKrnOsKGPQ72dUvs8zH09dKFv5JCA18vZLvUuZomnuEolQWT2l3VJPEpmySAW-GtrAUJX14U9RPhRbf1EcLJE5ibF5QfhBd3Pj-w1IP-EyoRlNLdKIpHN8e-PHrtu0M28XgTeuIyDBI0QaHlp9-YGP3bhSvSIsrr6IJLL1kgA6rGwjgRc0wSLK811szxPGKGHdXd5gygIi0bUp6Ywph8MwEQg_sy1RWi6VHdIjqKKiSd7Co1tx5dhgLTqXWLu7E34Xy7Yz2RVblXxZXBulepBe38Ch_cQwSRXTLwGfHi2j4f_Y_uf2WNNTPbhwBEF4EG-SG9NYliH0rPraBmre31cxE-NP9X6LKsDzw5lGz5g5ynOuIPELfsPlqRCefRuq2tkVlc36tEOtsnTTlZ_j3-gyBT0MKCAhPICY41hgwUdJ50_-_kwD29SZF9RqtEyGHnH9qDhp8EmvS92wyMmPiRbxGtYXUVrjb6jgqNdxqUIrSElMM_-qsOvyPHVJDqrhbw_a5wQbeswpSasAr8oGB3cdwrFLyP4MznjtoJkdDMTcJKOHbXqwMGMk6AyPimirrLEBDk4lWMC0xy1a44Ts1xlNKWf6dCZgaMAFMGqSgbSOsthKZLTXbR8X72hWjwhsu2MZ2MwvAp9Nh_qNQjQVo81TIEVjkMdkkgxjrD6nWAK4nQAETd1Io8g8CtwG0HQUvTedM6jbi7nRip92CmXBqwrb_xPfy1XQxFLES1FLHuwo4um_n_s5eB8faeMSjnfZj1F8yEaI3pcKS_vHGmPQ8Ya09mpuXl1HlSzH7pUZESyGf4r_p4BJW9sTYROjcjGjpSLCWtRCOQBKT5IHIZgltEWDLZObhnxj3A2XRXNvoo8-NMOmnddbRIXdzHrzZ9gshWFT5EO_NmLt8PATViYs0WjdsUv39POlsxZf6Ys6Ocv6NRzyXr4YyjcuwHy8jls0Slp8kGToQ6kXNgeUF4432YlVRCl4lOlBB2PaEfTsAvDgG-SzsQtWRjk&cid=CAQSKQBygQiD0MQsRretdvb10vcWt5EeE7EdBwQpwzh62-S62F1ffcAo6ZdxGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=7834955896851066000&adk=4275104297&idt=108&cac=0&dtd=23

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c046272a431083c0a10826875f1e10ae24a417d9be4ad2502ed25e3b3f193e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469757&bpp=1&bdt=211&idt=91&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4316939624482&frm=8&ife=1&pv=1&ga_vid=1622227721.1688434470&ga_sid=1688434470&ga_hid=995122130&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1330051604&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075720%2C44788442%2C21065724&oid=2&pvsid=1047029687176492&tmod=857679626&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.404gpo8jyt3q&fsb=1&dtd=94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37693
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5641 0
54 B 813ms
378ms Ping
image/gif 2404:6800:4009:832::2003

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~ljnmafhy&c=5486482016042&slotId=2743241008021&qqid=CPvptcb08_8CFYVq4Aodzx8HMg&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fads.eu.criteo.com%252Fdelivery%252Fr%252F0.1%252Fvast.php%253Fz%253DZKN3JQANIbsK4GqFAAcfz5oPYSFy0YNhKwqWxg%2526u%253D%25257Cj7TopBEcXBj5KdS8OWeyFx5Dwo%25252Bch7gRuX7bpAHGrh4%25253D%25257C%2526c1%253D0n2XosTo5clc2Y5hvSIf5jSfwMInGQwVgkAr581akMSiH_fr7BMm_BzTo8qWaUW82kg8KaPIh8jYEyIPyzacRNRojsRKGMNEG3CNaNx89aCYcK1Nhgt9olLRqjGWXWDPqgMSjlGtgLFuHVUdG57xKp1UBtg1KUPVFzm7_CW-aSsEkwzSl6fMyR1GrR66Hmuk9FCfsoTOjvOyIRIJRLI8Wi7z2KHuQcemigUYZMg8Vefb9GYY_T0kdBfBWL2s1FxTn5UFK_bi7NueVYCjHVqxg_ZIaqht1_KTM7L20xyd3StP1lPC1JInjNhH5LjORiuqkIZw_bOR94oWLReCr_5yw8U5FC299yL367Vky6sk4PTCY_ppfvVSmVeBdvFCRAFu9L23fGG5Z6BFh-lI8JI1Fa5F89mjHHeTxXGbBtelzgjTyfmpmkYs8Qh7wiKTsLgMpJeaOWwL_VMYE3faI7arcMr0o9spBCmVdV35pImnbmxfOC4BNLDyXSF2Kf7hniIld-JGRjDjZHoyB3Lw9udprzMeDluNTkN00EeJ15LjibYN_bAP1VaCHiNUlJTonh74bMEfriGvuxP8MuCYNutRd8CdG-1YhFcRbKQB6JYSTuQ8jQKlhm8Hsw%2526ct0%253Dhttps%253A%252F%252Fgoogleads.g.doubleclick.net%252Faclk%25253Fsa%25253DL%252526ai%25253DCDaf9JXejZLvDNIXVgQfPv5yQA8me0rFc1Z2R93DAjbcBEAEgAGCVip6CsAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC438ICoFNsj7gAgCoAwHIAwKqBPcBT9De5b-3XtA_z5tpv-K1Osyee2lku_DwUZ2fC_6UedU4TEmxX3Us4T9wlxyFIMsIeFXrZZV4OO6F-vcA1AwF5O3qkJ4DKjQGmTaw4iEosyI4unsDQqWCu6KOBs69IGaOL1cXrcHM0q8FuCV_8lZDUyqkwE2Fc0S49mh7b3Lpc5XOp7efImFRWOlnYw3BT0qemzka2GXM_OMHwq-x384-uowf0xxrklsg7p5-xFrKAjuqTLqyXRaZwyVY8_GEttfc23o9s9ffyWQz8F9wID-PtAT-NzSzRyJl2rrtLc14zYU2ifAlZhXtivnswJ2Qto5T4PLu9qtyhOAEAYAG2LSo1PSRzsw0oAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_1O73tRsBpTygt3aP2URZ6YW91aJQ%252526client%25253Dca-pub-7983651257838282%252526adurl%25253D&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:832::2003 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame C59E 0
103 B 18ms
16ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEJBIgNB5mTnjKpG4CLbjYqs&google_cver=1&google_push=AaAOQGHBhtW55DU3mW_QpvTZgpcTval9W4nXqTVsov5nkcDpor_A4KIhuRHZ5rxmhyvbQ_FD9nr0BkazVcLjoJ6p7LixK5hG43SuYEmz
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=4198791702&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469977&bpp=1&bdt=79&idt=86&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7063830586675&frm=8&ife=1&pv=1&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.p9fsirxhsypb&fsb=1&dtd=104
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame C59E
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTpBG...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTp...

43 B
418 B

197ms
187ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTpBG6xC&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTpBG6xC%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e13a0542e883721-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 285
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTpBG6xC&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFlx9umfhHdXPjQ3jJQt2JlFxa6Sr2AAQP-H9SRGpErJwGgnKV1Q7uA3jfmOt0IiCm4tASTy2LedGK5UDwinivhrbnUyTpBG6xC%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e13a0527d833721-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame C59E 70 B
265 B 112ms
33ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBILjBYIgBRcFii20RCLSwY&google_cver=1&google_push=AaAOQGGkAcLipM41pkGcsogebz1MCaszj4jxuZE3nmqbJSsAQAv_JYpCVOPc8UsN24Er3I-SbEgDRJlVlz80uafoorZMIQdhn0a_J6lW
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=4198791702&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469977&bpp=1&bdt=79&idt=86&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7063830586675&frm=8&ife=1&pv=1&ga_vid=565741541.1688434470&ga_sid=1688434470&ga_hid=175178115&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1593622478&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759837%2C31075623%2C44788441%2C21065724&oid=2&pvsid=3971800441917970&tmod=347531101&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.p9fsirxhsypb&fsb=1&dtd=104
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C59E
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEBtAXpRBjqLQhYAAiovXrvk&google_cver=1&google_push=AaAOQGEivHhITX6owDxF08CcdEBum68O8X2I-dau5Ocl6FkCqn9aIXqQXF_hwwlrkxYF3l2TOvdjdgu_X8Z...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEivHhITX6owDxF08CcdEBum68O8X2I-dau5Ocl6FkCqn9aIXqQXF_hwwlrkxYF3l2TOvdjdgu_X8ZpS_yQz5PUS4oejDCv40kd&google_hm=22LdjmPtT82-8o5t...

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEivHhITX6owDxF08CcdEBum68O8X2I-dau5Ocl6FkCqn9aIXqQXF_hwwlrkxYF3l2TOvdjdgu_X8ZpS_yQz5PUS4oejDCv40kd&google_hm=22LdjmPtT82-8o5tSwshQoI

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEivHhITX6owDxF08CcdEBum68O8X2I-dau5Ocl6FkCqn9aIXqQXF_hwwlrkxYF3l2TOvdjdgu_X8ZpS_yQz5PUS4oejDCv40kd&google_hm=22LdjmPtT82-8o5tSwshQoI
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C59E
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEL01whmwbo6wjmtNECfSalU&google_cver=1&google_push=AaAOQGGmOtQ0azta8oJb9Nv5YKWbA6W6bDIc46hXqFyXjcl1jQ1LV7KU-a8JQxEiK-tTWabVbMqWduMXxuEPh2...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MTc3MDgzMDEwMjM5NTAzMg%3D%3D&google_push=AaAOQGGmOtQ0azta8oJb9Nv5YKWbA6W6bDIc46hXqFyXjcl1jQ1LV7KU-a8JQxEiK-tTWabVbMqWduMXxuEPh2xksD...

170 B
188 B

23ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MTc3MDgzMDEwMjM5NTAzMg%3D%3D&google_push=AaAOQGGmOtQ0azta8oJb9Nv5YKWbA6W6bDIc46hXqFyXjcl1jQ1LV7KU-a8JQxEiK-tTWabVbMqWduMXxuEPh2xksDyg9bWzo3IDmaTG

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MTc3MDgzMDEwMjM5NTAzMg%3D%3D&google_push=AaAOQGGmOtQ0azta8oJb9Nv5YKWbA6W6bDIc46hXqFyXjcl1jQ1LV7KU-a8JQxEiK-tTWabVbMqWduMXxuEPh2xksDyg9bWzo3IDmaTG
Date: Tue, 04 Jul 2023 01:34:30 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C59E
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGXneEvJbi4vRmR_HjIjr7M&google_cver=1&google_push=AaAOQGHjUI53LCg5VW0gKWs8sxb1lIVBehUOqaU4HTXj3klXtT4aBF-n0sgiFT_4oI5lC_7XkaZEG46iZUMb9GgltxKOf8g...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGHjUI53LCg5VW0gKWs8sxb1lIVBehUOqaU4HTXj3klXtT4aBF-n0sgiFT_4oI5lC_7XkaZEG46iZUMb9GgltxKOf8gU6IZ_DmAX&google_hm=eS1pNzFGVFd0RTJwR3...

170 B
188 B

25ms
25ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGHjUI53LCg5VW0gKWs8sxb1lIVBehUOqaU4HTXj3klXtT4aBF-n0sgiFT_4oI5lC_7XkaZEG46iZUMb9GgltxKOf8gU6IZ_DmAX&google_hm=eS1pNzFGVFd0RTJwR3laVVRDaWRpaTBKY3NHMjhOd18uen5B

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGHjUI53LCg5VW0gKWs8sxb1lIVBehUOqaU4HTXj3klXtT4aBF-n0sgiFT_4oI5lC_7XkaZEG46iZUMb9GgltxKOf8gU6IZ_DmAX&google_hm=eS1pNzFGVFd0RTJwR3laVVRDaWRpaTBKY3NHMjhOd18uen5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C59E
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEGlPyBuoOn6qtltMGrpcTag&google_cver=1&google_push=AaAOQGEuI7pvMvUjgumuGJ2w8RQJy0jdDhyUPdhvCNSkd4mMlGDpolgHGsvsDiJ5VIqMt66UcArXUZrJEu09...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEuI7pvMvUjgumuGJ2w8RQJy0jdDhyUPdhvCNSkd4mMlGDpolgHGsvsDiJ5VIqMt66UcArXUZrJEu098xrEL9u5xnU2Jfy4S6IL

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEuI7pvMvUjgumuGJ2w8RQJy0jdDhyUPdhvCNSkd4mMlGDpolgHGsvsDiJ5VIqMt66UcArXUZrJEu098xrEL9u5xnU2Jfy4S6IL

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEuI7pvMvUjgumuGJ2w8RQJy0jdDhyUPdhvCNSkd4mMlGDpolgHGsvsDiJ5VIqMt66UcArXUZrJEu098xrEL9u5xnU2Jfy4S6IL
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C59E 0
12 B 30ms
29ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KpOdSRo7wJCW8kJpg396uH4UmHRG2umYKDKPcWdCD9iVRXu0of54rAE4aJMbZbo4OPHIbH

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 18A4 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34178d0705c247800674bc34dd95685b063bbf0cffea9d9839f6c1c9b922beca

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2ECC 1 KB
643 B 29ms
28ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64698
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 78ED 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e79d9ce4ec4a4cd40f50135db771dd46f9a1942556459ca98695c3d07b69a9c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 56EB 0
0 88ms
54ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssOfVuMUD-ojqDBoTCPj1SekBrTd4OPqsW8zJUUgBfaUEdmytKDWp51AtctL3lE2LVmYEd6tHdFawahgPiK4j4gLR-0K6MMVLJ6yZ4CJZ4Cx1Kj-kks_7SnWDa_dvu1n5vlxnmLjzXFtEc4oz3tr2pftTQDWu-c8JRpwzL8dGbqVpQZQa2Vb0F4yafycdr1EsX4Sl-HcYrJszGlzB_CufVcaae5G3MY6ViiFlkuTu61qX0NOAL2AaKWUFFzoEn1ljB5duJ1876qU9VeeZfbR5eEECO7OsfZuAJ225pZmkbtlH8DGK0g1WEyn_4bF0ZOaKFiIhPlcBhzDK0Wqh_8E4XowExSdoBTkFjz63BRFFs&sai=AMfl-YQMvasKnrrEDjpZTQijC_m84h5R6mXe07AeN0MiwSnO6QoCbgH32_vcM83363ST1nDVUh7Yw2QrQaMUq7sA1EnGzmoArKWk_Ud52wAhhJQ&sig=Cg0ArKJSzMscqymnwI8fEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 56EB 14 KB
11 KB 30ms
30ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230627&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51695d3e425aad0d3483d87b7c63d61df42e28c82d6546094f4cd1588563c966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11067
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F050 0
0 60ms
59ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C0Fx2JXejZI-0Lpf2gAe8g4qYCYfIhvJv7NS-3NAKsd3wxMsBEAEgwLKCa2CVip6CsAegAcbUzfcDyAEGqQLjfwgKgU2yPuACAKgDAcgDCqoE2gFP0OemL9A9yRC6oRKNCAM5b7W-cZPLdrOqfvVjKVoUKkmWO2CTN2rlrvMiQ7n-jjKES4ITkyyQLKaMcELE7-M4XvRBuH9JDq_Wkeks2Utk-l9ZeHXBK8mVPW61rddj1z-L-Pot1GHWbYob4rmnCV2C1vj61pwxvnNE4lmf3hdvWP7AMADOeDbeF11yDZ3z7xtk-1-aAgp2McBFSXr-YKMQj_RUT2O79rPggoheBXvapMXx8GprSgeOiO-vbB58lUJikfwcoPl6nsEySsiKvE-ct_WSRX4dR2jiYMAEpNmlm-AC4AQBkgUECAQYAZIFBAgFGASAB6KrsgioB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCIowXSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsB2BMCiBQF0BUBmBYBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=YFxlYulvp7Q&uach_m=[]&cid=CAQSOwBygQiDr4QC_prhkodmt1s3aI3VE0YqqXH8IKct7RhSqRcUWPKqTOXmKqX_JLfEqOl8EN6vlNrgqcDQGAE&template_id=492&cbvp=2
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4F87 0
0 60ms
59ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CXmTiJXejZNK1LorE-gbPwJugDIfIhvJv7NS-3NAKsd3wxMsBEAEgwLKCa2CVip6CsAegAcbUzfcDyAEGqQJTbiK8CU-yPuACAKgDAcgDCqoE2gFP0MQvt25pLMRtUEASIGtEA1U03ZgYwdhX9HDo5Vjw_gnfpI75w8V-NSEvNB3yzTBMERdbD49v-x8IvIdC0IK5Iho9BCBFt3TM2-3E_ns0JuxFLmu--9RdJqYqvcbtRZAEYtN-m3IcoRErpLLms-cjw7Tj5QBa4jIvVcD5OBbeRV3-2C3qKJH2-lw3RW566-gzTmeDYphhoUFmBYreZBT156f40dyorYco9yOWMttC5xZrrGSgW5PHUN57hj1flGV_poieHFMAhg2-vltfFsUt-0f0OoE9Rc_gLMAEpNmlm-AC4AQBkgUECAQYAZIFBAgFGASAB6KrsgioB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCmhQXSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsB2BMCiBQF0BUBmBYBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=5C-ojTf7MnY&uach_m=[]&cid=CAQSOwBygQiDiszYcb3tevzKXm3bMXNgs0E8inysMq1KUsSt5-_RtGvt6xV96xOe1kUO2ygP8epJCzo8ytN3GAE&template_id=492&cbvp=2
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 4B69 0
103 B 15ms
13ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEJBIgNB5mTnjKpG4CLbjYqs&google_cver=1&google_push=AaAOQGFIFttErClwVDvy9ViqZf-k4cfw895fDRrp_lnXadUEUbohCrsgsu6z0oInepXjq_EgN12mpfU45_hAOO4JgCrifax_6cc
Requested by: Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B69
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WktOM0pnQVdkWU54bFFCUw==&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_cver=1&google_push=AaAOQGEczEaii-Yj-VeWQJCBnyXg_kYzZi...

170 B
188 B

25ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WktOM0pnQVdkWU54bFFCUw==&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_cver=1&google_push=AaAOQGEczEaii-Yj-VeWQJCBnyXg_kYzZiYQo8hTDYDnH-oI1TT_-3bE0Kpw6R2kymLv7VV82PK_Q2yjW6MKmTgTMxGhLIWII9U

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230056-FRA
pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1688434471.807456,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WktOM0pnQVdkWU54bFFCUw==&google_gid=CAESEIvOtkuUlOxRQZqxpjwIxaM&google_cver=1&google_push=AaAOQGEczEaii-Yj-VeWQJCBnyXg_kYzZiYQo8hTDYDnH-oI1TT_-3bE0Kpw6R2kymLv7VV82PK_Q2yjW6MKmTgTMxGhLIWII9U
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B69
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEBtAXpRBjqLQhYAAiovXrvk&google_cver=1&google_push=AaAOQGFWMNhVy8s1O8PD4y8Yy4je27e6ixNRGFiZMYxRW2HHzf7enijkUXmpl8o1OUEGUn3G1BiQ08nQbum...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGFWMNhVy8s1O8PD4y8Yy4je27e6ixNRGFiZMYxRW2HHzf7enijkUXmpl8o1OUEGUn3G1BiQ08nQbumRlXegLWZmFf9YHqs&google_hm=eoVf6ak9SCSwWlJULJGFn4I

170 B
188 B

23ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGFWMNhVy8s1O8PD4y8Yy4je27e6ixNRGFiZMYxRW2HHzf7enijkUXmpl8o1OUEGUn3G1BiQ08nQbumRlXegLWZmFf9YHqs&google_hm=eoVf6ak9SCSwWlJULJGFn4I

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGFWMNhVy8s1O8PD4y8Yy4je27e6ixNRGFiZMYxRW2HHzf7enijkUXmpl8o1OUEGUn3G1BiQ08nQbumRlXegLWZmFf9YHqs&google_hm=eoVf6ak9SCSwWlJULJGFn4I
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 4B69 43 B
362 B 17ms
15ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEBPtUc9nQvmYwZMH0FWHXjs&google_cver=1&google_push=AaAOQGFxOzymyGzcSghS6QL3n7mstTTHWwsqqc6gfbY8BINHKbZvc3owR_xjM2fgtEwbVdC_AGakAxsl5_XLzTqroCsNwjPO-CY

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 206588
expires: Tue, 04 Jul 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B69
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEAriH2QbsVUxclvRo_1WNro&google_cver=1&google_push=AaAOQGGYW_5Mpp2L6zESv0E4s9fQ-x29WroA20I36QYtdQHAva9xmtXkHvVW47cYhc67eKMuHc_9ApR77o68po8TT...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEAriH2QbsVUxclvRo_1WNro&google_cver=1&google_push=AaAOQGGYW_5Mpp2L6zESv0E4s9fQ-x29WroA20I36QYtdQHAva9xmtXkHvVW47cYhc67eKMuHc_9ApR77o68po8TT...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGGYW_5Mpp2L6zESv0E4s9fQ-x29WroA20I36QYtdQHAva9xmtXkHvVW47cYhc67eKMuHc_9ApR77o68po8TTNIgyfYYwGc&google_hm=G6_eqGZHdLbZT5OWT6OKsJzl

170 B
188 B

23ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGGYW_5Mpp2L6zESv0E4s9fQ-x29WroA20I36QYtdQHAva9xmtXkHvVW47cYhc67eKMuHc_9ApR77o68po8TTNIgyfYYwGc&google_hm=G6_eqGZHdLbZT5OWT6OKsJzl

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 04 Jul 2023 01:34:30 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGGYW_5Mpp2L6zESv0E4s9fQ-x29WroA20I36QYtdQHAva9xmtXkHvVW47cYhc67eKMuHc_9ApR77o68po8TTNIgyfYYwGc&google_hm=G6_eqGZHdLbZT5OWT6OKsJzl
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B69
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEF8i5eccKAbPsNyPIKYLLz8&google_cver=1&google_push=AaAOQGFgKtwo4gJtbzEt3kA_-6PW58SWqmoh1pyqHz8j8AeIyPx-0dehVG4n-2C4dWYR9KIvYRZoj6NbGBIArxtD...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGFgKtwo4gJtbzEt3kA_-6PW58SWqmoh1pyqHz8j8AeIyPx-0dehVG4n-2C4dWYR9KIvYRZoj6NbGBIArxtDcjHe8ePfeQ

170 B
188 B

24ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGFgKtwo4gJtbzEt3kA_-6PW58SWqmoh1pyqHz8j8AeIyPx-0dehVG4n-2C4dWYR9KIvYRZoj6NbGBIArxtDcjHe8ePfeQ

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 Jul 2023 01:34:30 GMT
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA6-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGFgKtwo4gJtbzEt3kA_-6PW58SWqmoh1pyqHz8j8AeIyPx-0dehVG4n-2C4dWYR9KIvYRZoj6NbGBIArxtDcjHe8ePfeQ
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: LXFpepls2er7Mw8czTe2d4XE-gJo9CsaaCl7NDaLQwL4gYzESjgg7Q==

GET
H2

200

report
sync.teads.tv/um/ Frame 4B69
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOmPQXh3hO77...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGGS5VIob_z4TBLahUlXvUmBdIFs03DlaYFHYaeGuUq1r5DTbPFeWjiOTMyC_3uVTrFQ1FDZ7wQ66_oyot2VvU94tjdmZ9b_
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

45ms
44ms

Image
image/gif

2.18.161.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2.18.161.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-51.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 04 Jul 2023 01:34:31 GMT
pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 4B69 0
12 B 22ms
21ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lm1fMvVU_XnnFPrIRQ4MKro-gNDnCDRuI1SfWuYcshy_Ttd2pcW1frZRONxqQdntjF3waWlA

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame B03A 3 KB
3 KB 21ms
18ms Image
image/png 2606:4700:20::681a:61b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:61b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1064
x-guploader-uploadid: ADPycduTog6A2JPifmWwDYui9vUCCU5W1ZNEVFDzlBRMT9l9xNdgptaa0KpBuLLbjaWfVX7sXot7cGI-Oc2HEQNQ3r-JUA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 3262
last-modified: Tue, 21 Jun 2022 12:31:17 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1655814677405990
content-type: image/png
content-language: en
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FadqAFpu%2FSo4hIhrW5EKfkFEfpZEEw1qF9FF2LRyv40jTejuLVXQFdeND64HQJlyOAJy0%2FK6KWvPPtUMysVPqOVAbFYlovEJ%2F8ffb3CEhuZEOU%2FNZHSCIWMuLfevdIXwXY%2BpnSywJ3dOWuaEZ4OPb94Y"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7e13a052aca1916b-FRA
expires: Tue, 04 Jul 2023 02:16:46 GMT

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/5793540040533475328/ Frame 7283 47 KB
12 KB 52ms
23ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
expires: Wed, 03 Jul 2024 01:34:30 GMT
last-modified: Wed, 15 Feb 2023 15:29:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3859 0
0 121ms
60ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssWnSZhpsMknIPHfhthwzgQeBcdYfDKaeLSoGuJcwVJfSf48fN5OT_bUZ3zUfRDrhTMcLALNRw_0wAQg74vtD7UOvERP2cCJ152iWIAMeoxaHpmEyOxpu9O-fyJLpIZERGmr1ameKJHw_iLlWzUTm_8R55U03TQtqmwaHdCJyJI1n1yqq4TZKrdR_hoHHxIhW1L6DYGK7ukunjeSuh-Gmkmr7Rcru9oPlYz4PSk3GGimyMVth6vOtJQULO7DaMOuVOdKtYg0KQazGGL1_nED9TPPiUMMOlja1D-_jWj5fxXUy0ZIK40XvUwW1U4JYO26W5eX-hRzh_kFmHv95-vvkAmErsFeg_pPfmz1Qf6diARwKv8W4FZnu_GiUGE6UvjKwdm9CtoKaN9zlabtGlKsd3753tjM1223VtrXCVNSrzxXno_WAh53Fe4G3YDmjlEF77hXljvRYsQChOHjmsv426Ew0WjUF5SCwTSGixS3E2eBWKLkgJBay10SI8Md9mPSYgJxy6-xjlOKy5TEbtqv8bAN95-a7fxYIi8FGAiWOzOK2-wPvyuQFYcFqTg_CmDnR36DfpZO1w2GsMqOVah2j245FZRRQKRiAhspotO-OvXXq98hx8FYcy6e7zaBnZmgOK9k1TBiYdMR6y1W_YkMAk5ioSP9Ut8cr_jGf0gLU-Yc4svhDsMCL-hcbZq3qG_ofk64WsHgLwSOvj4-bSsiR6kQOJYwI-c1-zx05CTgLR4EBozYdb19eiq1qfzXj6qNIUIXzdWaY4ED-H-SZDHU2Qh5LoQzg_ijvUVVr0mOA47A3H4xc-uWpBGP2rOn8lcujDBq98ei93USBlJed7CzX-nfidBK2bPdfk9dW3DlK3uKeOFzHRPte51zUO1YlQpdq7tAyVN6HFfyYKBQUe5p5R_I4C0xvBHaEHK5UdEp00Ji2zlTUf7lTTwFZ11wJ3a9UYhg3OAzQt9D7RKc0x7J4ruLw_crqh1oq_9L09Tc3wV5RJ5gPxz0DNcW_mAU3dycs0kD30gh8Ot-fk0F1FbXierZzfz4iI4ofuowDUDlzEYCFiRX_U4Zn_OPhaaFE-Vja4WlvF8fVzC_ZUykoSXusdIHRo35025ogW6bCkTpaqb6mvzWQ1MKMrZnnlpN7EaLGfF3O8PVhuJncXwIbtJj9AJptp8ytg80KJVvCaLC0esPFU_9c8EewIkP7cKoi2igH99qaUHATZ7wiWoWLNMogOhxtpK98v0isyAQN3ZimKy9JssjrKhEIO9nJUomkDHqnxiXAfcORDxyhDogOEO9Wnit8wfuEWuTxGH2zH_vw0NvUiIR-5FzUs3ByxpEWXg90KSMXWix52KLTj_DfY&sai=AMfl-YQYAJeBt286-XQJcu2KazRrMtuE9pKAFXSJXoy9eE_2ynIDz-JHUw3zZYb46BhEDtWMHx6VU8hqMTa6cKfpeGS31WqkznDEXkpbNU-cB8HOqYOVNGCNkMi6ppQLYZzBQBsKbvlBkeiOLLWtnc3QYpGMVbmhmIRqc9Ug9JtVZx3fe3PG8ARHJxzJRvGgXnSGQox43VnRQS72zMm41gVfhKvPnwDsau3edGv0UUB76Ok4jeHJ7hebdTpYKWV3J3OyjG-6TBPaiYOcoDWxZnSv5fegGJv0-Q&sig=Cg0ArKJSzAbVfB25js5REAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=299&cbvp=1&cstd=288&cisv=r20230627.50568&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 9315 35 B
464 B 38ms
10ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJtNQ-AEDiAWZ0GVUC6FBFk&google_cver=1&google_push=AaAOQGF9jZmkvqXTfKAW1m1RcXnSOi2HnyNnz8jf7wQQGXzDIW5-5TsjqgdmZfxEid9LFyA1W4ZMqjdabYGlHZCdYmQl-1a5le5k

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9315
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFtTxbTpcVdM5ZpkCFYdTTB_jPxcUny4B6qi8XRysb...

170 B
188 B

23ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFtTxbTpcVdM5ZpkCFYdTTB_jPxcUny4B6qi8XRysb4eDqbDE6Ccipxt1WTPln8qlJ2-tQmoCG4FTCJr3iRbnem12zvXHkZ

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 Jul 2023 01:34:30 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-008a7b4f528d14c6d@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFtTxbTpcVdM5ZpkCFYdTTB_jPxcUny4B6qi8XRysb4eDqbDE6Ccipxt1WTPln8qlJ2-tQmoCG4FTCJr3iRbnem12zvXHkZ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 9315
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZK&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZ...

43 B
399 B

190ms
190ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZK&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZK%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e13a0543e943721-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 172
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENi3bdPBqJro7r7T_15CtYk&google_cver=1&google_push=AaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZK&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFIRZa2cPz_6yAgKve9_N2VSGRoUegJODAE_l9q49DRiQda4XZV318cCCtLFa34mPJpl4pWPaumBn1yOCbEbindpPm5RdZK%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e13a052ddc33721-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9315
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEGXq-h0rS_6EFVZnW7bvBVM&google_cver=1&google_push=AaAOQGFlQTwAchAdOH_W0GvX0ooU166hQelwlevPW2Mijvagy1hwoUeKFvk46i3_nXdWW9BJz1bBD9ejAWroEPN3t-CFxPx19tA
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1987F99561AD4CC99396BE570392C16D&google_push=AaAOQGFlQTwAchAdOH_W0GvX0ooU166hQelwlevPW2Mijvagy1hwoUeKFvk46i3_nXdWW9BJz1bBD9ejAWroEPN...

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1987F99561AD4CC99396BE570392C16D&google_push=AaAOQGFlQTwAchAdOH_W0GvX0ooU166hQelwlevPW2Mijvagy1hwoUeKFvk46i3_nXdWW9BJz1bBD9ejAWroEPN3t-CFxPx19tA

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1987F99561AD4CC99396BE570392C16D&google_push=AaAOQGFlQTwAchAdOH_W0GvX0ooU166hQelwlevPW2Mijvagy1hwoUeKFvk46i3_nXdWW9BJz1bBD9ejAWroEPN3t-CFxPx19tA
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 03 Jul 2023 01:34:30 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9315
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGXneEvJbi4vRmR_HjIjr7M&google_cver=1&google_push=AaAOQGFbOOAh0lOjrs5Tw_HM2xR5eWHxsq4Emy_BThwKlHWZXLw3-Itbw-cV4x1lg8m5pOk8wqF-sfkIBLW-f2L81JXunMX...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGFbOOAh0lOjrs5Tw_HM2xR5eWHxsq4Emy_BThwKlHWZXLw3-Itbw-cV4x1lg8m5pOk8wqF-sfkIBLW-f2L81JXunMXE_swR&google_hm=eS1KdGxucVZsRTJwR29BVl...

170 B
188 B

24ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGFbOOAh0lOjrs5Tw_HM2xR5eWHxsq4Emy_BThwKlHWZXLw3-Itbw-cV4x1lg8m5pOk8wqF-sfkIBLW-f2L81JXunMXE_swR&google_hm=eS1KdGxucVZsRTJwR29BVld2bHo5d2hvWURHbXltMjBxen5B

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGFbOOAh0lOjrs5Tw_HM2xR5eWHxsq4Emy_BThwKlHWZXLw3-Itbw-cV4x1lg8m5pOk8wqF-sfkIBLW-f2L81JXunMXE_swR&google_hm=eS1KdGxucVZsRTJwR29BVld2bHo5d2hvWURHbXltMjBxen5B
content-length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame 9315 0
15 B 13ms
11ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEMNMpHt03bfTK3zWbjQpQIY&google_cver=1&google_push=AaAOQGGkrE4tP0qIyLYcOS1U1KW-86VS_DrgqYMpyVpIx8uWKjcyeYus5mVicxZ0mkYlOPmHPtN3hLyztj5q-buewkLQoLPo3y0jNA

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame 9315
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEGlPyBuoOn6qtltMGrpcTag&google_cver=1&google_push=AaAOQGFXAW0K-X4UTtpcnV2EHS05-YStIHHJkrB7xtvr1ZGouifq8NsC3n9l6cgMMWz4qEtv8As2DaE4v9y...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFXAW0K-X4UTtpcnV2EHS05-YStIHHJkrB7xtvr1ZGouifq8NsC3n9l6cgMMWz4qEtv8As2DaE4v9y5Q0cafYvW4cOc8_dfIw
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

15ms
15ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9315 0
12 B 23ms
22ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KpQO2g_HX8EEIb7wLaiC6vxJcw4Oz-Nk2FeKNkd2j7qytTTGfXvkVR2Igx063oc3jYsdq2n-4

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/5793540040533475328/ Frame 89E3 47 KB
12 KB 29ms
25ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
expires: Wed, 03 Jul 2024 01:34:30 GMT
last-modified: Wed, 15 Feb 2023 15:29:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E9D3 0
0 97ms
60ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsudEf4Ekq9JkuvLPk4QP_eSIIE4zjvFXjyQiZC7iMwraQW2K39hQDOhp3955iWwZoFWiY9JgWYVRy8jdt8F3s9ywxsVgedW4K_NqqkzNnP_4so2kG3Nufkv0ZBWYhVHU643Iia81YTbRnucB8pqq77-OMe4kUGKocK3d6qW2QjWeGq71vQSzzcWtPD6UHXpo_ILZSy2NfbHV4G0F9qK4aYgU3b0TLOkjXpKzS-gMTW34jKWIk_ifer8vWFfg7BzBQIgHu2IBAKOyGTSYWoXBJ7F8f7AdeIlNsX-fH-hr7DToBO2jGyBAeng0_5fZAfC64sgO4HlT8mc8glSWPT2w0g2iPuBPyWjvD3rkQL4PwCy3sLG4b-Kf6JxDcqYOZ0Nr6xIbbGodPGqvJ4SNWSYcDoFe1j5x3D2batfZr9O2wYtzf4iL6u5grA0c7hzUBPAAJb1g2YkPvhgts99vo8B43aHzZqPl3qI7bUKJXJ3B7teJL0bSdt-eeVIX1Hfp_cnZOGEKCFf2kSuzUjm7qDSL58pKCYDvEoBOs_cilsBPgdzjAERSQmrXiSTxDreLmhg8Je741uIBLCzrJdi1T88MHtejfiXS_BMs2s54OiyUMglIRXacLcBJH56c7nsWfGH4AlptlreWiT9BYEsGYnDqUAwble13Zt3W5xNJjkCFTVZcvUPJQDRX71QR7oHIYTMxLpvYuDhRRFEWtfLaZhgrhixfNffdq6n9F7WZWjbWS8dd3HIjcZBOYstyX-vr7ZzHEpMKPv6hL0FCWIV_qBgcN3NvInAO8n4eWT8BpFT8hgDSXu1OfP8j8vFU4JkVdV33zFNkYdIKmDoNQ8zoQ2kNxbdgKswofsxKRc-69XiSfytkvFMbsSyEBXFvvAXDboDWsrrrtzzMy7YJaREsGFKSzJYfWzD6E2-b6Hu8dteRbyFVSuqOB7Vv1StSzlKOj6MipU-XV-2B8PSz19z5pYXadqy5FObTbWCjcplNKDqpanmhuu3_FrY2rry0vPs2GHwurYJqnQH98TizcuOvy_54D-LaAQvmooNUDt3SGMSs8-qvl3PmaQCK1ClAf7ouoadh6MCZZF8Rjfmt1BK3_5-kfIk1NikfxuPetzAkZA50PPlkUB6JOIWB45Q9NlPDC55Qn2m5eKAYak2YuaDa4oc2ZM0Fzd7PTxb_kbUu7abeAZZwFqLNZYLH_6U6QnHx2VUE65ieQrv95PJfo1OASauyqOzo9xYGFv5hGcMtJZz0TCogZMF6wX0urBJtj0Ow01lBGlpo3meWfQMFujPb37u9RtaRdUltFKOdq1FAgoeIeaAmSk9hs8f1s8iab7PF3YGICLW-tuJxXHMNm2URrE&sai=AMfl-YR97v1rEe2BQwSFLo6rwHmFhK1829dVMaRJzMOc0K8BL9uwhxOlAxoegMAwrL-fSDyPY3xI-fTlVWMIy3qHn60pGv03CLmo6YwvQBmwKDIq-bQUixrYWTACC5IMEmW52yGKifiJMuW6w3YYymkFTr0nC-Uo1z-ludO_Y5JGMFTAi3cl6fFmj9rVAkD8wn4K3orszglqFE52zUoFgCropTivwvam3OaTqSD4Wsj6EsrRj_fnY5qa5lHY2xVok7OGdZFjZYSNXR_QPclFo_un8xFixmttjQ&sig=Cg0ArKJSzCakEuzwANAZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=281&cbvp=1&cstd=272&cisv=r20230627.01925&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7531 22 KB
8 KB 15ms
14ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 560209
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/17952959967271059456/ Frame F2D6 47 KB
12 KB 23ms
23ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

011e3c5d05b1f8220f59241e57ac65c49b382e8ed8eff99149e2eda18e36a660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:30 GMT
expires: Wed, 03 Jul 2024 01:34:30 GMT
last-modified: Wed, 15 Feb 2023 15:44:22 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 78ED 0
0 74ms
63ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssT9DncmcvkN0irETh3ZWF8BRSuOs8OANRS71mtAw4DkMXA1EkB6tJg7_4ilNIqRtF7vl3xZixqvE2Q5iWcKvWK1CChZRW6mhS6i-gO7l8nrd7A16SxKSy0f_Zf0M811eDUQIFLPDPc3lOyDQtac1VmGAjGmLpvkIXH2JAeIWjsqz8QprAGc_uauQD1qduQ42LtY8ay9BRLvQPXl2KuZkcrEkQBluIZnmea3OxjblZALD7STK-cRisCUvfkyswRJs8j_snOYzrbiX7XGsqRN8f9O2F0NXJzHNkh8kQZBlUsNb-2WXbwLxdnd4390gMQKXCw7hdvXAd4lvtKZd8ZWYVsdw3Asw4z467-lcl_FOAODR-rzxj3n3qRSM37yx6JkLbB_Ca4gmfqp6J8RG_73zwpvAa2GTQOkwuE0oD7pGChsGB-x6GqKnqinjBiFAhujWPhXaAjDMJPqL0tz6GSqyXbrcJo9z6u0AdtFag8HfevmnlnP4a-cVkYm-LrlEzfkRehFY6q1BIxTUesoNWL27DJ7KG7Kg4P8KSNJuwq0fAHV8F-vUos2PktfRBKiTE43cIymVXZyXtDWUZpmSu7UhnZF8uK6dUIp-LPpFVEVsJjRLgwcFnjaK-fXlZ3BKoAw2rP4rfIJFynAVn7wrZsJHUTyqwdr87bWOk7pUAqR5t0pJUqIhMuxeiWa7ls726bId2BtlKhVaCDd4hHucWd5fQl1alCtufWuBLZJ7ZTw6JSoiMYo8PnUNltiwj0RzhQ6yHEdftjkoTxbQVSesUVJYSCyimzAD4BWGpzh5Oi-hydY3sH_1kwj1XrckbzYgfaGw6f38H9xgPjrfn57Fi8d-MnGyPfUjPj0SBvUp555_9xvpX1gLeHKYKW0PuvIgGli0p1jDMwYK5CZ_Hzyl4a2pheq3fS9_lu8unjT73xGTolxRzg1QRbqrywiy3nOrz93WUagei49QFH04YN_kd9iqDblNHgaXGREhKzYImoYrwevYIGTGxh7VNsP8qW0hUVpqb2yvxb8-UZhDqyH09FNgwzOLbRYpxFzd8QM9SkAbKVyE8aaMXJwGkNvqkm3Xm4f1hs7igBje2ND3rGCuQvZda6-XLmuRbzz6igrSOtw4Mk2x4zKb4YYGbOeK1mLKtlMMjfdLhIoSXEW_XB-c6KG8nsMMBSf2wAj-QZ7Da5VBNuUUcTVn-De6vHpw__RPuaLPKYZVYaZTFrXVBhQT5lRa8qXjNibwr9JPkTkr1nsZStth0EpMscnn8yKPbRVjtnVabBFf_PjgW_HUgrxfETkZOp80sdss7pkmBWdKRQcg3jgkZHYnQKdUGUc1sVcg5ZneBusqQB1DfDmwLDBiGR_iUKTJDBTbkmVdIIzsMejyYcKDx5GQW33QAnqdpveFw8pKbMz-xHkKgcio_ppQ&sai=AMfl-YS_Vfhmu4LjnPfnYYcUj2H3UY-O0Bq1CY0aisEsqJ5cFbFydoPTLKF4bQ427ch01pY9JNaRnR25_9pSd02Lv22UmObLbj6wf4-PkrSDT5HVwlVzJQh-i10gcHR9Qq339KsV2rccO4nUrCBYbrUmAMybvzt9vk8s1tXWhD7VyiXB6D_8v1rb54Ok5GP0CyGy5XLrKdT4eDSJfT-tmODvHuhtgcI5Fstj5fhKzW56ZpC1Eg-8V9tjHdHdY4imVfSXx4NjNhSFcYRR9qjjuuE9kxC20zqpUQ&sig=Cg0ArKJSzDxCEswxAZy5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=202&cbvp=1&cstd=192&cisv=r20230627.05993&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 56EB 17 KB
6 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 3E4A 172 KB
60 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42115
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 3E4A 11 KB
4 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPthsdfMlFn88QWeBjENySH3SMYwOHzo-R69YJ3imtEk-l2QrV97nIRfY-UTta62WQnobQkxpQN5EyWwsvo9SKbUeacQ8So2sujmEHp1mozENHE6A&cry=1&dbm_d=AKAmf-BoCmRurYCXZQPLqQktQ25IPJe0ELWTBnZfxd5KRUttk0VRtqOlc6aH1K97Ge_NvH1i3NAjvBCJlmhCG_a3ZedK3V5WKmKJqSQFHncbNZI34cefdEElfYdVAChTTOn4Pia9Uk8Y9CYWoBd_66XIxDYFVQJrnllOd_h73H4TaRV9Pz8y7ESrb2onJd-sJ2-_55gfhXXx97EedbLMtDkqUodKDKsf0dhUBkZ7bluzPAtAqFeAECE1aIrimdfOa1cvwh6iMVQ0GxbTjbbMqAj4kA-TsTIn-OK_50BzgIyms6bRp6Z5gXh8Nu2l8zoFtEN4CXJgVOwIMj35rNglpcK3t4udXn6N09MWaxZp62IPWF_i-EtJNiMX6AK_J80EN-MV5nBtlvihPejUz_eIsL3vVz3bIJcIPSHyajIkl2LQfSy-DmlZby_DAJYpAglhJ84CfUKaLJC_drCZ4uOEr_OjGWESpv-dvvsjP5VINzsKVJX2GZrn7AVIUhA84BG6_VoiW9P4ubACsqDEUyLLdptAbBReTtWJ1__xV2Dgw_A9yzgCUQP4LHhTH8IgTOzcTX6uT7ZvlsBTqDHeLmVO0hHPg7PSLXyqHzLwgcU5uTt9L2RJNiqTg9DvcYsjYsfpD-fLJrme3nCqa93A4EQNL7S5d-iUxSjCW1WeZ7t4EHD_uxmp_ljm1YJQnZ9Pp0vfddlCMW4hcpjnREX8iCdFl9bF9DshBQxzJeEw2eFmJE7jj7a1JIKPRLCwRVJ8-obG-KLsff9XLLTr5MWFsjwc55zSlXSEbmnGTkmLm8X_ELH1eiIPgARRVqErTphBg5vNc0diRe5gBDgXtEyQd7J2M9NDo4qRupovkYs__ndcryOmNAFNMKIVeaWM0rbY7DWYlucRMfBtaYk95qGYOa2rtkvwd472-s4MdSA2adTys3IFrj5IKZgvkP4wJ7uy3iqp6Vl9vh--pP0w5fsM85yzDgcuhBgtQTCYynrx5RcJ9E7KMXhx8EXpjVa_WVKrb9aix00DwbO0W38YV3erxtQ7QYz3ta7sqkP-hSOJPyy3dhEZ8Pt87OwPsyanfkjf5oMKnW0RAufQxRLUn_dErDq1OqCl7268LWDw1HKnEoX9stenp4smEVIC11-5H5hnxiKxNgXvXCmqX_Jzgsh917QJiXiI9_nCuMfCHOThQNqLUjC9BtybVfgPPyQY4Hm2qBAK9cscFlj5M6GZiWE9bq74gBPlJEwMjqoexGiM-NOTdwXBQnf0ASZuq6XaqCYmA8yJBEWYypRMCrebv0upZDuAkZInPjk1r-w1T0rAq6HGx30YDR6BR0W8k8AtuUXkaAizGJZcYcMecbFisRsMRqn0w-4wyGieHb5fbSZmvrpsuNKPTAihVIKjAfz8_eFIjTbN6-UTaKZMUcwu0MIYC1KIGF9ntsJjy3jvjpXf4ZDUYPQP0C3vGrxK3xLefeNeY1QidU-s0aDmqc4U4_0_zVRsXIquYuB_Mx1lq676EdtvAiKYXRYKO-6aoZFT9O3xN5Z2Pk5HG0MqPsnqKYkTdqKX4ZZTQlKF4a2AlSJg9z5c8IAflJ9WwlLIsCNEQyo-VjaEPqfNlaTPjSrSHzCWaWu-QhaNKGUWod6qhFfNXN9HsoNYO5mGi14b-cwPUgo3tedhEfSfO_vw4QwzXY4IB5O0QbdrJwdcEZmoGO4BPoi4N-QiTAe-MN-nY8vK0S05LT6dQeTLh8A823Dv4ZHgQ7PXMnpn3duhX699xu-YxDGKYK4Fus7Qf_qrtZhRQUw9ymXOYeN7gnJMSceNHhDk4cVUn12UAUAhIR30sVU7crA25duc3Vl0V4Ez7Owu_8X_lc5tU5EyAg9f-0jmmg98q-c-nBvqsGFJGGvmwbMGL-HYy87hI6IT6VdV6V4DyX-f6XgOoOCTf5vNV1PzLMOwbtQ8B_xZXKSLiIQc7cUdjNNmwN4HL6Thchfud9cyXJzO8_tCUDVslIZ9oTBsE0y58m5mbvhgyjQNrxJAMFShboE_48luu7xppjoLwk3rC3p-9l9k32Oa8xu5UTDXKIq95OAKwxPb2ZIw9EO5foxJ-INtmMj1wsuDZfXsfmeTVj-wEKADFwDH_zbOjrSqb1Fe69RuZP0MKRfqAhETWybNnuOxEstTVmuWrXSfbqUDk2MWJIqWxINPttvrJ1nmL5E6WqIQNzFYondin1R_MKlZWzNRBLkcLjHB8_wVgs1ZroVPxHTBfNG2ms1xVpWVvnjOcrgu_CYDdoGLBHacx6oE97U1MbBGoGJKVSVdzT4tv91GWBS4EqA385PHGyTVagsKS4VqfEbZtYPmcqR1ny6Cx2Y6NGyQ5lSBa1UziFmwPgDqJeFI2pSp8aQPF0Gu0nZ8zwDwi2mIBoEJ7-plTKuznr5zxaM-CImljFaJhFqeT1O02rK75somG_fjagrEhOGQ-RYaONQnkspaYU-JhZxfj3eYyqflJ2Tx123jhTTp5DMfuzWhvBSnfJSwHnVJ0ZrTzFTAwpmWt5qmtDo2zjDAjPj5m50RefUoy6hSAz3tkuqM-0kH4c0Hj6ljwRMl2acSFkjffkd7GTTz8ufy2Zbb5FGmWBEti7F6y1rL0TaT9DWXPEtIr5GKrnOsKGPQ72dUvs8zH09dKFv5JCA18vZLvUuZomnuEolQWT2l3VJPEpmySAW-GtrAUJX14U9RPhRbf1EcLJE5ibF5QfhBd3Pj-w1IP-EyoRlNLdKIpHN8e-PHrtu0M28XgTeuIyDBI0QaHlp9-YGP3bhSvSIsrr6IJLL1kgA6rGwjgRc0wSLK811szxPGKGHdXd5gygIi0bUp6Ywph8MwEQg_sy1RWi6VHdIjqKKiSd7Co1tx5dhgLTqXWLu7E34Xy7Yz2RVblXxZXBulepBe38Ch_cQwSRXTLwGfHi2j4f_Y_uf2WNNTPbhwBEF4EG-SG9NYliH0rPraBmre31cxE-NP9X6LKsDzw5lGz5g5ynOuIPELfsPlqRCefRuq2tkVlc36tEOtsnTTlZ_j3-gyBT0MKCAhPICY41hgwUdJ50_-_kwD29SZF9RqtEyGHnH9qDhp8EmvS92wyMmPiRbxGtYXUVrjb6jgqNdxqUIrSElMM_-qsOvyPHVJDqrhbw_a5wQbeswpSasAr8oGB3cdwrFLyP4MznjtoJkdDMTcJKOHbXqwMGMk6AyPimirrLEBDk4lWMC0xy1a44Ts1xlNKWf6dCZgaMAFMGqSgbSOsthKZLTXbR8X72hWjwhsu2MZ2MwvAp9Nh_qNQjQVo81TIEVjkMdkkgxjrD6nWAK4nQAETd1Io8g8CtwG0HQUvTedM6jbi7nRip92CmXBqwrb_xPfy1XQxFLES1FLHuwo4um_n_s5eB8faeMSjnfZj1F8yEaI3pcKS_vHGmPQ8Ya09mpuXl1HlSzH7pUZESyGf4r_p4BJW9sTYROjcjGjpSLCWtRCOQBKT5IHIZgltEWDLZObhnxj3A2XRXNvoo8-NMOmnddbRIXdzHrzZ9gshWFT5EO_NmLt8PATViYs0WjdsUv39POlsxZf6Ys6Ocv6NRzyXr4YyjcuwHy8jls0Slp8kGToQ6kXNgeUF4432YlVRCl4lOlBB2PaEfTsAvDgG-SzsQtWRjk&cid=CAQSKQBygQiD0MQsRretdvb10vcWt5EeE7EdBwQpwzh62-S62F1ffcAo6ZdxGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=7834955896851066000&adk=4275104297&idt=108&cac=0&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27544
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 3E4A 30 KB
11 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27418
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3E4A 41 KB
13 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 560515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ED9B 0
0 54ms
53ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssry5wqbK1o5fdYw5bfPTZ3k0x95qcIfnZb5KGtl_Mj9u4QgWufcoVp5jGPGFy_2cmX_zccysuFMH73OTr_tqDhSbJP9sR2Hi5w78mA2ZKIk2vBPxqQ8UnIvb6qUyVEPCHi826Yl2O__LwiIBi9s6Z6TkBhPwSkJmzdEpvJ489ykUXau9ZWwxre73NdZ3Lk0MDDlLLGn8v9BXlEvUp6d-1cKA8_6IQ18unjoFdluvFiGo9bCidYO_cn9D5CXQuqYvrAiFvTDo6ayncQjbojAf0iRHiRETcn8XYL1QtmzsnarlOhiH984cj14ZU5mYEU7kBfN7wj0x8An3awNvysvIRldwVd33dAhc7TkUlZm3o&sai=AMfl-YSwTQzpW1_OITGhlWKu_XuYLybeXzWy2bJfFbAyLeIfSPY34-2-joZmo3ONJx8Bt6say2a1NtX55TDtYACw-t7_Vsln2xoSLnbiu1B0yKQ&sig=Cg0ArKJSzE7v2cTDHeF6EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame ED9B 14 KB
11 KB 29ms
29ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230627&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af072f764b9cf3c397b08f0e8888f4dc61147d00285c7ba90cf9aca0667d6848

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11087
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3D75 22 KB
8 KB 15ms
14ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 560209
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 frame.html Show response
ad4m.at/ Frame 5570 2 KB
1 KB 16ms
16ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2091885
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7e13a05358af2bdc-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Tue, 04 Jul 2023 01:34:30 GMT
expires: Thu, 08 Jun 2023 00:41:56 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44Ga0zAac576cjF4CM6EHMi2bCMRPr7GBahdkZ2hUt5o3KWQI%2FjdHsYwLCsrPD%2FamIZFkDYXBXLIE7g%2BgbflSzn%2F6VEz1%2FYJxd%2FEvGf%2FcEqAynPX6dutwRc6qLIu0yke%2FQUHd14%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 7283 118 KB
40 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42114
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 7283 63 KB
25 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 89E3 118 KB
40 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42114
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 89E3 63 KB
25 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 77D6 1 KB
643 B 14ms
14ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64699
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3E4A 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec63560c7bd59e4ba1050edca85ee787063217b4e1a67920c0a2789b263d7b71

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame F2D6 118 KB
40 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42115
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F2D6 63 KB
25 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2ECC
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFJB2WZQ1H8zTn4L500uWwptVWD82cHt4QKtk3aeLt...

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFJB2WZQ1H8zTn4L500uWwptVWD82cHt4QKtk3aeLtZ3nPv5XXcHSwDCxt5WXPP7KHxDtyuqW-hb6RW68FSuEUwhVf5JBZaNQ

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 Jul 2023 01:34:30 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFJB2WZQ1H8zTn4L500uWwptVWD82cHt4QKtk3aeLtZ3nPv5XXcHSwDCxt5WXPP7KHxDtyuqW-hb6RW68FSuEUwhVf5JBZaNQ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 2ECC 70 B
264 B 40ms
39ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBILjBYIgBRcFii20RCLSwY&google_cver=1&google_push=AaAOQGFhuH3M3MyDNrJ5Kx5nSvnUVEU838J4XXAa_4T2hWBtsBhd6Cz6e4_8dPDTgGzSBzQO0atEsQZt31UC_1Dij5k0vr2I_EpL
Requested by: Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2ECC
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHefh5OzxGZGGDM-F4hxMko&google_cver=1&google_push=AaAOQGHIreAIL46DYwL1boZDlIxMRnIdgvqpRLIUusrfaQ0Z9iWPUYHIf_w4ACmgJeWAgoTr8MeSIM4vZKzBNLqj...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGHIreAIL46DYwL1boZDlIxMRnIdgvqpRLIUusrfaQ0Z9iWPUYHIf_w4ACmgJeWAgoTr8MeSIM4vZKzBNLqji8PqPkoRfr8v

170 B
188 B

23ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGHIreAIL46DYwL1boZDlIxMRnIdgvqpRLIUusrfaQ0Z9iWPUYHIf_w4ACmgJeWAgoTr8MeSIM4vZKzBNLqji8PqPkoRfr8v

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 Jul 2023 01:34:31 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGHIreAIL46DYwL1boZDlIxMRnIdgvqpRLIUusrfaQ0Z9iWPUYHIf_w4ACmgJeWAgoTr8MeSIM4vZKzBNLqji8PqPkoRfr8v
x-host: tde-deliveryengine-production-7c97bc8457-79cdv
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 2ECC 43 B
362 B 15ms
14ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEBPtUc9nQvmYwZMH0FWHXjs&google_cver=1&google_push=AaAOQGFbPNnHf0DfKDCn0JKBOrUi5b9u-rq30TmtFtPjB7pV0nEf-BMOPGKbBAC_z_eKs4C0xL21Yc1c03R5QtjTRNwhwwNfHU7i

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 172763
expires: Tue, 04 Jul 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2ECC
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ulnIeqjwSxGMPq8cAptF6w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ulnIeqjwSxGMPq8cAptF6w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGFtiXI3xlI0iX1xnYFi5mCDfkD9HT8FOO-6ZzNQwjXn0Jpu3CssRSLXjkdZp-YLOwGMtzFAKlbnxvqRUpbtAi7Bi9_pnPB0

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ulnIeqjwSxGMPq8cAptF6w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGFtiXI3xlI0iX1xnYFi5mCDfkD9HT8FOO-6ZzNQwjXn0Jpu3CssRSLXjkdZp-YLOwGMtzFAKlbnxvqRUpbtAi7Bi9_pnPB0
date: Tue, 04 Jul 2023 01:34:29 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2ECC
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEF4tICdxa837pUi2DkRT384&google_cver=1&google_push=AaAOQGFpiJqfxwZ5H-XueAv9yMhB_xbvqL0dvUgi_GvELWVhGIJUKDJjwmQ6qECEDvTBWVPjhjfx8KhaqIhVV8pa3L3uH1...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEF4tICdxa837pUi2DkRT384&google_cver=1&google_push=AaAOQGFpiJqfxwZ5H-XueAv9yMhB_xbvqL0dvUgi_GvELWVhGIJUKDJjwmQ6qECEDvTBWVPjhjfx8KhaqIhVV8pa...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2ZH6R-h2TN2QkIHIhyuB3Q&google_push=AaAOQGFpiJqfxwZ5H-XueAv9yMhB_xbvqL0dvUgi_GvELWVhGIJUKDJjwmQ6qECEDvTBWVPjhjfx8KhaqIhVV8p...

170 B
188 B

25ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2ZH6R-h2TN2QkIHIhyuB3Q&google_push=AaAOQGFpiJqfxwZ5H-XueAv9yMhB_xbvqL0dvUgi_GvELWVhGIJUKDJjwmQ6qECEDvTBWVPjhjfx8KhaqIhVV8pa3L3uH1i6pjPy5Q

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2ZH6R-h2TN2QkIHIhyuB3Q&google_push=AaAOQGFpiJqfxwZ5H-XueAv9yMhB_xbvqL0dvUgi_GvELWVhGIJUKDJjwmQ6qECEDvTBWVPjhjfx8KhaqIhVV8pa3L3uH1i6pjPy5Q
access-control-allow-origin: *
date: Tue, 04 Jul 2023 01:34:31 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2ECC
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEEkBJjSM7_ZT1DzJwvInvDM&google_cver=1&google_push=AaAOQGE-pYiDxM3jQKMigZquyY0VgbUsnFNvJDad9-VCdYggYpwKpUPdMMCfTmU_1TGbErzZ4FdxNqGY51nLhZYTI5us84vy7t...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGE-pYiDxM3jQKMigZquyY0VgbUsnFNvJDad9-VCdYggYpwKpUPdMMCfTmU_1TGbErzZ4FdxNqGY51nLhZYTI5us84vy7tR...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY2NzkyNzA5MzM0OTMzODg0OTg3NA%3D%3D&google_push=AaAOQGE-pYiDxM3jQKMigZquyY0VgbUsnFNvJDad9-VCdYggYpwKpUPd...

170 B
188 B

23ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY2NzkyNzA5MzM0OTMzODg0OTg3NA%3D%3D&google_push=AaAOQGE-pYiDxM3jQKMigZquyY0VgbUsnFNvJDad9-VCdYggYpwKpUPdMMCfTmU_1TGbErzZ4FdxNqGY51nLhZYTI5us84vy7tRrpw

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY2NzkyNzA5MzM0OTMzODg0OTg3NA%3D%3D&google_push=AaAOQGE-pYiDxM3jQKMigZquyY0VgbUsnFNvJDad9-VCdYggYpwKpUPdMMCfTmU_1TGbErzZ4FdxNqGY51nLhZYTI5us84vy7tRrpw
date: Tue, 04 Jul 2023 01:34:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2ECC 0
12 B 22ms
21ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JPL_p-vWgowLWqMGlLowpCbeblWwzcXRKHB9jzaJp3vSZS1zquLY5VLqWASqyeePqTLKCx

Requested by

Host: a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
URL: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 32CF 22 KB
8 KB 14ms
14ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 560210
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame ED9B 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H2 200 vt.php
cat.nl3.eu.criteo.com/delivery/ Frame 5641 43 B
347 B 51ms
14ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/vt.php?cppv=3&cpp=H-p06y4Yxnq3YAS2KY4Vvg5FAa9zd7i8opqLfdjMB3JfVfOLHyAgLES5EsnNxZfhN_mJSU8MWOOaKF_ZdTqj5Ac46Upms-KXnJTzIW3DNIp1UISVpxqAoJx1iw3Ic_5IAn61E59ON0flfoU9j3lCb6oEVpztkbntG2Qt7JuEkr2A8geYI3hf7zlED5Z9HYVEw4i1TG5_Yg-ubV2Kw4Tsiykv6BrGRn4FIupQN0swfvjFd8OC&err=[ERRORCODE]

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 225351
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5641 42 B
64 B 26ms
25ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CDaf9JXejZLvDNIXVgQfPv5yQA8me0rFc1Z2R93DAjbcBEAEgAGCVip6CsAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC438ICoFNsj7gAgCoAwHIAwKqBPcBT9De5b-3XtA_z5tpv-K1Osyee2lku_DwUZ2fC_6UedU4TEmxX3Us4T9wlxyFIMsIeFXrZZV4OO6F-vcA1AwF5O3qkJ4DKjQGmTaw4iEosyI4unsDQqWCu6KOBs69IGaOL1cXrcHM0q8FuCV_8lZDUyqkwE2Fc0S49mh7b3Lpc5XOp7efImFRWOlnYw3BT0qemzka2GXM_OMHwq-x384-uowf0xxrklsg7p5-xFrKAjuqTLqyXRaZwyVY8_GEttfc23o9s9ffyWQz8F9wID-PtAT-NzSzRyJl2rrtLc14zYU2ifAlZhXtivnswJ2Qto5T4PLu9qtyhOAEAYAG2LSo1PSRzsw0oAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE&sigh=o8-sROeSvhM&label=part2viewed&ad_mt=7&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15000%26vmtime%3D7%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D331546367%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1688434471057

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 5641 43 B
347 B 53ms
16ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=f4A5E3BHWJFnb10NcezAfq596KjJsxqopDwnCW8hN1RUabxlnLHshYRiqNQdlYWKJPFgqPjve9wuYS1eapA6Gk9DCy3zNZE8N8Ba7Rgxd2MXIx3O9TpjHAbkXWWWm709a-4dzXuuNaLcp_wFnxTJvSnRlUD5uUS-Wl-dhYM7_45JfdZutLuiuxDwcRL5UXy7U5MfPimR3lNNGfJzoTuKgjk0VGi67t5-Hsm3dOrMKWzR4aG6VMxPdXXrY1GFf_y_0Z0TWsDErzs3C0NAHq6cHGFOGbLi7ARS7nG_nRnxx95JaL__chXHDjpZq_N215xmtyuHiEGYlC8kTOW64SMCRfy6pfGVFcttHRQPwM1mfySexIuhHQKT6CR55_a8hVjAUTYXzR5GKdjQcjubriX69TjBrM3juFLYi3THXZPhdmLAYlUn

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2308136
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5641 0
0 62ms
61ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CHBvCJXejZLvDNIXVgQfPv5yQA8me0rFc1Z2R93DAjbcBEAEgAGCVip6CsAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC438ICoFNsj7gAgCoAwHIAwKqBPQBT9De5b-3XtA_z5tpv-K1Osyee2lku_DwUZ2fC_6UedU4TEmxX3Us4T9wlxyFIMsIeFXrZZV4OO6F-vcA1AwF5O3qkJ4DKjQGmTaw4iEosyI4unsDQqWCu6KOBs69IGaOL1cXrcHM0q8FuCV_8lZDUyqkwE2Fc0S49mh7b3Lpc5XOp7efImFRWOlnYw3BT0qemzka2GXM_OMHwq-x384-uowf0xxrklsg7p5-xFrKAjuqTLqyXRaZwyVY8_GEttfc23o9s9ffyWQz8F9wID_NtiVssLsvVJ35zhk9EGuAxJE8P_oLfpdZQsRKMiKOmpbWSnb9SeAEAYAG2LSo1PSRzsw0oAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=6x9x9iU-U-s&uach_m=[UACH]&cid=CAQSLQBygQiDlPkHrJkS7qR59Ct5Py1N68hBut2bYhZ-Z9yQS1L64vAL3ALhDVzNGhgB
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 google-vast-measurability
csm.eu.criteo.net/ Frame 5641 43 B
246 B 44ms
14ms Image
image/gif 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://csm.eu.criteo.net/google-vast-measurability?cppv=3&cpp=jXyjvyBNUyHCCGgYlS625r-PDMfhevWVOoZKmkZyZ61z2oKWfkv1GwnN4yfekILSumsZPg6TCF0VqmxGRmU9iDEl9LqxE_J1_KPwtSat8xLMF2jfFx6BsM_5wh4__J7B_a-UeMYuEoYdJLOkbOFdG8MJL3C7AIUNQc65HA3iPthv553V4RHS1FblFS7uene2y58TTG_qosmSC-gL0jkf_XbAO2vPDsXp8GNy3UT5CKvZqzvtMvQtaSGJJkab8FRShHwyAg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5641 42 B
64 B 50ms
49ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuA0_7nki4bZsFlIzVWLeBGS2PyTkNz3QRpo-GbbY87PbwJfMLV8T-9tdqTQuccCI0ORaDhkzzG_1cxTga8hwv6Cdk&sig=Cg0ArKJSzJlkNVMUvqQcEAE&id=lidarv&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15000%26vmtime%3D7%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D331546367%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1688434471057&avm=1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5641 42 B
64 B 26ms
25ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CDaf9JXejZLvDNIXVgQfPv5yQA8me0rFc1Z2R93DAjbcBEAEgAGCVip6CsAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC438ICoFNsj7gAgCoAwHIAwKqBPcBT9De5b-3XtA_z5tpv-K1Osyee2lku_DwUZ2fC_6UedU4TEmxX3Us4T9wlxyFIMsIeFXrZZV4OO6F-vcA1AwF5O3qkJ4DKjQGmTaw4iEosyI4unsDQqWCu6KOBs69IGaOL1cXrcHM0q8FuCV_8lZDUyqkwE2Fc0S49mh7b3Lpc5XOp7efImFRWOlnYw3BT0qemzka2GXM_OMHwq-x384-uowf0xxrklsg7p5-xFrKAjuqTLqyXRaZwyVY8_GEttfc23o9s9ffyWQz8F9wID-PtAT-NzSzRyJl2rrtLc14zYU2ifAlZhXtivnswJ2Qto5T4PLu9qtyhOAEAYAG2LSo1PSRzsw0oAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE&sigh=o8-sROeSvhM&label=vast_creativeview&ad_mt=7&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15000%26vmtime%3D7%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D331546367%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1688434471057

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5641 0
54 B 481ms
378ms Ping
image/gif 2404:6800:4009:832::2003

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=6~ljnmafkf&c=5486482016042&slotId=2743241008021&qqid=CPvptcb08_8CFYVq4Aodzx8HMg&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&dm=15000&event_name=first_play&asset_bytes=151396&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=7&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=ff.1dx~videopreviewstarted.1dx
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:832::2003 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 687D 0
209 B 56ms
49ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688434469045&userId=vnetac2305d7-3763-4e40-b58c-79645b958670
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:31 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3FFC 13 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 16931
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 20:52:20 GMT
expires: Tue, 02 Jul 2024 20:52:20 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5DB8 783 B
534 B 25ms
24ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f8a432f5565f3fbe58ea73cf84a66bb75b879376d7ee9b5fcc3f0b28be8d422c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rdCzORR8dsI4p3BplHpo8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-rdCzORR8dsI4p3BplHpo8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:31 GMT
expires: Tue, 04 Jul 2023 01:34:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/17952959967271059456/ Frame EBE2 47 KB
12 KB 25ms
24ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

011e3c5d05b1f8220f59241e57ac65c49b382e8ed8eff99149e2eda18e36a660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:31 GMT
expires: Wed, 03 Jul 2024 01:34:31 GMT
last-modified: Wed, 15 Feb 2023 15:44:22 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3E4A 0
0 61ms
61ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvUJG4YrKX5drjtsN3yaHDCx_wFIeqrax5_JrnJlMe7H7YHwoU0Hr8K_cEKH6BwPpZYeGjaKpgiuI9mavfYan5c9m4QD-TO_kxx6GTffA5DOrjWv14BTgX1RF0rejT94NnpUjepy1Jdyln5YVpy9eoQRnukqE9ldsmKLSfGLbQcCmA1v0H6s6DUZOGf3fjXn2pjJH3xA49XDfAIJnw-vplVd-ReXwrJI-2dZgTPBXZ8kMb4ltDaQ1x6PgQlVtpRJXR5Q-rVu_DV0zNeL3FnVNUu02dLn0KwNKuFQJLv8RnS0-Ufvy8L1JauJYiZLEH3TiOH3_Uhp2mYsG9pgYHvvueGwkB9xEfQelK5LNznBn_oiFG6HiQlXRAcEw33gxNjsDQORXEhrB7A4I2Ta7_PmfBL2ShYjynrQTDH5RhHYjoi4yv472c99uYAyyWQpUqZh-uLtxlgJk3_k-usIkUIoZTC7QXybxO6S2VpRWhzjFPEBOz2VS5QelALIPRwIugf_l7_lEqla533v3RZeMz5xy1WX8vbk3DhOV615DdQgYFcjJtCPe1brjn-IJ4L4YhAG8UPWbzert4_6N1Cy_Oa3jO_9uSb_4MCN4j2YqTnOTSUs297spuzva3KkbW5tiZYZAdVGQglTMj7D3kNZEi-k2lGsMVyc-L8L53Ei2Mo1AteHXxC7v8VgND-3ZxYvRa2q2E4sD79ezYYMGATW60ZI4QVHUXRHNyrYRde-rIHuVce0eYzO4gGIvdbRjTzyzF9_5_tgDPdyROEPT1AcNMvXInhgTimpSlMWfVin36q3OlJPmHqYzHjyYSjjxwB2RqBe6v2vY18NfqFOK4Wv_VMWCRaroySauY8CMb0dIliJsYTV0i-rMHPF2i5KoNfmWOSUKyWncOts3E9gFTzIugGPIm-M4pNW1cw9Y9LuYShd71GDZ-rqOW---AiS_F_k4LsYIFnlrfYki5GBzWEDtA_oyMoSU_IGDuEfgx-79I07WGf4z7GBP_NGHtpZTIS0jvw_G0ssI9rQA2tJ6xiMgETUAgg5EatlLAbCrHnJy8wY730VDk5qjMG6o6cia2kxDOQ8qHGhd-5TZjUnvntqv0M3C3AVSmiwO2egDfaUtdeeHzstxJZQy9gZmqxbcaSnj0AiCeA4XmD24UM8Et52X7I27ZKUqCVDv3LrRWNuDiol0yEYtsQfWZ27S_Z4VhpQcZqPo-SFmpYxZrGktgLwGa1-IyOC22UO1reIuNwvbipAqWHU7FVgfR6dD-GkJo3DI-tVEZArI125i6T&sai=AMfl-YTdWv0zCuSqo30Fr5De4VhvgupFGBOSLPQcHkNtJkwxx8RhEOpG6xpVP-LmmeQ4Om02RvJXLVUS2eZwSwpxFsPpxNDnlfFI3_m3zEng0vw-w2luf5xxm53njUCmWWeSems7-Ux-pLBqr4A5k6ORWiVCexxwZvpkypayqx0ZSO3THzYx9JXXGzFJBL7gh_n5C85uPJZ_slilHhbkHBHovTGKnD-i7Db-PoQ-&sig=Cg0ArKJSzIveVsiWeWp-EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=205&cbvp=1&cstd=199&cisv=r20230627.96714&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7531 37 KB
14 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 77D6 0
103 B 17ms
13ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEJBIgNB5mTnjKpG4CLbjYqs&google_cver=1&google_push=AaAOQGE1kKplRvoX0dwLdWfH-o_4fx8Bv2pXpBECYB50TzEZZ7KpC2cOsEDchilW_UNQNFGRSFPDtHF9KH_k9Jw8L5gps1_x4J0K3Io
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469757&bpp=1&bdt=211&idt=91&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4316939624482&frm=8&ife=1&pv=1&ga_vid=1622227721.1688434470&ga_sid=1688434470&ga_hid=995122130&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1330051604&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31075720%2C44788442%2C21065724&oid=2&pvsid=1047029687176492&tmod=857679626&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.404gpo8jyt3q&fsb=1&dtd=94
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77D6
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFpu_CJSnVWyZ_5L_yaA0Wv3OSRpAgztMtLVUJhLLn...

170 B
188 B

25ms
25ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFpu_CJSnVWyZ_5L_yaA0Wv3OSRpAgztMtLVUJhLLnxk7GK4Tys4aWZdUhLlacE2LPjpzKSq_XR2z7rSH1bkbgeeivBJZqLFQ

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 Jul 2023 01:34:30 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-0caa68a19e3c1fdac@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NDdhVFgwb0ExUWd1VzI1&google_gid=CAESEL26mn3ErqR7jH0BgBNZ5Bo&google_cver=1&google_push=AaAOQGFpu_CJSnVWyZ_5L_yaA0Wv3OSRpAgztMtLVUJhLLnxk7GK4Tys4aWZdUhLlacE2LPjpzKSq_XR2z7rSH1bkbgeeivBJZqLFQ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77D6
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEBTe4Kjw0RdQLTa28GjaJVQ&google_cver=1&google_push=AaAOQGG4tPjcw9Uey9nSH4P7VYekem0RU8vz2RdfdOzkcN9asxugZqHWifo_elr6F4t3zAmrEq19HLAIAviS5zbt...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGG4tPjcw9Uey9nSH4P7VYekem0RU8vz2RdfdOzkcN9asxugZqHWifo_elr6F4t3zAmrEq19HLAIAviS5zbtrHF--WwuYiLSBbY

170 B
188 B

25ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGG4tPjcw9Uey9nSH4P7VYekem0RU8vz2RdfdOzkcN9asxugZqHWifo_elr6F4t3zAmrEq19HLAIAviS5zbtrHF--WwuYiLSBbY

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 04 Jul 2023 01:34:31 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x27 config_version:"1524"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGG4tPjcw9Uey9nSH4P7VYekem0RU8vz2RdfdOzkcN9asxugZqHWifo_elr6F4t3zAmrEq19HLAIAviS5zbtrHF--WwuYiLSBbY
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 04 Jul 2023 01:34:30 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77D6
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEL01whmwbo6wjmtNECfSalU&google_cver=1&google_push=AaAOQGF2_loIvbBNXfYgnd8i2laski4nsVlJDylaeTio3vqiqgA4sIMdBEVFoCQzkoZLJZBqfLHlnEfxWGWhqR...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MTc3MDgzMDEwMjM5NTAzMg%3D%3D&google_push=AaAOQGF2_loIvbBNXfYgnd8i2laski4nsVlJDylaeTio3vqiqgA4sIMdBEVFoCQzkoZLJZBqfLHlnEfxWGWhqRDYKC...

170 B
188 B

23ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MTc3MDgzMDEwMjM5NTAzMg%3D%3D&google_push=AaAOQGF2_loIvbBNXfYgnd8i2laski4nsVlJDylaeTio3vqiqgA4sIMdBEVFoCQzkoZLJZBqfLHlnEfxWGWhqRDYKC-sD5Gsnyqo-cA

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MTc3MDgzMDEwMjM5NTAzMg%3D%3D&google_push=AaAOQGF2_loIvbBNXfYgnd8i2laski4nsVlJDylaeTio3vqiqgA4sIMdBEVFoCQzkoZLJZBqfLHlnEfxWGWhqRDYKC-sD5Gsnyqo-cA
Date: Tue, 04 Jul 2023 01:34:31 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77D6
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHefh5OzxGZGGDM-F4hxMko&google_cver=1&google_push=AaAOQGFIEjcSrdJBF2FtBG4iWetPUFTpuRY0gBAPpzskfzYiXo-xmx6Y6FwVkxse3KMiwz8apv50tWn5s-4JMxNm...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGFIEjcSrdJBF2FtBG4iWetPUFTpuRY0gBAPpzskfzYiXo-xmx6Y6FwVkxse3KMiwz8apv50tWn5s-4JMxNmStZCpWmMAf5uYg

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGFIEjcSrdJBF2FtBG4iWetPUFTpuRY0gBAPpzskfzYiXo-xmx6Y6FwVkxse3KMiwz8apv50tWn5s-4JMxNmStZCpWmMAf5uYg

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 04 Jul 2023 01:34:31 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=IYt8NUSjTMOb19t89G8FEA2&google_push=AaAOQGFIEjcSrdJBF2FtBG4iWetPUFTpuRY0gBAPpzskfzYiXo-xmx6Y6FwVkxse3KMiwz8apv50tWn5s-4JMxNmStZCpWmMAf5uYg
x-host: tde-deliveryengine-production-7c97bc8457-bn8lx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77D6
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESELZTJfhrmbP-UY5-Y6YZDFI&google_cver=1&google_push=AaAOQGGtUtwf3jUPI_9RdpNtcrMc_9XyqzfchQolZVS33B8e7XvYpjaKf5VKr59Sv1UvFLghd06aHYpFjG2k98HFH6YW_Xj...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELZTJfhrmbP-UY5-Y6YZDFI&google_cver=1&google_push=AaAOQGGtUtwf3jUPI_9RdpNtcrMc_9XyqzfchQolZVS33B8e7XvYpjaKf5VKr59Sv1UvFLghd06aHYpFjG2k98HFH6YW_...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGGtUtwf3jUPI_9RdpNtcrMc_9XyqzfchQolZVS33B8e7XvYpjaKf5VKr59Sv1UvFLghd06aHYpFjG2k98HFH6YW_Xj4FtZbnpY

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGGtUtwf3jUPI_9RdpNtcrMc_9XyqzfchQolZVS33B8e7XvYpjaKf5VKr59Sv1UvFLghd06aHYpFjG2k98HFH6YW_Xj4FtZbnpY

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGGtUtwf3jUPI_9RdpNtcrMc_9XyqzfchQolZVS33B8e7XvYpjaKf5VKr59Sv1UvFLghd06aHYpFjG2k98HFH6YW_Xj4FtZbnpY
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 77D6 43 B
362 B 17ms
14ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEBPtUc9nQvmYwZMH0FWHXjs&google_cver=1&google_push=AaAOQGFQA5t340-0oYg7q4wAbAvpGYATGwJKllVl1UGQLhLE4b-qhqszCLcnW4O_gmgJHg649BDLjLl5mXVXsQrUQIaSTGGc_t0cPA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:30 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 216718
expires: Tue, 04 Jul 2023 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 77D6 0
12 B 24ms
21ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lssac2-mmTnqZguMyxoVRI0jOghNg-m0C-woffDpQCB9ghJv5UvmJ6yJ4y2zaHhjMzhnDw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 rs Show response
ad4m.at/ Frame B349 1 KB
1 KB 32ms
31ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b41b586946c404982358fe98c015efe9d740ae31f72d34d768c717d8926bdf9

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xbEVnzjqannQ9Ex8mQfINRHbNLXBI1Tm%2F5%2FWpql8x0LwueJCYVaeBlWuP44FaUrQiBEMNA6fsusUhU4hlWesagcEq6fSAj44UXZynkmKW5DjnScJBuNByQ5Ig4Ds1KE%2F94J%2BGMc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7e13a054dc2639e8-FRA
x-backend-server: aa-reachservice-group-europe-west1-zp7g
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 38ms
27ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7e13a054ac0e39e8-FRA
content-length: 24
content-type: text/plain
date: Tue, 04 Jul 2023 01:34:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RQ6LnXnkY5M7badHNjwb7iCvQNbe5wD5zKV7KTDaVnFUKLBeEW7XbOuFREAhIRQ95hNLKUaHZnQ%2B26%2B5q4eHy3DO8cMd4Z0qYpcX9UHAw73L6t%2Bz%2FhIejJnTgmax9MAAXKKjUes%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-nsjd

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 3D75 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3859 0
0 54ms
53ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssWnSZhpsMknIPHfhthwzgQeBcdYfDKaeLSoGuJcwVJfSf48fN5OT_bUZ3zUfRDrhTMcLALNRw_0wAQg74vtD7UOvERP2cCJ152iWIAMeoxaHpmEyOxpu9O-fyJLpIZERGmr1ameKJHw_iLlWzUTm_8R55U03TQtqmwaHdCJyJI1n1yqq4TZKrdR_hoHHxIhW1L6DYGK7ukunjeSuh-Gmkmr7Rcru9oPlYz4PSk3GGimyMVth6vOtJQULO7DaMOuVOdKtYg0KQazGGL1_nED9TPPiUMMOlja1D-_jWj5fxXUy0ZIK40XvUwW1U4JYO26W5eX-hRzh_kFmHv95-vvkAmErsFeg_pPfmz1Qf6diARwKv8W4FZnu_GiUGE6UvjKwdm9CtoKaN9zlabtGlKsd3753tjM1223VtrXCVNSrzxXno_WAh53Fe4G3YDmjlEF77hXljvRYsQChOHjmsv426Ew0WjUF5SCwTSGixS3E2eBWKLkgJBay10SI8Md9mPSYgJxy6-xjlOKy5TEbtqv8bAN95-a7fxYIi8FGAiWOzOK2-wPvyuQFYcFqTg_CmDnR36DfpZO1w2GsMqOVah2j245FZRRQKRiAhspotO-OvXXq98hx8FYcy6e7zaBnZmgOK9k1TBiYdMR6y1W_YkMAk5ioSP9Ut8cr_jGf0gLU-Yc4svhDsMCL-hcbZq3qG_ofk64WsHgLwSOvj4-bSsiR6kQOJYwI-c1-zx05CTgLR4EBozYdb19eiq1qfzXj6qNIUIXzdWaY4ED-H-SZDHU2Qh5LoQzg_ijvUVVr0mOA47A3H4xc-uWpBGP2rOn8lcujDBq98ei93USBlJed7CzX-nfidBK2bPdfk9dW3DlK3uKeOFzHRPte51zUO1YlQpdq7tAyVN6HFfyYKBQUe5p5R_I4C0xvBHaEHK5UdEp00Ji2zlTUf7lTTwFZ11wJ3a9UYhg3OAzQt9D7RKc0x7J4ruLw_crqh1oq_9L09Tc3wV5RJ5gPxz0DNcW_mAU3dycs0kD30gh8Ot-fk0F1FbXierZzfz4iI4ofuowDUDlzEYCFiRX_U4Zn_OPhaaFE-Vja4WlvF8fVzC_ZUykoSXusdIHRo35025ogW6bCkTpaqb6mvzWQ1MKMrZnnlpN7EaLGfF3O8PVhuJncXwIbtJj9AJptp8ytg80KJVvCaLC0esPFU_9c8EewIkP7cKoi2igH99qaUHATZ7wiWoWLNMogOhxtpK98v0isyAQN3ZimKy9JssjrKhEIO9nJUomkDHqnxiXAfcORDxyhDogOEO9Wnit8wfuEWuTxGH2zH_vw0NvUiIR-5FzUs3ByxpEWXg90KSMXWix52KLTj_DfY&sai=AMfl-YQYAJeBt286-XQJcu2KazRrMtuE9pKAFXSJXoy9eE_2ynIDz-JHUw3zZYb46BhEDtWMHx6VU8hqMTa6cKfpeGS31WqkznDEXkpbNU-cB8HOqYOVNGCNkMi6ppQLYZzBQBsKbvlBkeiOLLWtnc3QYpGMVbmhmIRqc9Ug9JtVZx3fe3PG8ARHJxzJRvGgXnSGQox43VnRQS72zMm41gVfhKvPnwDsau3edGv0UUB76Ok4jeHJ7hebdTpYKWV3J3OyjG-6TBPaiYOcoDWxZnSv5fegGJv0-Q&sig=Cg0ArKJSzAbVfB25js5REAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=604&vt=11&dtpt=305&dett=3&cstd=288&cisv=r20230627.50568&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3471 22 KB
8 KB 14ms
14ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 560210
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E9D3 0
0 55ms
54ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsudEf4Ekq9JkuvLPk4QP_eSIIE4zjvFXjyQiZC7iMwraQW2K39hQDOhp3955iWwZoFWiY9JgWYVRy8jdt8F3s9ywxsVgedW4K_NqqkzNnP_4so2kG3Nufkv0ZBWYhVHU643Iia81YTbRnucB8pqq77-OMe4kUGKocK3d6qW2QjWeGq71vQSzzcWtPD6UHXpo_ILZSy2NfbHV4G0F9qK4aYgU3b0TLOkjXpKzS-gMTW34jKWIk_ifer8vWFfg7BzBQIgHu2IBAKOyGTSYWoXBJ7F8f7AdeIlNsX-fH-hr7DToBO2jGyBAeng0_5fZAfC64sgO4HlT8mc8glSWPT2w0g2iPuBPyWjvD3rkQL4PwCy3sLG4b-Kf6JxDcqYOZ0Nr6xIbbGodPGqvJ4SNWSYcDoFe1j5x3D2batfZr9O2wYtzf4iL6u5grA0c7hzUBPAAJb1g2YkPvhgts99vo8B43aHzZqPl3qI7bUKJXJ3B7teJL0bSdt-eeVIX1Hfp_cnZOGEKCFf2kSuzUjm7qDSL58pKCYDvEoBOs_cilsBPgdzjAERSQmrXiSTxDreLmhg8Je741uIBLCzrJdi1T88MHtejfiXS_BMs2s54OiyUMglIRXacLcBJH56c7nsWfGH4AlptlreWiT9BYEsGYnDqUAwble13Zt3W5xNJjkCFTVZcvUPJQDRX71QR7oHIYTMxLpvYuDhRRFEWtfLaZhgrhixfNffdq6n9F7WZWjbWS8dd3HIjcZBOYstyX-vr7ZzHEpMKPv6hL0FCWIV_qBgcN3NvInAO8n4eWT8BpFT8hgDSXu1OfP8j8vFU4JkVdV33zFNkYdIKmDoNQ8zoQ2kNxbdgKswofsxKRc-69XiSfytkvFMbsSyEBXFvvAXDboDWsrrrtzzMy7YJaREsGFKSzJYfWzD6E2-b6Hu8dteRbyFVSuqOB7Vv1StSzlKOj6MipU-XV-2B8PSz19z5pYXadqy5FObTbWCjcplNKDqpanmhuu3_FrY2rry0vPs2GHwurYJqnQH98TizcuOvy_54D-LaAQvmooNUDt3SGMSs8-qvl3PmaQCK1ClAf7ouoadh6MCZZF8Rjfmt1BK3_5-kfIk1NikfxuPetzAkZA50PPlkUB6JOIWB45Q9NlPDC55Qn2m5eKAYak2YuaDa4oc2ZM0Fzd7PTxb_kbUu7abeAZZwFqLNZYLH_6U6QnHx2VUE65ieQrv95PJfo1OASauyqOzo9xYGFv5hGcMtJZz0TCogZMF6wX0urBJtj0Ow01lBGlpo3meWfQMFujPb37u9RtaRdUltFKOdq1FAgoeIeaAmSk9hs8f1s8iab7PF3YGICLW-tuJxXHMNm2URrE&sai=AMfl-YR97v1rEe2BQwSFLo6rwHmFhK1829dVMaRJzMOc0K8BL9uwhxOlAxoegMAwrL-fSDyPY3xI-fTlVWMIy3qHn60pGv03CLmo6YwvQBmwKDIq-bQUixrYWTACC5IMEmW52yGKifiJMuW6w3YYymkFTr0nC-Uo1z-ludO_Y5JGMFTAi3cl6fFmj9rVAkD8wn4K3orszglqFE52zUoFgCropTivwvam3OaTqSD4Wsj6EsrRj_fnY5qa5lHY2xVok7OGdZFjZYSNXR_QPclFo_un8xFixmttjQ&sig=Cg0ArKJSzCakEuzwANAZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=568&vt=11&dtpt=287&dett=3&cstd=272&cisv=r20230627.01925&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F9BB 13 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 16931
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 20:52:20 GMT
expires: Tue, 02 Jul 2024 20:52:20 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E3E8 783 B
534 B 48ms
48ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d06cd5aed21befc16f2c9df19e22088c1ef6d741fa05a10256b1aef2eadb79e8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uhKeWdRNWYZfTgjtNltlAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-uhKeWdRNWYZfTgjtNltlAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:31 GMT
expires: Tue, 04 Jul 2023 01:34:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame EBE2 118 KB
40 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42115
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 13:52:36 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame EBE2 63 KB
25 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 78ED 0
0 54ms
54ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssT9DncmcvkN0irETh3ZWF8BRSuOs8OANRS71mtAw4DkMXA1EkB6tJg7_4ilNIqRtF7vl3xZixqvE2Q5iWcKvWK1CChZRW6mhS6i-gO7l8nrd7A16SxKSy0f_Zf0M811eDUQIFLPDPc3lOyDQtac1VmGAjGmLpvkIXH2JAeIWjsqz8QprAGc_uauQD1qduQ42LtY8ay9BRLvQPXl2KuZkcrEkQBluIZnmea3OxjblZALD7STK-cRisCUvfkyswRJs8j_snOYzrbiX7XGsqRN8f9O2F0NXJzHNkh8kQZBlUsNb-2WXbwLxdnd4390gMQKXCw7hdvXAd4lvtKZd8ZWYVsdw3Asw4z467-lcl_FOAODR-rzxj3n3qRSM37yx6JkLbB_Ca4gmfqp6J8RG_73zwpvAa2GTQOkwuE0oD7pGChsGB-x6GqKnqinjBiFAhujWPhXaAjDMJPqL0tz6GSqyXbrcJo9z6u0AdtFag8HfevmnlnP4a-cVkYm-LrlEzfkRehFY6q1BIxTUesoNWL27DJ7KG7Kg4P8KSNJuwq0fAHV8F-vUos2PktfRBKiTE43cIymVXZyXtDWUZpmSu7UhnZF8uK6dUIp-LPpFVEVsJjRLgwcFnjaK-fXlZ3BKoAw2rP4rfIJFynAVn7wrZsJHUTyqwdr87bWOk7pUAqR5t0pJUqIhMuxeiWa7ls726bId2BtlKhVaCDd4hHucWd5fQl1alCtufWuBLZJ7ZTw6JSoiMYo8PnUNltiwj0RzhQ6yHEdftjkoTxbQVSesUVJYSCyimzAD4BWGpzh5Oi-hydY3sH_1kwj1XrckbzYgfaGw6f38H9xgPjrfn57Fi8d-MnGyPfUjPj0SBvUp555_9xvpX1gLeHKYKW0PuvIgGli0p1jDMwYK5CZ_Hzyl4a2pheq3fS9_lu8unjT73xGTolxRzg1QRbqrywiy3nOrz93WUagei49QFH04YN_kd9iqDblNHgaXGREhKzYImoYrwevYIGTGxh7VNsP8qW0hUVpqb2yvxb8-UZhDqyH09FNgwzOLbRYpxFzd8QM9SkAbKVyE8aaMXJwGkNvqkm3Xm4f1hs7igBje2ND3rGCuQvZda6-XLmuRbzz6igrSOtw4Mk2x4zKb4YYGbOeK1mLKtlMMjfdLhIoSXEW_XB-c6KG8nsMMBSf2wAj-QZ7Da5VBNuUUcTVn-De6vHpw__RPuaLPKYZVYaZTFrXVBhQT5lRa8qXjNibwr9JPkTkr1nsZStth0EpMscnn8yKPbRVjtnVabBFf_PjgW_HUgrxfETkZOp80sdss7pkmBWdKRQcg3jgkZHYnQKdUGUc1sVcg5ZneBusqQB1DfDmwLDBiGR_iUKTJDBTbkmVdIIzsMejyYcKDx5GQW33QAnqdpveFw8pKbMz-xHkKgcio_ppQ&sai=AMfl-YS_Vfhmu4LjnPfnYYcUj2H3UY-O0Bq1CY0aisEsqJ5cFbFydoPTLKF4bQ427ch01pY9JNaRnR25_9pSd02Lv22UmObLbj6wf4-PkrSDT5HVwlVzJQh-i10gcHR9Qq339KsV2rccO4nUrCBYbrUmAMybvzt9vk8s1tXWhD7VyiXB6D_8v1rb54Ok5GP0CyGy5XLrKdT4eDSJfT-tmODvHuhtgcI5Fstj5fhKzW56ZpC1Eg-8V9tjHdHdY4imVfSXx4NjNhSFcYRR9qjjuuE9kxC20zqpUQ&sig=Cg0ArKJSzDxCEswxAZy5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=479&vt=11&dtpt=277&dett=3&cstd=192&cisv=r20230627.05993&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 32CF 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame E7D5 5 KB
3 KB 34ms
34ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=197862&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW&c=320&d=50&e=&g=8762eb1712a26ee3b9694bc8f2f9f0bc%2F14432925441392775156&i=71725&j=21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471188&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd9d10e0fb0377bf2e9383b083d67c40b08993f3ade2fea7b97f13799ef971e8

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1gxp9bvx45prbx5xcv28rrhgj9jmnte2j733q5gh7t3zyr2kzn0p1yzs3kfqpxgshnsq0gv36jr6cwfdg6tyx03ngz809b7fbf5733z5qtd1zbcqbzmpmkggrktsxy6c8krfwd5f8bqw0r74qr38s8r068j48xpv32ke8ve79r5t5sxb69abnrc8hwzbxy0mvegedeb57z8d2nkdmp2q3aw34ga91hymgz0kmn2vtr7r1rrnnfmgddzrxnt57de1xgz23a6ktpe2xd0cbqvp6n409anr2vqtykghyrz5bvcf2rxes0pz2avtg3fajyy9yzw44f5y828k140wn1crccf6bw79d4t9qj9pkg8nfk82ndqk088m78scb17yqabz04v9h3fnyykws2vk5gskprgccznwaabsxtzd7e0hepv409483847ccpxnhdp0k9zndyk0rk350&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e13a0553a182bdc-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:31 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5DB8 0
0 50ms
50ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230627&jk=1771576481624570&rc=
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 7283 47 KB
47 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:21:00 GMT
x-content-type-options: nosniff
age: 811
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:36:00 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 7283 46 KB
46 KB 16ms
16ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:30:54 GMT
x-content-type-options: nosniff
age: 217
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:45:54 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7283 7 KB
5 KB 28ms
27ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1295fa3725826bdabdebec90b902a36ca9e3f91b741dd13c8d52dbd2f9f2f392

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5602
x-xss-protection: 0

GET
H3 200 60005582_20210507060843268_Asset_Transparent.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 7283 2 KB
2 KB 18ms
17ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210507060843268_Asset_Transparent.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:42:46 GMT
x-content-type-options: nosniff
age: 24705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2040
x-xss-protection: 0
last-modified: Fri, 07 May 2021 13:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 18:42:46 GMT

GET
H3 200 60005582_20230605081336854_PS5_ASSET.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 7283 29 KB
29 KB 18ms
17ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230605081336854_PS5_ASSET.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7166e72d779a4ff0ac969a105e33836fcec03f9f6cc7553b21ab325cedd4ac8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 08:03:35 GMT
x-content-type-options: nosniff
age: 63056
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29362
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 15:13:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 08:03:35 GMT

GET
H3 200 60005582_20230605080808552_160x600_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 7283 32 KB
32 KB 19ms
18ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230605080808552_160x600_LOOK-01.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9ae2761b78607391d6b040e243e3d3fab19c88ce095a90b89d624c3181f5ab1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 08:17:47 GMT
x-content-type-options: nosniff
age: 62204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32970
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 15:08:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 08:17:47 GMT

GET
H3 200 60005582_20220825085130495_160x600_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 7283 38 KB
38 KB 25ms
24ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085130495_160x600_BG.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef3a6cef3c8af50dd4b8e6c84af98d1b9a6acb716a038209d59970ebdb15302c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 19:02:11 GMT
x-content-type-options: nosniff
age: 23540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38995
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:51:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 19:02:11 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 7283 43 B
609 B 68ms
21ms Image
image/gif 141.101.90.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_354695792_145341318_PO2702A20230606&ref=29118705_4307561_354695792_145341318_PO2702A20230606
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 04 Jul 2023 01:34:31 GMT
via: 1.1 varnish-live-1-1
CF-Cache-Status: HIT
age: 2972761
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 10 May 2023 18:30:14 GMT
Server: cloudflare
etag: "2b-5fb5b10159980"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 613220182
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7e13a055bbed3675-FRA
Expires: Wed, 03 Jul 2024 01:34:31 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 7283 26 KB
26 KB 14ms
14ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=Ym8kTCJvH3&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:23:10 GMT
x-content-type-options: nosniff
age: 681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:38:10 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 89E3 47 KB
47 KB 14ms
13ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:21:00 GMT
x-content-type-options: nosniff
age: 811
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:36:00 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 89E3 46 KB
46 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:30:54 GMT
x-content-type-options: nosniff
age: 217
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:45:54 GMT

GET
H3 200 60005582_20210507060843268_Asset_Transparent.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 89E3 2 KB
2 KB 23ms
23ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210507060843268_Asset_Transparent.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:42:46 GMT
x-content-type-options: nosniff
age: 24705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2040
x-xss-protection: 0
last-modified: Fri, 07 May 2021 13:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 18:42:46 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 89E3 7 KB
6 KB 27ms
27ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c520c279fc2dab5370a0172bba2353c3c8f0320265a2e268abffd694dfeed4e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5745
x-xss-protection: 0

GET
H3 200 60005582_20230405055008629_SAM_Galaxy-S23.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 89E3 45 KB
45 KB 23ms
22ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230405055008629_SAM_Galaxy-S23.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11586ac07519877e58b462cc6b49b06d0dc943dc4687fdc62012a5a5ed9b982a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 11:47:37 GMT
x-content-type-options: nosniff
age: 49614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45587
x-xss-protection: 0
last-modified: Wed, 05 Apr 2023 12:50:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 11:47:37 GMT

GET
H3 200 60005582_20230503075344013_160x600_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 89E3 46 KB
46 KB 24ms
23ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230503075344013_160x600_LOOK-01.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b366b8aeb477e04ef8176170034055bc785f329a659ccb6d24bc0a00d2a59b96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:27:29 GMT
x-content-type-options: nosniff
age: 29222
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47168
x-xss-protection: 0
last-modified: Wed, 03 May 2023 14:53:44 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 17:27:29 GMT

GET
H3 200 60005582_20230404070248174_160x600_LOOK-02.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 89E3 37 KB
37 KB 26ms
25ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230404070248174_160x600_LOOK-02.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6b207c7f5820a9c411b81f18dbfb1264550bb0f8bfe26a181006b6d2f781b30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 11:58:20 GMT
x-content-type-options: nosniff
age: 48971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38062
x-xss-protection: 0
last-modified: Tue, 04 Apr 2023 14:02:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 11:58:20 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 89E3 43 B
608 B 42ms
17ms Image
image/gif 141.101.90.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_354695792_145341318_PO2102A20230503&ref=29118705_4307561_354695792_145341318_PO2102A20230503
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 04 Jul 2023 01:34:31 GMT
via: 1.1 varnish-live-2-0
CF-Cache-Status: HIT
age: 6425580
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 22 Mar 2023 08:05:14 GMT
Server: cloudflare
etag: "2b-5f7789eafa280"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 40418697
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7e13a055bd8c5b5c-FRA
Expires: Wed, 03 Jul 2024 01:34:31 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F2D6 47 KB
47 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:21:00 GMT
x-content-type-options: nosniff
age: 811
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:36:00 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F2D6 46 KB
46 KB 17ms
17ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:30:54 GMT
x-content-type-options: nosniff
age: 217
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:45:54 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F2D6 7 KB
6 KB 26ms
25ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca9c4b37e0e69ab3756510a5181fa8e393f2e381b3f9ae562af5adc2874d1337

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5766
x-xss-protection: 0

GET
H3 200 60005582_20230403055111419_APP_iPhone_14_Pro_Airpods_Pro_Watch-S8.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F2D6 28 KB
28 KB 22ms
20ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230403055111419_APP_iPhone_14_Pro_Airpods_Pro_Watch-S8.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1423d079d6951e06854e878a00e88ddd4cfb3f323d5531ef45c2c3d5a8494a14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:57:07 GMT
x-content-type-options: nosniff
age: 23844
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28721
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 12:51:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 18:57:07 GMT

GET
H3 200 60005582_20220825085202338_728x090_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F2D6 30 KB
30 KB 23ms
21ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085202338_728x090_BG.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5bfdb5e4886a5d739b60e2a8938706714242d4e9a68cb77281630a3e518faad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 19:13:01 GMT
x-content-type-options: nosniff
age: 22890
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30980
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:52:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 19:13:01 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame F2D6 43 B
609 B 36ms
16ms Image
image/gif 141.101.90.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_355027444_145341330_PO1203A20230606&ref=29118705_4307561_355027444_145341330_PO1203A20230606
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 04 Jul 2023 01:34:31 GMT
via: 1.1 varnish-live-1-1
CF-Cache-Status: HIT
age: 2972761
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 10 May 2023 18:30:14 GMT
Server: cloudflare
etag: "2b-5fb5b10159980"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 613220182
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7e13a055ba9f3734-FRA
Expires: Wed, 03 Jul 2024 01:34:31 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame E7D5 114 KB
14 KB 24ms
24ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW&c=320&d=50&e=&g=8762eb1712a26ee3b9694bc8f2f9f0bc%2F14432925441392775156&i=71725&j=21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471188&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=197862&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW&c=320&d=50&e=&g=8762eb1712a26ee3b9694bc8f2f9f0bc%2F14432925441392775156&i=71725&j=21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471188&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 483682
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BmMSTGK0V1EfgRlUS%2Bye67f2Y6JFUMCmzaoJkoW6i4SlR1XsyoKUHX%2FJjlGcIjFx%2FFJjiLYDxSN55KTjb4vFh0IO9Cfii00gj4Br4hLYoMHfKuiDL4JRURlyKw0L2Oqj4Y4th%2FYxhGE%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e13a055da812bdc-FRA
expires: Tue, 04 Jul 2023 02:34:31 GMT

GET
H2 200 C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
assets.ad4m.at/logo/ Frame E7D5 5 KB
5 KB 37ms
18ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW&c=320&d=50&e=&g=8762eb1712a26ee3b9694bc8f2f9f0bc%2F14432925441392775156&i=71725&j=21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471188&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c63890b7f3f2e513fa085cd7b198f9ab91721a9e8aa7180806ff4aa7b4089a4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1211171
cf-polished: origFmt=png, origSize=10283
alt-svc: h3=":443"; ma=86400
content-length: 4736
cf-bgj: imgq:85,h2pri
last-modified: Thu, 06 Apr 2023 12:21:02 GMT
server: cloudflare
etag: "b90d04a587c2a1ab6749e51d8bb195d1"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y2ObX4we0SRfVn%2FG7Q%2BbluynK9tkrOAFn%2Bg08wv6iNowyHJFszeXRRwCmTgs18qB6sjqRZtj6eyEoRP4ua%2BuUlJpbAGiBQMVitvTdoVogwph5boH4gE5I3tRhOsVSiD6LZQ3WJjoGXtH%2B%2Fay"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e13a055f83c5c4a-FRA
expires: Wed, 05 Jul 2023 01:34:31 GMT

GET
H3 200 A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
assets.ad4m.at/product_image/ Frame E7D5 54 KB
55 KB 20ms
19ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW&c=320&d=50&e=&g=8762eb1712a26ee3b9694bc8f2f9f0bc%2F14432925441392775156&i=71725&j=21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471188&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 861e4cd27539274eedfdd65212a140a4c7ccea88e004d23f5234e4db48bc73ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1492782
cf-polished: origFmt=png, origSize=105738
alt-svc: h3=":443"; ma=86400
content-length: 55786
cf-bgj: imgq:85,h2pri
last-modified: Mon, 04 Jul 2022 08:55:40 GMT
server: cloudflare
etag: "147be38db57f89c69c9e65b05983ff0e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0NOoW%2BZvR5ziX7NrI9p904ErQfpRVPK%2Bl07cTtANBE9QluS78X52N44PfMEfK3S%2FR2Ct%2BvKjTJJo6KUy7NdnM9bZnGh858brRLtthMxqKM6L3kQb5EjO%2B3Ug2rMhPFP7kJ3%2BuC5SGFC0489j"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e13a0562aa62bdc-FRA
expires: Wed, 05 Jul 2023 01:34:31 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9A94 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuDrFiBFBhv_p0A05lOa2BkNUcocRrvNAEyX5a-ep0AGiv8YnOMYI3Trri7ySV34q3xisiGxs-rcgFmittl5CvhtXns&sig=Cg0ArKJSzNVGcb-mjG63EAE&id=lidar2&mcvt=1054&p=0,0,50,320&mtos=0,1054,1054,1054,1054&tos=0,1054,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=0.94&if=1&vu=1&app=0&itpl=20&adk=2061921259&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688434470111&rpt=163&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 3471 37 KB
14 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 3FFC 37 KB
14 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 89E3 26 KB
26 KB 15ms
15ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=kaf46PsXNz&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:23:10 GMT
x-content-type-options: nosniff
age: 681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:38:10 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame F2D6 26 KB
26 KB 15ms
14ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=J6hlNBqjeV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:23:10 GMT
x-content-type-options: nosniff
age: 681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:38:10 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7283 17 KB
6 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3E4A 0
0 55ms
53ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvUJG4YrKX5drjtsN3yaHDCx_wFIeqrax5_JrnJlMe7H7YHwoU0Hr8K_cEKH6BwPpZYeGjaKpgiuI9mavfYan5c9m4QD-TO_kxx6GTffA5DOrjWv14BTgX1RF0rejT94NnpUjepy1Jdyln5YVpy9eoQRnukqE9ldsmKLSfGLbQcCmA1v0H6s6DUZOGf3fjXn2pjJH3xA49XDfAIJnw-vplVd-ReXwrJI-2dZgTPBXZ8kMb4ltDaQ1x6PgQlVtpRJXR5Q-rVu_DV0zNeL3FnVNUu02dLn0KwNKuFQJLv8RnS0-Ufvy8L1JauJYiZLEH3TiOH3_Uhp2mYsG9pgYHvvueGwkB9xEfQelK5LNznBn_oiFG6HiQlXRAcEw33gxNjsDQORXEhrB7A4I2Ta7_PmfBL2ShYjynrQTDH5RhHYjoi4yv472c99uYAyyWQpUqZh-uLtxlgJk3_k-usIkUIoZTC7QXybxO6S2VpRWhzjFPEBOz2VS5QelALIPRwIugf_l7_lEqla533v3RZeMz5xy1WX8vbk3DhOV615DdQgYFcjJtCPe1brjn-IJ4L4YhAG8UPWbzert4_6N1Cy_Oa3jO_9uSb_4MCN4j2YqTnOTSUs297spuzva3KkbW5tiZYZAdVGQglTMj7D3kNZEi-k2lGsMVyc-L8L53Ei2Mo1AteHXxC7v8VgND-3ZxYvRa2q2E4sD79ezYYMGATW60ZI4QVHUXRHNyrYRde-rIHuVce0eYzO4gGIvdbRjTzyzF9_5_tgDPdyROEPT1AcNMvXInhgTimpSlMWfVin36q3OlJPmHqYzHjyYSjjxwB2RqBe6v2vY18NfqFOK4Wv_VMWCRaroySauY8CMb0dIliJsYTV0i-rMHPF2i5KoNfmWOSUKyWncOts3E9gFTzIugGPIm-M4pNW1cw9Y9LuYShd71GDZ-rqOW---AiS_F_k4LsYIFnlrfYki5GBzWEDtA_oyMoSU_IGDuEfgx-79I07WGf4z7GBP_NGHtpZTIS0jvw_G0ssI9rQA2tJ6xiMgETUAgg5EatlLAbCrHnJy8wY730VDk5qjMG6o6cia2kxDOQ8qHGhd-5TZjUnvntqv0M3C3AVSmiwO2egDfaUtdeeHzstxJZQy9gZmqxbcaSnj0AiCeA4XmD24UM8Et52X7I27ZKUqCVDv3LrRWNuDiol0yEYtsQfWZ27S_Z4VhpQcZqPo-SFmpYxZrGktgLwGa1-IyOC22UO1reIuNwvbipAqWHU7FVgfR6dD-GkJo3DI-tVEZArI125i6T&sai=AMfl-YTdWv0zCuSqo30Fr5De4VhvgupFGBOSLPQcHkNtJkwxx8RhEOpG6xpVP-LmmeQ4Om02RvJXLVUS2eZwSwpxFsPpxNDnlfFI3_m3zEng0vw-w2luf5xxm53njUCmWWeSems7-Ux-pLBqr4A5k6ORWiVCexxwZvpkypayqx0ZSO3THzYx9JXXGzFJBL7gh_n5C85uPJZ_slilHhbkHBHovTGKnD-i7Db-PoQ-&sig=Cg0ArKJSzIveVsiWeWp-EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=453&vt=11&dtpt=248&dett=3&cstd=199&cisv=r20230627.96714&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 081D 0
0 54ms
53ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstR2BNJVOd4S64_Rec6SNO5fyqZkC8pTOUUsibU7pApyOwHIg3Oj_B83qrvdtq89mWwVn8HXjiQgOVMhivRb4FxccP95fav4Fx3UcW6YxHah2NQF7i2h536pjZlqUQw05gKa7Gvm-bdF8R2vMsuVYYy6RfLBLfVvz1mLD5SbrkilGAp_NrIeGZBI8B36TKE5DxfcHpDHt5SKurQnrUhxWyfuaKBC4tPfVXRKAbTeWRbNabFAJeuftnUOniRidZ5MbKy5LOsiNFBfGtnLSx48c2EG7Dxx8fvuzbDDzEFM6ZYPwZtuJpUC9VGlrP4iUgTrqesjjW0qqYGncTlIW6PuQ5itJpGxCKFu_ASlLFjbyK1PK1wVPoXeQTtq50J&sai=AMfl-YQIWBXrWEISdZ64w8RcxJF38t3Cj9UMDbLhXh3EwxFkMp_6jsrIpiOHZxQ8ZCrljSWIU5J1PUr_7MnwMza7VNeoio0TxEcCNOQtCVXgZrI&sig=Cg0ArKJSzKxLHVDk77InEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 081D 15 KB
11 KB 29ms
28ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230627&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

823fd2204308d98480e57c5339e3daac7f7c56c4a0883500e6e4661acba1cda6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11226
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 89E3 17 KB
6 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F2D6 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 01:34:31 GMT

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 34ms
34ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7e13a0563d0339e8-FRA
content-length: 24
content-type: text/plain
date: Tue, 04 Jul 2023 01:34:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XpWbz8%2FOeR0JKx%2BcfvjMfH6L0QNcyzSn9ehjpETZVROtNA233YhA0EhpmN%2BrSIiz89HOay%2Bt6%2FbS8LkevoyQ%2BmjJ3pyrhGg6pIQe%2BhUor31h0tA7rnnUaCyiyI6QA4rEc8PLwxM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-zp7g

POST
H3 200 rs Show response
ad4m.at/ Frame B03A 1 KB
2 KB 33ms
32ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd9f06a91522ceeca21f0569aa28b2672f05e08e4cd2d8cd8927f1055b9f5475

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vhh50gflSiiwVx8Pl28Amu5yH5TwQfuST%2FumG9NBT99r5tC23zMUenUSB3Mht%2BizR3vyYSDznZ0MUn%2FThgtYW8nKAayryF4zxgln4%2FQUQik27VawF%2FeSk4B1sSbedf4t4I4qRjQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7e13a0567d2a39e8-FRA
x-backend-server: aa-reachservice-group-europe-west1-nsjd
alt-svc: h3=":443"; ma=86400

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E3E8 0
0 48ms
48ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230627&jk=3971800441917970&rc=
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 081D 17 KB
6 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame F9BB 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame EBE2 47 KB
47 KB 26ms
25ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:21:00 GMT
x-content-type-options: nosniff
age: 811
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:36:00 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame EBE2 46 KB
46 KB 27ms
26ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:30:54 GMT
x-content-type-options: nosniff
age: 217
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:45:54 GMT

GET
H3 200 60005582_20210507060843268_Asset_Transparent.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame EBE2 2 KB
2 KB 27ms
26ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210507060843268_Asset_Transparent.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:42:46 GMT
x-content-type-options: nosniff
age: 24705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2040
x-xss-protection: 0
last-modified: Fri, 07 May 2021 13:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 18:42:46 GMT

GET
H3 200 60005582_20220825085202338_728x090_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame EBE2 30 KB
30 KB 27ms
27ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085202338_728x090_BG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5bfdb5e4886a5d739b60e2a8938706714242d4e9a68cb77281630a3e518faad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 19:13:01 GMT
x-content-type-options: nosniff
age: 22890
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30980
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:52:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 19:13:01 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EBE2 7 KB
6 KB 29ms
29ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d87e621c2c2c2cfcfc431c608767e17a1f91736735f7c04cf6713e836147dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5675
x-xss-protection: 0

GET
H3 200 60005582_20230412024536330_o2_homespot_5G_ASSET.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame EBE2 33 KB
33 KB 28ms
28ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230412024536330_o2_homespot_5G_ASSET.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

549667bd2dc0f6f1bb069fbe4151ebf664f6167be869d8b83032c0019a6e00e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:43:11 GMT
x-content-type-options: nosniff
age: 10280
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33586
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 09:45:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 22:43:11 GMT

GET
H3 200 60005582_20230413245535820_728x090_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame EBE2 41 KB
41 KB 30ms
29ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230413245535820_728x090_LOOK-01.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6340ab066c8cd3fc0ff1e47b254690638b7481954f793601c5602be5c7692f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 23:57:44 GMT
x-content-type-options: nosniff
age: 5807
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42135
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 07:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 23:57:44 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame EBE2 43 B
609 B 22ms
22ms Image
image/gif 141.101.90.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29115794_4307561_354697130_145341330_HSP0203A20230413&ref=29115794_4307561_354697130_145341330_HSP0203A20230413
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 04 Jul 2023 01:34:31 GMT
via: 1.1 varnish-live-1-1
CF-Cache-Status: HIT
age: 2972761
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 10 May 2023 18:30:14 GMT
Server: cloudflare
etag: "2b-5fb5b10159980"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 613220182
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7e13a056dd1f3675-FRA
Expires: Wed, 03 Jul 2024 01:34:31 GMT

GET
H2 429 link.html
track.webgains.com/ Frame E7D5 0
0 109ms
31ms Script
text/html 13.41.28.186

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1j2tqv94krxfwb7rgzaqhybb6d71ndj8g6bg31g0at9bv5qar8evbhwnrd1385hapg8evy1mtexh6n89k7cfmmpssft535nwaq4xsz32wap01397hdavmvj04h1mh3gmnbz68y70xzqh179cgp88qb9nwactnks4xt4ezjy3858p79qqqj4nnsfns90m4g9vg74229thmb18jqpan2f2xjgg7hcc5m6qjhthbafxm4w6dsa65tcdxfk2qs3q8y51pzcz4%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW&c=320&d=50&e=&g=8762eb1712a26ee3b9694bc8f2f9f0bc%2F14432925441392775156&i=71725&j=21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471188&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.28.186 -, , ASN (),
Reverse DNS
Software: awselb/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
server: awselb/2.0
content-length: 45
content-type: text/html

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 4F87 10 KB
4 KB 33ms
29ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88abee10ea1626789ae41a246158168c94caf72879469f8ba5eae2e1bf19953c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1gw06pqymg36p5t8p3eer7dvqkvh116nza3sxgva84mva4rjfawq3rxhsq0t09jpx9s4m2kxney5tq7281k76r7rx9nvvz68kpj61hpn9256k6bjsw8ktcxekdba4stz2v9tjjsjc1pxg35w60nqe8frcn6e5449td01cy9arekck9n04vw59vfeps9b5fdfkh62p77vscn7183k41cxdswwzzkzde4dxjtpjha71kzbspvcjztd6h18fdg53zfk8kxty3dykjmmnzyhk19817tr629ty5mhmhd90ewgrqv5fpq175vhr46bpjkb4xbzw35g0kaxryz9m6kr48hgsgzw2b79k17tjfmbqg6f3gnygsff5h13jdjnt4y8dbh4f9hv6vrj4ben3sgezndb222g8cm99ghcb0wmb32r3t812f6jgsve748rjkafn0b64914kceh7n00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e13a0570b232bdc-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:31 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7B04 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EBE2 17 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 01:34:31 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame DD09 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame C783 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame 4F87 114 KB
14 KB 18ms
17ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 483682
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f3z%2FggawFmeMm4lsg32pNdC9o%2FV87zEy9OiWFRnE3t1H4%2FfF2SCqxWJ2OjklkJLEAGh0011j48949lbDGQxSqgwq931Y5%2FUrM9e9G3rl917aSELUaigPB8F2xyKAPWy78DwjtQZDcms%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e13a057cb8b2bdc-FRA
expires: Tue, 04 Jul 2023 02:34:31 GMT

GET
H3 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame 4F87 4 KB
5 KB 16ms
16ms Image
image/png 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55fc10baa9c6fa8d98acac31beba1be0e8f688344f243dea838b5b03e8566a3c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2280555
cf-polished: origSize=9357, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 4429
cf-bgj: imgq:85,h2pri
last-modified: Thu, 08 Apr 2021 14:26:03 GMT
server: cloudflare
etag: "8cc161b392f5744da5319a4da549b763"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X7kO7F0FJehTZb%2B%2B13p%2B3k%2B2qTHa6iZiw11CtB2tKPONzVwYJlCUm9T2NbDW09sxfSXMvGkEMb65NCr6fCE1o9L9Kqu%2Bg7dfOlo5dDBoug4UVsqdPtXpLFnmv3g01Jn0l7WCHmzI3s9YKIXP"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e13a057cb8d2bdc-FRA
expires: Wed, 05 Jul 2023 01:34:31 GMT

GET
H3 200 B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
assets.ad4m.at/ Frame 4F87 253 KB
254 KB 33ms
32ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2754d47be946d2394bce4008332826d0491b510a2a624ae6609d042b143732d1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 964032
cf-polished: origFmt=png, origSize=431531
alt-svc: h3=":443"; ma=86400
content-length: 259252
cf-bgj: imgq:85,h2pri
last-modified: Fri, 16 Jun 2023 10:20:07 GMT
server: cloudflare
etag: "16f7fe8ce7119ba0f513f8179ecb2d3a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7ZSoaRStpaXo%2BfclDhfOcJxkja%2Fz%2BA9%2BdoQwlmn0kARdJx5tvzLKC8rnyjadiR%2F30zAsOcWWA9Mxz6dbidbrpr%2FPzlFbBo4SUizDIGBCfsgcEQ5sWSRuHrqEmpw1pbU4pMhTMPj4ychBciS"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e13a0580baa2bdc-FRA
expires: Wed, 05 Jul 2023 01:34:31 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 4F87 43 B
704 B 109ms
74ms Image
image/gif 104.102.45.165

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidk7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6oneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.45.165 -, , ASN (),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jul 2023 01:34:31 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame 4F87 36 KB
36 KB 16ms
16ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2b9eefee68fa18c6be3c3bbe11d769b5affc01b84ea94c7ec68ae4ffacd858a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2275098
cf-polished: origFmt=png, origSize=62828
alt-svc: h3=":443"; ma=86400
content-length: 36446
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Oct 2022 15:02:47 GMT
server: cloudflare
etag: "e12c1a9f1887c09d377658838eaaa06d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xht17hCrPE81ScwSWGtmgmpwKGXiTaiN8WZwmkH3dS4nc3mEvFtoossMx0DDZQBWvKDYSi88%2FqhE0%2F2RIatiXKYRUv95fygmsQvwGEQxyxwNH5FYUqPgEE7oFh2gItOpBUVsQvJkdXv02Mmh"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e13a0580bab2bdc-FRA
expires: Wed, 05 Jul 2023 01:34:31 GMT

GET
H3 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame 4F87 38 KB
38 KB 17ms
17ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75743518d10d4b4a939717f66c07ef13fb128590c0b05df5c26835efa5280c6e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2144283
cf-polished: degrade=85, origSize=133780, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 38661
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Feb 2020 10:22:01 GMT
server: cloudflare
etag: "d061ca155f758f490340e147604dc3ee"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ouGrLFZPICH%2BmlLJQ2jB3I4VmW5chTEu2YNEXQAoIBX9Rp5LVirrWUNN3wv4ZCV8gQo3n2Q5EnuGVwyXPrDHoYegicCOFJrIIapp3U9H2PmFfdeX%2Beej87EQjCFHGqqU5lNPidi%2FHnmJI3Lg"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e13a0580bae2bdc-FRA
expires: Wed, 05 Jul 2023 01:34:31 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 4F87 43 B
704 B 128ms
93ms Image
image/gif 104.102.45.165

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneidppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkroneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.45.165 -, , ASN (),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jul 2023 01:34:31 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 F9B39585BFA0505D63AEC15D6DB1B02D9089CB0BB1445FD9678DBB04C32C81A56DC3B966E24F60B1752A92F908AA27DE3F0994E5B1621436EB0D2328EC61055B
assets.ad4m.at/logo/ Frame 4F87 127 KB
128 KB 47ms
46ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/F9B39585BFA0505D63AEC15D6DB1B02D9089CB0BB1445FD9678DBB04C32C81A56DC3B966E24F60B1752A92F908AA27DE3F0994E5B1621436EB0D2328EC61055B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 418c1cc5e3fe5dab64df68fee91403c4af6a0b5ee68f12c2717956b216b08b8b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 887296
cf-polished: origFmt=png, origSize=233620
alt-svc: h3=":443"; ma=86400
content-length: 130162
cf-bgj: imgq:85,h2pri
last-modified: Tue, 29 Mar 2022 07:10:51 GMT
server: cloudflare
etag: "d1d171dd651522f41a2fc0dba256a546"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KsI5X0GTl8lrGxJXY%2FE4L8Ek1wFK1%2BryDfaJHFICU%2BjD1eVBKuXl%2BGZ1IN4%2F0mh9BEfKO4Ys9UDGl0ekqOfyQ4QT3cnUGxpb0%2BjR3T9XWjEQIdBCQvRDboK8rSStAKSXWsqGgmvhzZU4l1yO"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e13a0580baf2bdc-FRA
expires: Wed, 05 Jul 2023 01:34:31 GMT

GET
H3 200 1408E404D125984EC307986C30204BFB93CEF5A079A8B664A2AB24EB8E10E04B06FC2810F2A3432611FA8E4EB56D40C4CE476E3578F76162AC45AD15ADEE2CC0
assets.ad4m.at/product_image/ Frame 4F87 637 KB
637 KB 23ms
23ms Image
image/png 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/1408E404D125984EC307986C30204BFB93CEF5A079A8B664A2AB24EB8E10E04B06FC2810F2A3432611FA8E4EB56D40C4CE476E3578F76162AC45AD15ADEE2CC0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48544d39ceaebb01d8e31886a19c82330f02125740397558bb0baa16b81b8c6f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 973564
cf-polished: origSize=731561, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 651990
cf-bgj: imgq:85,h2pri
last-modified: Tue, 29 Mar 2022 07:03:31 GMT
server: cloudflare
etag: "1b69278243c107df5b11186b1f6ca585"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z6TsvOZc5RVWzHZM8wPovD3HsK%2Fa5vLt26EFamMWfwQFV6Q2A0CuIbEJ8HKNGexFQzDa79z%2FKnlKjlDlf%2B4M3FxagUohexT86ETyOp7bjxJmVlPtCKbZKj19Xr2HjnV8NR6MD4E7SJ%2BIfjZu"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e13a0580bb02bdc-FRA
expires: Wed, 05 Jul 2023 01:34:31 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame EBE2 26 KB
26 KB 14ms
14ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=drRF5mtckg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:23:10 GMT
x-content-type-options: nosniff
age: 681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jul 2023 01:38:10 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 59AE 13 KB
5 KB 17ms
16ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 16931
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 20:52:20 GMT
expires: Tue, 02 Jul 2024 20:52:20 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4C41 783 B
535 B 67ms
66ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ea6ee12fdbac4382e73c3b00218c3fc4187c9e6db19b33bdae6972cb894738d2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7ar7L_uvHh2ux_4_c33zmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-7ar7L_uvHh2ux_4_c33zmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:31 GMT
expires: Tue, 04 Jul 2023 01:34:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 link.html Show response
track.webgains.com/ Frame 4F87 1 KB
2 KB 64ms
64ms Script
text/html 13.41.28.186

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2194035&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1jx3p5ckpr3zn6er2k93n3xdmjtm8kbbhfn2fgz9mx8radn1hzgcznjjdqmjy21s7j4ncj87hvj1pqv6abwzmvbkahm910g6j0zrs7e49gwv1m6vtj2nygvpvmn8b4hy1b8d5sxqb9v6dfx8zxnfasb6tgjaqbnqk44tvzr7e6f8qfkg769n26j7k98qmgg7v5v2rq5b4axfs41026rtgr7tkxs5rtt0p0nxbd8vvsq9bdwpp4cttmxsxcbcqctakqdg%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdYoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYMoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.28.186 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: cc2018e9cc0f6a353e464a32cd128136bef9b6ecc3c099ee578d6bd8db2cebd0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
last-modified: Tue, 04 Jul 2023 01:34:31 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 04 Jul 2023 01:35:31 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 0BAF 37 KB
14 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 78ED 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstXnCp4aA60IuYed42kQwRPiE7l6HPPkJc8BJpuyh1LbYnQ1beRCOJ1uRqP2J7BUiQaEYOxtZFNf4Rbjq5gY4vuOtvyQCkDLfFL-luIz2AAABjnJKS6qlEk_Ajqe5EB1f9Ng9_Mz-klIqmJ&sai=AMfl-YS5PEgXdOoILNCI6kniwvaR1ZAcx6wtMbzZdjXamPpGBerMf5D59NZ4RQ4_GwzyVa0lDgWUpfJZG6vJdFC8-MSZCmFLpp4c8DuQUMpVeL4EPXY9zgKiaFlptPA&sig=Cg0ArKJSzE4SL2le1FRgEAE&cid=CAQSOwBygQiDNNHQIwD9ZqSpWhT82szGw5tmIvaEhSyzpqHMMdhD6numjE6wZ04UkLsZXEAhMFdhnXSiN4iBGAE&id=lidar2&mcvt=1089&p=0,0,90,728&mtos=1089,1089,1089,1089,1089&tos=1089,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688434470170&rpt=610&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 56EB 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0XmXmLrE-5bzLg1DjMP7a4dV7cqYiGlgd3mYqkKKiKTkEBRLzsm1TEyFKiyhm5PoSgM7yD2TicUHgifscDhtvgrXqO6CkKwFP10gx_oXKWLIQXBig&sig=Cg0ArKJSzATvrrG0gIeqEAE&id=lidar2&mcvt=1090&p=0,0,100,320&mtos=0,1090,1090,1090,1090&tos=0,1090,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=0.94&if=1&vu=1&app=0&itpl=19&adk=2233359564&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688434469512&rpt=1276&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 18A4 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuey-KYmEX6jpqoqNrdKDboacP4GM_ExMscLmWiwyMug3LuwqVf7FtA8S8Ghuv4ekU5P7MUk4fYk9Qw-1bivAE4b0gU&sig=Cg0ArKJSzFEA48b8_eJwEAE&id=lidar2&mcvt=1091&p=0,0,250,300&mtos=1091,1091,1091,1091,1091&tos=1091,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1935728605&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688434470082&rpt=679&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3FFC 0
10 B 14ms
14ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?JlcWNQ
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:31 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3859 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv40wHXQKFAkBmzf8s520h8D1WFWmUezX9dfkneGORchuIn-oAJnUqVc56Of5xDZwP7j4QsxzQLp_BdTM-sbJ-0bXKYCoopJgIJIl6iwPBDHy0iPv1xgHEnchnuR4bRr4QBo6VmYcEc7C-L&sai=AMfl-YSbJSz99D7GbqGj-n3Dg7w8JV6H4WlnPwKTCw6SeNjzOnpHdZ2cWonBGsY-To26i4cM1VWLnE4RgzqQ869vM5hUoiQQyczBOJ2daPJG5kdnCdO7IMSvA7hbpDc&sig=Cg0ArKJSzDH_Lfrd43uQEAE&cid=CAQSOwBygQiDnsytparIctgIkuBC5INXMfv2LqQYNsKR8w-7ZlT7AzBq4e3KwGGF_pmvevJuLXQvBQC7C2loGAE&id=lidar2&mcvt=1049&p=0,119,40,160&mtos=1049,1049,1049,1049,1049&tos=1049,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3299242717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688434470132&rpt=489&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E9D3 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvEk2k4X6Khk65xsOdhYZmz-c32jdhasMUozZerUSkP9jdmWBzKpluiPukIJ7LZ2isOf2oGZwDVJcMCuvs-hXob-n9Qg7LmvXzpjkEp2551YXWUNCtFtqo2yG1Q0FELhpnd5TbqyM--SvaS&sai=AMfl-YQIe7uIBbcVrHNJjyUejd28eCKyvO-ckiinkagXnz_oXeHjJ_4DoGtiVlHYOd9WatO0SxWmTuJgAEEBEf-4TtP_iXHrSoYXJZBUMy3S7nCrD2skDZtM_ZPMCQM&sig=Cg0ArKJSzLvI3BC9pPDmEAE&cid=CAQSOwBygQiDlAZQmfnQlrJihpX_Wzq3E_zLQ3qb6hFWteeid-Fvozmc6_h2zV_Bf-_n2-onDDnpxkY9MM79GAE&id=lidar2&mcvt=1050&p=0,119,40,160&mtos=1050,1050,1050,1050,1050&tos=1050,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688434470149&rpt=520&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7531 0
20 B 52ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B_aXPJnejZLTnFvKM1PIP9KCl6AIAAAAAOAHgBAI&bg=!AAOlA1fNAAb90kgr3dI7ADkAdvg8WmMObAdto1m0K-u6WPw7pUHo17HS3j6IGJPWUGWnpl4jlUo9wN7CTczp-Tic5iv3EhTnQ6oCAAACeVIAAAACaAEHCgARnlTyIUO-CxUpGYQvPkFOCx-ZAxPXT15gVby-xci8Hqt2lr3IOYRtCJPNUAYd1lvhHzbJrtyrlv4bMQjLJ27bsQjXxA3DfOSrmXXd8CGogcb4SGMAUuPZCgFrAua4pu8IXAydKC15PMqJWA4_MmU5pJwf2qJx4vof8g7z0cnCgkfvsKPFF_iFJ1K4CLGUayP2i3oHr0_dCaTTONmDjTx91LhkmiLAO2Hlbxi9zKvaLjXQFuwf2Zz6IhJEwqzyf7vNHkYmlnDf3wEGQ1SVB1IdcuCFgKiO5NtiE-IJlbgBde1WmdkqKO61V3Kys5XE_BVnV_Ra4bw6mG4ZVzdcNnT5wuPUJ-b3ksy84V6cKjl8Wzlvsi7k0HefgjigAiS5MpsRZzcqt5Ou09-CT_HOfiCPwue5PYvlBsYg3wqoc2Vau-A3p1cstcdiZERMGtoKODLF-Tb8K_fjk38YHPCiV8eFhVYC6wcE_hq9cup-HdPpPJBS1OkV3nL9uGpg5KhF5MlRPW5pKsGXsL1oQl5aUD-av_qYFPtDxKrKjbclZtlNpeZwZ-OWTN95c5G5Y5bQiOi_wbofIGj1qQrz0JJBMfmNP_IVVaNvY8pDOry-U4wyrOWU6rWwqbSkTT-zQkz06DxA8UTTuSXoek8ViCSbPu9m97FxtXGyiME0abEuI2mKRqOtUvHBF9j-nU0q1SGEwO_LicuIf_l_vVqomfcojWrkCIqORtj2G2O78e3vqeXw-B0k8DQkCLe-qZTKhxBC9k_l47HgvldN8xoEjVwFp3qpCFBaILjV6krRPhcjpAEZHoKBDCdUPlnJxuTOt41Cj4d9xSuMGjHKm3w1jTBzodWTQ2qnZwwTL4M0-E-a-eLoDUT8JLrtj-2NIU0A35Ine8AayzX6MLlTRgM6Esiipt9o8LpZTAEJAM6tLG9fchDSoXvWuGOnfe0T2lvi5NAjwRnChEXxbT8O90rVnrigHrDRc9gVbc7zU4Wsthd3PJM7GrZI26g2yPEFsfTmgfwKBQrm9MPiUtAQ1YbxsVDarFQHUETl3IxRNdKh7IbLGqTgMFvKjomltoAv

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3D75 0
20 B 50ms
50ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B8yi-JnejZOOAGuWD4gHTxKGQCwAAAAA4AeAEAg&bg=!Z2SlZDDNAAb90kgr3dI7ADkAdvg8WgtHL_PGukRby4-0N_B1EsU1GhEVR_U-TVveTkA0KUPedjzsjnMw7rtcUVkFMt5yx6iYfHYCAAACWlIAAAACaAEHCgBAehYxWVPVtPYqS3mzLEs0-7Tulj6eNtUvHQXAVBkFUM4ttC1HxK7SMoFd8HKJyo1M4xSLjZibgvmKtPN0AG3c1ZkDIUJZ1jpXU-w6MhUkw-fD902tFVNQBKzgyyaRZUVyukVXCikbQVQsIYGXbMBFL56v_KWKjbpM8EwnOqWnMl2x6433nwNe7KcgGeJHojdIDoFzx4LR3QYpV4AjGfRayMZw7PgWEtQM2eqdkT79hN3CXsYQkwHKsTMdMXb_h8YnjBcat4n4-0ev-OWaSPLJ6JBfco4stxoOgICBvuwcIzYw-QVFhBztK8RUU1bQga-tHYMpM8iZhh_47Ppj4rTbNaDk8iwTFviYIDPnKITO7beU2FLZHCuVNBmAqZVetwsjl9afoUeWOn7aDARmVEXGzZclzfDB_nn13GnYSw9y1qWYgss8lbAtDDYHQVU8d5_wcwoEXYozJArVLMesErPHl-KtgA9_K56xWGd8EHuZCDjgAEhI513tOSJuqGn6Z-eWLXAJeoYFag39g3j43eVUKaLYhKl0HhHywz1dcUTCpoNPblrqYrV6Ozm5bnSQjvLEBh1qidw9cbLUcyF6I3XG9ptoCwWnLwxEa_ZkFxD2AsBMeua2Nkiz_pGiKaUvI2RCNaz_UlFpWe_Icj2ikL1HrjDmRO08aqdoT4Q2HHyvg3aZVq-6LK3exA8Sxt0JRmcPzTxyx8Qu2N_FA-s8NlKPNQ5Vvv24wB6Cy7NkSJyC350e5i0x9WIS2ZjzbmZ0D3ETBaiqsJrtbcqMFNwhzPPi1FWH6PEjcv6wU_filvnvRdSspMCWmHmx4SrfBww16YDNFf6p4WicHtNcd9pkRaYsgiakv3ntJ1sQ-4LB2UgM3_N6jsQwhbeLpCr8zs1QGl0NqEFZBQ5kVIpzes5uBj7RRA3U9V4Gy_8DQHj2htU-f5zfXHSYUQAsg1ji9Nnt0-vyJofXRWdQsSZuZW-Jb73BWN8Bgrzgr5AJx2vYar2Ql0O6XAFmmLimnO_4ikSf9sZif5oshseKndaRi82bPNR68ZCs7TX4gbTdVScDUEqqmzvbFOz8iKLwk8bIoY0J6mL6ZNQ1qv18ZnNYkCjWyrsGXuVtD6wQt0xzkjkr_TQitS6fi1ZBWwzbuGqRRCvnKVKL131xAw

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 687D 0
209 B 49ms
49ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688434469045&userId=vnetac2305d7-3763-4e40-b58c-79645b958670
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:31 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 4F87 85 KB
31 KB 136ms
9ms Script
text/javascript 18.66.147.98

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2194035&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1jx3p5ckpr3zn6er2k93n3xdmjtm8kbbhfn2fgz9mx8radn1hzgcznjjdqmjy21s7j4ncj87hvj1pqv6abwzmvbkahm910g6j0zrs7e49gwv1m6vtj2nygvpvmn8b4hy1b8d5sxqb9v6dfx8zxnfasb6tgjaqbnqk44tvzr7e6f8qfkg769n26j7k98qmgg7v5v2rq5b4axfs41026rtgr7tkxs5rtt0p0nxbd8vvsq9bdwpp4cttmxsxcbcqctakqdg%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdYoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYMoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 12:41:10 GMT
content-encoding: gzip
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 46403
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: gw7vXlTRa1eBa2wUtfMG5GgeOvYAA-oLPoXZOASMAaPHL-J2xOTfeA==

GET
H2 200 link.html
track.webgains.com/ Frame 4F87 48 KB
49 KB 68ms
67ms Image
image/gif 13.41.28.186

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgdedup=1&wgcampaignid=1384975&viewref=oneidrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYMoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&wglinkid=2194035
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.28.186 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: e634cdea6fc8a42921753f7da1799c4719b763400d8891a778bdcc519e43c919

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:32 GMT
last-modified: Tue, 04 Jul 2023 01:34:31 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 04 Jul 2023 01:35:31 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame ED9B 42 B
64 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssqjscUiQACBDsW3ckpUFJeJhN3kjim2AKlJAq0xO5E6MZSu3JxI6iq7yGlG4cZaio1gxSwEqiD2btyMTLPZZdkQywCjBEvOpcNqTthB7_wrBSq-fZR&sig=Cg0ArKJSzHlDTezgLXRJEAE&id=lidar2&mcvt=1040&p=0,0,250,300&mtos=1040,1040,1040,1040,1040&tos=1040,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=2520051120&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688434469879&rpt=1034&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 59AE 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71969
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 32CF 0
20 B 50ms
50ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BlMOJJnejZP2qH_KM1PIP9KCl6AIAAAAAOAHgBAI&bg=!Z2SlZDDNAAb90kgr3dI7ADkAdvg8WnJe-so_Bg940s4T1tMplwnR0hZVKIAdhlezHyBj11z2lIQje0Bl8SBA7mU6T4cubRZokEkCAAACfFIAAAADaAEHmQMJOH32myqDW0NkRsLcYkDezbCBj_ADnPx7oVtpfkXmgsdG5Ui1nTK6fT5haQlgq6IYwVJurDnXqWbqD2DYy-KjirPblVk2yNtto0m9cQDBBoeTZUB-fVDCZQ_a_-toH65tzHZtSvnLK4IgtFelQqNPTL-telNp4mM94M9tCSTjncv24c_Jcyx54A1qyEjcW-qJA55DhlFlkJY56hQpmHIqnX_sI3mycfeW36d1CJ9O4Wun3LgN-ukGIlGNss9hHdVAFOXElfHuI4Om765xrPtX0xA1dJDxLwOaWKHbyoFG5QLh5zK0T5GvLAz20EU2HpprlYSQ7n-B3lgIZdznkRCkfQfi0wQAVcE7cc230ig_oh-rc60_VqYRKQ7HFVa9ee4lpqKI5MYq1Jl2YKVWtkt7OZFamgPnLnZ43BXYW-p6IChI54v1WCqlVFw4OTzsnR3pdcferU-3NhUq06b4psF6_3u8gDUNqBrAXA6vt68DsQAEYkB-PUzva3PeaWs7eU1oaONSAfFKSfP4k1_qZBKglFnI28Kd5p4wDIaLAIcYUREDK0LzH3svxFxCMarY0DgwUfzho8VJuq08KURXc2y4JagwmwwcmUXacf7sB9wpjl0q5udVZUno_Q3vGhgKiMqy7-uBdKG2BUy4gLmtKEDmHXbo1JLiLR8MnuPYRQBW19UCcvKwcGgxJM8EMKQSqVCF9Hk1kfLGioIMwnSWJFFbxp0U95pD5xLPxlRbrDSp0DefoDG5cVFZXanwHuwuW7URreUjo8nLXFG4D3vpfwBJRuvpPaU1KiR_qQXiDSbI4OgS1qe-xolWi83b-OXeBKkuUKlxMVpkE2DnKUI6fsvnjiwpR1V2bQA41k92X1N9RMbUD3f46SgBEsZvpPSRo5PpNFXyGHfnXucyJxlwWfUkAZ6v5Tp31NixERXeGDyckUI9tvO2ha6ggjvxQzDQcZTeWxzH1W_cenSio6K2su1bC0mTBrXPskQWjPVUjx9Z9q86nbYMbhdhjA-yrhAAddsaAqjEYCLWb5vp

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F9BB 0
11 B 14ms
14ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Hhbkog
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:32 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3471 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpP0nJnejZP6nLeWD4gHTxKGQCwAAAAA4AeAEAg&bg=!4-Cl4LTNAAb90kgr3dI7ADkAdvg8Wl-nCSDLlkqDjIAzqs7HWOrCA9a4DPObqCAaSexbDc1shmUb1cKty4TBN0HdBTNoo74dQP4CAAACClIAAAACaAEHmQM5KToCBuf74vjyGZHe1Klu7AdeK6r7x8amzuJlyectH5G4C2j1LvPA_SwERj0vV9DMl-qnKym7MTsF9druRpZ3iuOndRkRPi-PFJO9loOxTcWDGk-5lsrzi3M519oi1PuIJw4Isr0XSS03RtAj5p_BkII3uJq97YOh0KTy5yGnmFtjPsgoR7Rdkes_TWbSte1NmWLuNMgIRgZzY5QBwuk9dx2_MX2AxYxyRj1S5LxiabELrLXXcHIH34QwfTHB96Df-sJQL_2dDOx-6sRQ2dD27PdrqipzkC3xBIAv9j0LTKEwaaqz6hAXJRUnkfhM0X9EgwWgrwVzEkpGNxprgh2jjdjj5r9EHegauqgut_kCgGm3LjE5MVEOd4_IS_ZF-tfPNokirOv3PjuC9XWozuoNCVnQNOMvKyWxq_zUnTj_inDYOHUUOM3FGgxDjdoLTy652YGI_OGhq2aKdp0LwNbGJodh1PyclW0Ao4zgENhwABWHJfGFSkRNT4kjWjLlVTx77COyzTGYv-nDHJsnx24Llj3mqzeJxJLk9NbvquGRF9QdidnV82hPJmw98blLhFjWXzc7dhUeXn_VMM-CqR9FMAXZNVOydg6bXkqv7tlCvzZECs_p7bdBo7WMNSXhMdWxIc82eLO5F2COByarnGS8LGnhCYNWqYO1alwdhppi3e6G1F26cpssPhdh1mpeQesLewwMR2JZazeOwKrDfuV9RaONGh3HIWOk2L2EDkjXFfQNQs8MHYVMGYQsZ15OL2Y5xvSjU7_TlAPDyGVP0KvODcMz73xCvIQ1Iu8JMJCn1R0VUXCoq7QzoDBk2kJyTLVp_nUfRYT-vh1CAFHY891kbr-OCmLFdgrpFGpEFV5XfDyKaCQIpErIVIcTcYgnhKPKbor8rBiuQHm5sqKboAdSreJXFTLA7sRje3KE5axPf6TW6eJOCh8c472MeU-0RaDx9cXdVAHcIvjYOt9HzGNXVgMFr0-ufa0J_1tKIcgzkIQBKzP77eKRdvjFynQsi8jHYS6H-BNUOGNVYXP-qOS7djFQW89GUn2d0zZ7rFvNi8J6LFC0EXPL0XX_5w3yCggwL8_d52QYTHGk

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4C41 0
0 49ms
49ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230627&jk=1047029687176492&rc=
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 687D 14 KB
11 KB 29ms
29ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cd708377cf0cb8d8fd5503d1043b2bee04a0486d38e81babb88fe693acbf5ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11148
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3859 0
20 B 49ms
49ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6978809534426&version=m202301230201&ct=76&x=1&cor=16649778528959869000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E9D3 0
20 B 49ms
49ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3542657005873&version=m202301230201&ct=76&x=1&cor=4327747964730546000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 78ED 0
20 B 47ms
47ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=831181978972&version=m202301230201&ct=76&x=1&cor=5753422534519288000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 687D 17 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 01:34:32 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/i_vb2/ Frame 687D 0
209 B 48ms
48ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/6363a944e4b0125bde9e6739?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1688434472295&userId=vnetac2305d7-3763-4e40-b58c-79645b958670
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 687D 0
209 B 49ms
48ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1688434472295&userId=vnetac2305d7-3763-4e40-b58c-79645b958670
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 687D 0
209 B 49ms
49ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1688434472295&userId=vnetac2305d7-3763-4e40-b58c-79645b958670
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 687D 0
209 B 49ms
48ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1688434472296&userId=vnetac2305d7-3763-4e40-b58c-79645b958670
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 59AE 0
11 B 14ms
14ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?S6N5nQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:32 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E4A 0
20 B 47ms
47ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8301600058193&version=m202301230201&ct=76&x=1&cor=7834955896851066000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jul 2023 01:34:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A114 13 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 16932
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 20:52:20 GMT
expires: Tue, 02 Jul 2024 20:52:20 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 32D0 783 B
536 B 24ms
24ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9fd38c1b77ad81a89025f2fd50f3724227785734dd611dd7b3d518aaf99d084e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FcdK6Cu0kDWey2VQh9XRbQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-FcdK6Cu0kDWey2VQh9XRbQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 01:34:32 GMT
expires: Tue, 04 Jul 2023 01:34:32 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame A114 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71969
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 05:35:03 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 32D0 0
0 49ms
49ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306280101&jk=3190572881593442&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A114 0
11 B 14ms
14ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ItVM0A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 01:34:32 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 56EB 0
0 53ms
53ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230627&jk=1771576481624570&bg=!w8ClwJTNAAb90kgr3dI7ADkAdvg8WqAth_XYx-HrPX355YpAiun0wsmwmShQA3OmlXdfApGi4aHpGBYIv49U0lAB_WjSKryL1mQCAAABzVIAAAACaAEHmQMVrxuN4MysvvZqzk5LocUPG6HASn0e6D1o_1cf5EzE9j5QZC2A6sDpQApXTN7wowh2OVDsYcTsXsM1lqSsIOPhHR_MSuSicga41L0INWIxZyHatuNqnLC5KI4N-5ue-cOPQSVUl6mxydKOt9UqptcvZjxI07D1k8znIURuyjanOpHFQVjh6n65CK5qT5okjzP5gbdN2dBiEu34jbNeBS05aLIXBBQM96htxfg2uCZR-mXZRvq0EMftD0oZ-i_LRrwct-9Bc7TgfsvdtJb3SFRigSXR7fHMbDdylR5NiEth-eFKAUzv_rqbBdVEEy9jaRJyKc-_5zM_Bv4BOYArUp8bFDPsp-7ZLO-P_MEeT9cDJf9N_ISoy_E8ntF7F1GrIpYcOHmAk8ONvpLfGhkU6hc_GjwO3xkbkzLm4jmChU1a-bN3h-aOOO-yQR-7-L_iXiSBFh8oWzJk_pbHNgc4MqlXJthv_z2p1hqcGlr73N47cpfR_b3tEsLX0jT3M0q33m1MqpfsQ3Qx6PSGazC4vO39T12JFkPZysmY6wzYiz7bti06gpCNuPLNG21uIJqbJJ9PFYnEL667iVpUUjIL266ewV26qPDthLzzx2vFmWxNmgDeolRrXN4I4QLlp7mxTNQ9OOlVbildzqwDAE-Hm4E4aa3c0Lr0QtDCpCAHaNl7mNkVofSszptGk6dPo-LPiTygEAknn1H_zjiDJ31lml9N0jsTel75CIA0JeLCEumyZOSJgWcH316YB5vPdR6biYKyrc07sswyybsrxQRQ93ayKucGtMp_GYxOc3aGfZEc39Y9B6XjEC2S7M2U31Izx7ZedaEMesbEIJq1tka5Bl3Jgj6zm4BiOk6OOXEiVmfNjLrEgGtY3jQ7tTSVlkgXvKRZ4hc75KBo2vjSc7bGv1qx0OLnKoeGZoGfOFgygEeS7K2EzXzw8AlJGjZbrwmojb_t1OG0mjQ5SkfBc2-x1cG3-1YWAz8dCFILn6PGmv2XbcP7P75Ccmr14w5ygPINExJ10sQ-inDnY4QdFdcdFXhgj0BtSn3I
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame ED9B 0
0 53ms
53ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230627&jk=3971800441917970&bg=!fH-lfyvNAAb90kgr3dI7ADkAdvg8Wq3RUFzH0w465UOtcCvcZieJGSnKwTLL9wiwOABBgZ4LzOh1agleGc4FlRbpP-aXTmiaJE4CAAABolIAAAADaAEHmQMAiIOOum5F3Kcz8ci2SlMBunQhEeoiIrAKqJV3Z5M0rRbTuIU7PP9eWabfiX8HQWYRjGbek-j3r-sXdXyYJbD9zUa5vv03OyAhji0G9H-ce7gUSnYIozmq0PrtHfq0rza-QvSmEWKgBQnjE_Tj8yakuw_u2lwro-8_QUO8qVsrnX4IASBQ-Tydg7-SibKYfq18QVV-u2zpRN_jV2BiMysG_i4i0X8SANNWGQ18tec-_Kz55_iwgH5PY-jFEK_qUjLSAQCSe_2zbpdyPGcmV1auhu4UBSgvn5k0klepW1QIfuzSvMmIb9IOLS_iGSe6cRewj14BYkCOkOYzeWJXi4VwWgaxXQLRBRIMFGS3XN2KQcHpYs2uKBvMSSeiyHKTN8VV20U1WJBjqsQxPSLMi4UbA-hxzkOuR8gkaKG4XciG_yAYeijlSBKmf23z1Ui2mUbdipYYxi-91sfKbkK1q9r6wYHbt09mk6qx5Euauwu7i14Zo0IqBSX6Z81bKdpSTYWJcBA5NaW2rZjMPIoItZJpEPa-kHkXWdt35jUlGQNVvqkOLsRo1c6ph9TTYolT4Cdpaf9aRSKVhf4Ku4T9PrVmALVZeVssxuZQ6FzmDEnYuSt1anWB0u4JMW2avnyq7IF2r7pWZu2JHcKK67POnt1wZwI453vPPHWR7xm6usda4g83ax0ZPEiKPeKVbd_eGTIQSx98TREqqabRMMHDWrHz1WAG5ohEELHGntx_KYs7dz1bCgSMFHzghE5SkZXU9oVrlsvQeZFUBWfS16gIwasph1eY52-ccOOZcCcRIIQj_JIqWAaBRJZkeenM6ltC2fMF4npGoLNesXMhKhXlrV19UzLf14Qgll1vgP1PZ779WW-5UIQXVxUI2igQE2ZRqWZwSNvG6pDAiex7EbvtDP-3AXRSD_MYCd-YQkoBLKIgbcJ22Z9qG9-ZejkEF_oigQIpRJUzUEQANyY-bMRDiSmm8m16d5fBmazGUVi3mAFEnplxOuygjS2yY97GBQO9mras
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 109ms
23ms Preflight 13.40.20.169

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.40.20.169 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 04 Jul 2023 01:34:32 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 4F87 16 B
209 B 64ms
64ms Fetch
application/json 13.40.20.169

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.40.20.169 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 04 Jul 2023 01:34:32 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 687D 0
209 B 48ms
48ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688434469045&userId=vnetac2305d7-3763-4e40-b58c-79645b958670
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 04 Jul 2023 01:34:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 081D 0
0 50ms
49ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230627&jk=1047029687176492&bg=!jo2ljdnNAAb90kgr3dI7ADkAdvg8WqCi2YSxxd66CVwyp4ML_qHd2cRc4_-q2u72o3dTUCqdA6nJ3h9NUGFD3aFBTJn4klEgXrMCAAABNlIAAAACaAEHCgBD4W2dpcviPUGCP1bHxJ3TcuavO1shEJw3eGhqy7Kl2lnMNsMUk6taJ5HROlKYrD_hsY-cEzLFZXAOc0fW44J6cuex-5kDFa6Fobq0aRUQgOCNQ13fFGMO3VZv2l-NPxXwbMpF5pnk_jSnWS1KmoOevgto2XG6w_sCQNvBA4lvCwcqzK76fdthPl93iU3MALZ6XJGpWmi4O-rqoIlMsaweSQ5-dhtIHRu6AH8xD2-uGbgHjLIDUh5hjwoGUm5vsTx_QZkTCLtpfeDUggLwUfT-s4otYdb81PDZwRrnBDvkuo09Es-LLDl38BeLQ1jG-HPC6I6IsA2buSQohjaSXdQVJZcUeFSM3YYK7GoD95wWOBTHU513-RXs4kWniksDZFOs8S7e2dMmtUpXBdWf0UDDksqd8GJS_aJMjyCkL2HSc8szb19Q1skdc-yBiKjU_lQUI8ZUWskgLBjR_1UvaqlJQ23TqFJQMm0-NJwbLCI_ACRwbQ1pgU3OAGZfq8LyVfvfI_bJLpCDUUkzI7YB77EZerIztzSqErCev_V2MQV_XevsIvk63fWng1tzLIj7IyaSw_QRC0Rgrjd0-L_OmyMyUJngEompZTQCbtNUiCcYvRNUfhu4-8iYjpqBFXpYr8aAr0nqBKkcsUvh2LpJlLPeHCp30o_IeGUgilg5tIFBDMHpLR8icLCoXFe0BKY-si7lsaWX3Ph9h24ii35b298EQTC1AdlRP7INbKDXYbCQoz2yUpClFe3EzpdjN_I4KKZ2KY9sAdxnfKHVJf9xKefAi_5P7fdENlTmRvzk2vUgYFj0Ng67UeOWRtwLr4ng_Kt1SZ2Xq4hegDue405CORX1lt7PFQsfFBJCBigF3s0PMPfC0t9ngQvj3VDvnezqXBLqbcfCMwTf-Y_YZz88ZKXpc6KLRLFz1TEJc2vvzkFtx-b5fYo4G4ieR5-xZEVha5cdpUwpzhK6hk-ZcAEgsINqkMbpYStqYfZRvVJucbxYzrdOcX8vSwr6HKjWIxg-ItgrVKv4nNkfHAH6G3zVgAmPWEDtN2lg-LIoCI3QVg_bXXi2Ub1zG9y8ED7PI26aZwyQLzW8N6ypouo45BWj170VeMENVl3ql3PEb20SItBve1uOhG7fHxwTjquIqA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 687D 0
0 49ms
49ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306280101&jk=3190572881593442&bg=!BwSlBFDNAAb90kgr3dI7ADkAdvg8Wq6LK3dke3_9K3XnH9vPd-1POiezRZDD41Js5ofAwceWIWQcb22cX4F2b5TQuudkV-e-W_oCAAAAUFIAAAACaAEHCgAq9t7eaVkU2KPBDShOsc7tnCmvyHwogeqcmK5GbKSDGZhqTfxH1CdKNtzImQLGOsPewj1V_qDph_B1EMZiF--s9rcBnaPE_gU--k0jG68CmENv2kUrWeY0cEDjlxcU7zb2y-Pxo2TJ2jSNtXTL10DhLlcj0ckLe3kaqicNE0Rm3uRi9kmYmLV5CuIkemxN6OvrlhLsIZAh2H449-qpJiwJVJoCLd7-NyQT0gh-5FdClNtNQx0JRsEFMlGAkx6kKQrFnJATBuQtV2BcT2QSp45FTabJywgfJbgK6K8rnon2Vid0UwVj7aori2rID5zbGicSPeqKwhPUjGXc9uB7OQrl_JhXcVNxzAlPFNcp4swTkjhT4vCm-anomRio9Wbn-moQ94zk5ctt1A4DqbReP9sSVoerIVESHixuzYdbecp1yJh5_FOSt2to46VVFRXf5Da1x_8TtBVxS6I3Wrg3pljjadYt6SZPVVo7IMAEyMtBtmrrbNktfb0Hgnz_GpmtZuVhvE3N_QlzVCIIU90ZMUgkE8zsgMS_jbG8Awxh_4QXltp3PnZEZIwSjUz0Eauo8JMU9oSOj0L-ryzoX2bi2v9cI9e273hpn3o7hu_7QrkDJmmT3U1Z2R9NX137KkPbdvNq16682iN7lV8O7xcajQq664GpmnTehRf4z_90fQqhlOP3i_cD_qAaelV3voBEQisSirGrEW7WjlvsqRXyUZU4ZVhSDw3D22d6Fj48DyGs6ENFjigXVgVBWx9FwO6nDEUDy9LWn_pQTJD938W6t0qCOEt5_BFh5JkfBlNYV2-hoCtAtfSFIDhkkc-9YA2_maJ5OuHdVlp_B0e7qKLlZeW3VVuIoRgNofd8TGncKGjENLxhApFJL277UQrNMbgaQyo2wokTYVHmvaNPIk3F1PWBi312bqDzFV8At4xqocpFLTU_Q0wXxxvqC8iZn8k5Vg77E0Kz_bnHFCTJiWt9xJGQGoAx8zceafrDN3FQp3t5A1kVAIo
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:22:10	Name: IDE Value: AHWqTUnKvL9GIr1HgGWoaExFK7J2_Fevev4UVcNXb25MdVyTKx1WWFJ8k2AEx-soGgk
.mathtag.com/	1970-01-20 13:43:46	Name: mt_mop Value: 4:1688434471
.blismedia.com/	1970-01-20 21:46:14	Name: b Value: 64A3772645D7C1ED4CF993AABLIS
.travelaudience.com/	1970-01-20 22:32:15	Name: _tracker Value: %7B%22UUID%22%3A%22218B7C35-44A3-4CC3-9BD7-DB7CF46F0510%22%7D
.simpli.fi/	1970-01-20 21:47:36	Name: suid Value: 1987F99561AD4CC99396BE570392C16D
.adnxs.com/	1970-01-20 15:10:10	Name: uuid2 Value: 3395433577895837889
.casalemedia.com/	1970-01-20 21:46:10	Name: CMID Value: ZKN3JtHzhkwBhM-FvgQQkgAA
.casalemedia.com/	1970-01-20 15:10:10	Name: CMPS Value: 3199
.casalemedia.com/	1970-01-20 15:10:10	Name: CMPRO Value: 3199
.everesttech.net/	1970-01-20 21:46:10	Name: everest_g_v2 Value: g_surferid~ZKN3JgAWdYNxlQBS
.spotxchange.com/	1970-01-20 13:40:53	Name: audience Value: ebdd087d-1a0a-11ee-8127-1e3504c40306
.adnxs.com/	1970-01-20 15:10:10	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?chOsMq!]tbPl1M>e)ZlrFUfJ+tGXxp)HoL+YD_iU[D]QCcQO?hrRjxRL[8/bdbmD%*bpRzqF1`b`7x56fO
.doubleclick.net/	1970-01-20 13:00:38	Name: DSID Value: NO_DATA
.adfarm1.adition.com/	1970-01-20 15:10:10	Name: UserID1 Value: 7251770830102395032
.ctnsnet.com/	1970-01-20 21:46:10	Name: gid_CAESEBtAXpRBjqLQhYAAiovXrvk Value: 1
.ctnsnet.com/	1970-01-20 21:46:10	Name: cid_db62dd8e63ed4fcdbef28e6d4b0b2142 Value: 1
.ctnsnet.com/	1970-01-20 21:46:10	Name: cid_7a855fe9a93d4824b05a52542c91859f Value: 1
.lijit.com/	1970-01-20 21:46:10	Name: ljt_reader Value: G6_eqGZHdLbZT5OWT6OKsJzl
.yahoo.com/	1970-01-20 21:46:32	Name: A3 Value: d=AQABBCZ3o2QCEPXqt2tO7paj4VsOraMkr5UFEgEBAQHIpGStZAAAAAAA_eMAAA&S=AQAAApoIH-xHQVUj9C9idEK9xbU
.quantserve.com/	1970-01-20 15:10:10	Name: d Value: EAABCQGxKYEA
.quantserve.com/	1970-01-20 22:30:48	Name: mc Value: 64a37726-d847f-29343-8ee6f
.w55c.net/	1970-01-20 22:32:15	Name: wfivefivec Value: 47aTX0oA1QguW25
.w55c.net/	1970-01-20 13:43:46	Name: matchgoogle Value: 5
ads.travelaudience.com/	1970-01-20 22:32:15	Name: _tracker Value: %7B%22UUID%22%3A%22218B7C35-44A3-4CC3-9BD7-DB7CF46F0510%22%7D
.3lift.com/	1970-01-20 15:10:10	Name: tluid Value: 3667927093349338849874
.pubmatic.com/	1970-01-20 13:02:00	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 21:46:10	Name: KADUSERCOOKIE Value: BA59C87A-A8F0-4B11-8C3E-AF1C029B45EB
.360yield.com/	1970-01-20 15:10:10	Name: tuuid Value: d991fa47-e876-4cdd-9090-81c8872b81dd
.360yield.com/	1970-01-20 15:10:10	Name: tuuid_lu Value: 1688434471
.de17a.com/	1970-01-20 21:38:58	Name: guid Value: 1.278017543842744955
.tribalfusion.com/	1970-01-20 15:10:10	Name: ANON_ID Value: alntmItZdPuem7SpBnAoyociFJoMhZcvJkUtZbTZdOLaOijIipsWfG8bqgnPGhgCFIfV4vJsqSrGZbPTWD8WXJXOU7Wqw

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x69807j0b5.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688434469152&bpp=4&bdt=601&idt=154&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=1019039689748&frm=24&ife=1&pv=2&ga_vid=1663004549.1688434469&ga_sid=1688434469&ga_hid=1314800047&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759842%2C31075623%2C31075757%2C44788441&oid=2&pvsid=3190572881593442&tmod=1742401616&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.okum14cd53g7&fsb=1&dtd=167 Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://as.ad4m.at/ad/dr?ed=1gxp9bvx45prbx5xcv28rrhgj9jmnte2j733q5gh7t3zyr2kzn0p1yzs3kfqpxgshnsq0gv36jr6cwfdg6tyx03ngz809b7fbf5733z5qtd1zbcqbzmpmkggrktsxy6c8krfwd5f8bqw0r74qr38s8r068j48xpv32ke8ve79r5t5sxb69abnrc8hwzbxy0mvegedeb57z8d2nkdmp2q3aw34ga91hymgz0kmn2vtr7r1rrnnfmgddzrxnt57de1xgz23a6ktpe2xd0cbqvp6n409anr2vqtykghyrz5bvcf2rxes0pz2avtg3fajyy9yzw44f5y828k140wn1crccf6bw79d4t9qj9pkg8nfk82ndqk088m78scb17yqabz04v9h3fnyykws2vk5gskprgccznwaabsxtzd7e0hepv409483847ccpxnhdp0k9zndyk0rk350&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%26client%3Dca-pub-6593523210010154%26adurl%3D Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://as.ad4m.at/ad/dr?ed=1gw06pqymg36p5t8p3eer7dvqkvh116nza3sxgva84mva4rjfawq3rxhsq0t09jpx9s4m2kxney5tq7281k76r7rx9nvvz68kpj61hpn9256k6bjsw8ktcxekdba4stz2v9tjjsjc1pxg35w60nqe8frcn6e5449td01cy9arekck9n04vw59vfeps9b5fdfkh62p77vscn7183k41cxdswwzzkzde4dxjtpjha71kzbspvcjztd6h18fdg53zfk8kxty3dykjmmnzyhk19817tr629ty5mhmhd90ewgrqv5fpq175vhr46bpjkb4xbzw35g0kaxryz9m6kr48hgsgzw2b79k17tjfmbqg6f3gnygsff5h13jdjnt4y8dbh4f9hv6vrj4ben3sgezndb222g8cm99ghcb0wmb32r3t812f6jgsve748rjkafn0b64914kceh7n00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%26client%3Dca-pub-6593523210010154%26adurl%3D Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=197862&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW&c=320&d=50&e=&g=8762eb1712a26ee3b9694bc8f2f9f0bc%2F14432925441392775156&i=71725&j=21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471188&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0 Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=117569%2C19769%2C183975&b=k7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr%2CrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM&f=zR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM%2CP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY&c=300&d=250&e=&g=86636c6cb1248755f86676eef2fcea75%2F8621036685816644122&i=29981%2C21630%2C20597&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688434471451&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gez5epg57xs7etn60z3g8829as12fef30f6y1gp1s8sw0eca4jvx749mw44k5smsfatsm06kqf3xhx4r47aatezhvs0hc1f16152h3cp56rq8v562kz9me8b69rjtbv2knee78wc3djbdrfjc9y988wye24dayz4t6x1q8p94781fdf7pw9yf8wq3ftfpfxd63afsman050dc6p0jk4fmj6drgh9g7aw7f64v1awzqces8spq58vv98xftn1w8ynq0caras9yne34dcsbdxybakcg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJeTVJnejZKjNBrLR7_UP_Pm42AGQ4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLjfwgKgU2yPqgDAcgDAqoEsgFP0NiwtBzx_N2s2tv0fNqx6itB9Rexa0cCg59MqRoNnIsotcLj_ubpGLxo84q3vl9YJBIusEbqqj6L53QKTJ0oVHHjnSQVSz529RCNywh5bMjlBzItu43H2AVTQb9XtzbZdYqsH6kzuGLATvlg2cHzV9Os0N5S4J4XdN4DoKrqbZ2vAMAUyLZlxKn18ND6_-8ADno7obcyKyqm7rdVASExypsuMiEev9_i8Pay-WfFagzQgAbch66vkMWU2nKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0f7KhzKyMUad00JdjqyCYMqajJmQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0 Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
network	error	URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1j2tqv94krxfwb7rgzaqhybb6d71ndj8g6bg31g0at9bv5qar8evbhwnrd1385hapg8evy1mtexh6n89k7cfmmpssft535nwaq4xsz32wap01397hdavmvj04h1mh3gmnbz68y70xzqh179cgp88qb9nwactnks4xt4ezjy3858p79qqqj4nnsfns90m4g9vg74229thmb18jqpan2f2xjgg7hcc5m6qjhthbafxm4w6dsa65tcdxfk2qs3q8y51pzcz4%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1jrr6r3e84dr4516b0pw4w2g9n8bv01q6s3x9dee6pm51vsxs4c3qx9te07sts69h0ch7tq12qpnvrsxqfaarzhy63cbsfrnfs95rt3fjs91r4wrgsygbm5k1hxn1awk4e24pm1se98dq2zdvjndnhh6ydqvwdb65b75jmfyy1qz7dm0dr3j8yws14hvywv0hshyjtp1pe3sg8p9ky46f9d5m217s52fj783vzs343bnk6tb9actwns2ahmnb6dfkpfkz2mjpk410yjg8t5s6x6spg%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCWup9JXejZMywMp69iQbjuZHYDpDhgYRctqjCivACwI23ARABIABglYqegrAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAhAszLCMT7I-qAMByAMCqgTWAU_QcQUBWpEyZL_VDTTX2CIG2NGfIAdmAYagVTqYIhu6mtCYN9MZ1HugFoor1kYaV8CNCmDbkq68viuWKacn2u_rNxI0F8JJnXqQua-grWu_TSJ_nJFDXnXy9sUrxO4DYQH59_McMw6tBGkYuWanaJ9LioMTtZmMu1jUkckbQHvh964X07gN16iPXVe60x5BGkNrribHnWhNknVXfSluPx09wzq0mcltfJbJDOCIml2wz4pNyPZ2hlz4S2Pqn2rx6AFkLUa-VHs90PO31DQT0CI-rcXI5IWABrHCidmg6dXLkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_06LLBma4Oh9H4Cmv2T_DvATx4-OQ%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY Message: Failed to load resource: the server responded with a status of 429 ()
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
a96c02822ac5a5c48abf671a4ed75e0b.safeframe.googlesyndication.com
aax.amazon-adsystem.com
ad4m.at
ads.eu.criteo.com
ads.travelaudience.com
adservice.google.com
ajax.googleapis.com
analytics.webgains.io
ap.lijit.com
api.webgains.io
as.ad4m.at
assets.ad4m.at
c.amazon-adsystem.com
c1.imgiz.com
cat.nl3.eu.criteo.com
cdn.ampproject.org
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csi.gstatic.com
csm.eu.criteo.net
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
match.360yield.com
match.adsrvr.org
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pm.w55c.net
portal.o2online.de
pr-bh.ybp.yahoo.com
prod-rtb.ad4mat.net
rtb-csync.smartadserver.com
s.ad.smaato.net
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
securepubads.g.doubleclick.net
static-de.ad4mat.net
static.criteo.net
static.virgul.com
sync-tm.everesttech.net
sync.mathtag.com
sync.search.spotxchange.com
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
track.webgains.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.awin1.com
www.cloakan.co
www.google.com
www.googletagmanager.com
www.googletagservices.com
ye-mek.net
104.102.45.165
108.138.1.25
108.138.9.235
13.40.20.169
13.41.28.186
141.101.90.97
142.250.184.194
151.101.2.49
151.139.128.10
172.217.23.98
178.250.1.6
178.250.1.9
18.66.147.98
185.29.132.245
185.7.176.221
185.7.176.222
185.80.39.216
185.86.138.154
185.94.180.126
198.47.127.19
2.18.161.51
20.60.220.36
213.155.156.185
216.52.2.6
23.206.208.114
2404:6800:4009:832::2003
2600:1901:0:76b9::
2600:9000:2057:5800:1b:5138:8a40:93a1
2606:4700:20::681a:61b
2606:4700:20::ac43:4a81
2606:4700::6812:18ad
2620:116:800d:21:b314:a0ef:ab7c:d546
2a00:1450:4001:80b::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:812::2001
2a00:1450:4001:827::2004
2a00:1450:4001:827::200a
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2006
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2002
2a00:1450:4001:830::2008
2a00:1450:4001:831::2002
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:d::2
2a02:6ea0:c700::18
2a02:fa8:8806:20::2010
2a03:2880:f083:100:face:b00c:0:3
2a05:d018:d29:3601:40e6:3444:17d5:43eb
3.71.149.231
34.102.243.38
34.91.62.186
34.96.105.8
35.186.193.173
35.190.0.66
35.241.45.217
35.244.159.8
35.71.131.137
37.252.173.215
51.89.9.251
52.28.152.8
63.33.106.238
76.223.111.18
77.245.159.14
85.114.159.118
94.138.206.83
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00e6f13fc31a2651a378aa6ff48ec22051889f33451f28e7bc5e22fc50517ffa
011ae79c8f02dd0f21d32a8cf0a1e5b9844958b27afeaf728f4b96e4c02d85b0
011e3c5d05b1f8220f59241e57ac65c49b382e8ed8eff99149e2eda18e36a660
0297f5dcd4a513141b8af8cbf6989a5608d7efa50d260a925d1d7e3b00779283
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08ea981d8e95685d3e51862b19b49ffad381b140f8389b86658b47b5eed2b0e9
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
11586ac07519877e58b462cc6b49b06d0dc943dc4687fdc62012a5a5ed9b982a
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1295fa3725826bdabdebec90b902a36ca9e3f91b741dd13c8d52dbd2f9f2f392
1423d079d6951e06854e878a00e88ddd4cfb3f323d5531ef45c2c3d5a8494a14
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1c046272a431083c0a10826875f1e10ae24a417d9be4ad2502ed25e3b3f193e5
1c9af0fc292c8fb8f9dc82487cf57b1854797659160b14b7afd9566c7d068c2c
1cc0edd260beaf907ec352cce5412dbd6b3e59c1686f561c798942670a706dfa
1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986
20dc60e8301bdd09821099c5dcdcf491bd85bff57412af9d1af5da82b57f5c89
2180f29f86c7567e451861d1c1db1df4e665191dbc790c421a2b168138336f3f
2214a9c42ac416d027c9814595f62b198356d64ee8eebd6cef1ab5ba1def247d
239a2494900c90f6c4e1281d2dc78298d29e017d847c361d74068e8df92553f7
242336f1cb2351e4c84680154c2893179d5dc82952962d9a48b54919d746fa82
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
2754d47be946d2394bce4008332826d0491b510a2a624ae6609d042b143732d1
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
279e1166ebe0e7d7d3aa3f8ffd9db6569495f0f4d8b9aa8fdc468898f449471c
27b521443caa2567c561c9a2bd377929f40cf7fb68113ccbc4b42669c6841e79
29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2d007ead397222e77f19087194a07285000fba7ee4f4a32b4d0872ef83a6d6ed
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2efed30acdac9725b233f6d3d5bd8a16a9049980ceaa91525e061cc9c63da1e3
2f00c7b5956692521c8f769cdfbfc7e6fcf45d8f3db6d83667b09437c6440286
2fadfde5b4ce735fc466b9939d62d74300a90048395f1ab819fa4b677fd51eeb
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31e62e0b092bc9ff94b2b8e841ae9305955b398a7cd80116a4d79bc9fe3b6e39
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
33546667387118293c17136a7458e5ffc39508efb20c36c2865984de46ebfb64
34178d0705c247800674bc34dd95685b063bbf0cffea9d9839f6c1c9b922beca
34df1fc65d0ed952af799e8d836268682bdf17dea7d3e5782d98010e6c5a8f32
3654213c39e9adab0c2bffdf2a1fb69a908d2197bd8fb841beffb5736e0feaec
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5
3a7cdd2a8d457a3a736abdd116f27948e56ad18163f6f31bc4191240fe28e312
3cf33fd1cc895fe26505c0677f183cec819f5d55d54905a1adf8e95322d67c19
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
418c1cc5e3fe5dab64df68fee91403c4af6a0b5ee68f12c2717956b216b08b8b
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
44923cbc87f6f2a893b3b8d0e884bd096199631342b7e513ba4d27630d3ce96a
44f355531813246fce967bdc9533bab991e584a16551ec13f47976677c582be3
464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
48544d39ceaebb01d8e31886a19c82330f02125740397558bb0baa16b81b8c6f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
51695d3e425aad0d3483d87b7c63d61df42e28c82d6546094f4cd1588563c966
517c03e0d842cccda1bb3cd0c59fc1e781446b831451a1d30337fbe0b4fb143a
531efcf467f07f13139ede98550d0e1a5f4e047caccc429c803c9458980a0e95
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
549667bd2dc0f6f1bb069fbe4151ebf664f6167be869d8b83032c0019a6e00e7
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55fc10baa9c6fa8d98acac31beba1be0e8f688344f243dea838b5b03e8566a3c
5687b49f792b9dd66f69e7ff2b2365ae5ab3dfb950f97e492a540503be95c201
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5c70172d4ad97655536201f9b23792318497c7367cd9c5d546f67f19efeecaae
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5d719df8da55b9e8934e65f0fbc552f25b4809a36b556ed040a67307af9aa8dd
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
626f0a9606723534aa328beaa16889e571c7dccc4246585ef4cee9be40fe430e
6340ab066c8cd3fc0ff1e47b254690638b7481954f793601c5602be5c7692f8c
65676ff9ee174f1af8dd161a2b306631500e0e3ee01ace918e221312048e9bc6
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
6b41b586946c404982358fe98c015efe9d740ae31f72d34d768c717d8926bdf9
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6f741883eafc84067b80014e53fbfab2505aca4f7cf767b17404a291fffb79d4
73de152e783d2f1297f5f7857379d5199ae759521c350c8618a30ee4f9d7e641
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
747e78abf4d234d1b7a713ee07dddf20296f3ee8ebbd9614d282490973ecff2d
75743518d10d4b4a939717f66c07ef13fb128590c0b05df5c26835efa5280c6e
766844777d1c16918b612d47d36ee72c8b15083f988bac0db7634f1d26bc76c0
77aace1012834225281ef239701f7301c9091869e57dab53628989e077387d73
77bbf7efde19c9a4c8a6b0513338349476501aec1de78095b10cbe5c9b777c1f
783777ff49b215d0f16502c394d35502c858facb8764b9d843ceb5a0ec30423f
78aa3d973a83de17d8b856934f19a2613483fbfd3cd2b6c5bc50865014924659
7a079e7d766457ec7d397c3cef3fa4a0aa7c5a35ebb520af2930af90328a671d
7b74b15c0e0224974c8f830453f4141254e43fc02d4d95a8bce9c1a27a893079
7bbb373c95c90c780398890817fe677beee013e62f55b6e0b380e2bf0889be46
7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6
7d87e621c2c2c2cfcfc431c608767e17a1f91736735f7c04cf6713e836147dba
7e670e5f819950774edd58a50abd7e6e80944b5f03816401f31cb033647d2033
7ec2e49faae65cb7cfb9d3b5609524ad107f66ad078700ed8ad64034e6193006
7fa3bd9fb02adcdbda79e6f4bcd98e5a34d60e3d6e1a51fd4e00e8ea36a21b97
7fbf81e0d97d6e931c400c9836f733321913decf16e6e630ae8214f80dd8f408
80add1529fb0d0a80d813129431305fa1df527dfcd4d8fa32967ba637d74e9a9
8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8
823fd2204308d98480e57c5339e3daac7f7c56c4a0883500e6e4661acba1cda6
82b26c270816480cac7ae6e6b713f4aa513bbfa78e68d5b6d2230ba9eb055519
8422accd63b50611bf9ed50b6a22c25e1f9ba18c3a2ee7b31ec3acd5f64d661f
861e4cd27539274eedfdd65212a140a4c7ccea88e004d23f5234e4db48bc73ae
879d5861c9bdf530e2c9a5194305a8753fc7d7a198fbb487d6535c994e82a19f
88abee10ea1626789ae41a246158168c94caf72879469f8ba5eae2e1bf19953c
88cb60b4d44cd46c08ad4fe0df8e4f868a7716688df347443fc7f4b905d1933a
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8ab758e32437cf86d59e683d808940365c56bf6893f391a96d19e731b21bf154
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e2b2033aae5f2ebbc9b92291c3cdfa7a084429d21d85b382e39dfbd875b5f55
9293a96016a7c949a07a2c83d3ac8e460c11c7ecbfeead17c2d24e7532174bd5
943e08cd7ad135592bbe2eda7f465c6a8fed653d149c41b5987f04da0888a00c
94e9321831e01ad49d1d6804f118ec824b87038aad6ac50742c2e8cf205395f2
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c63890b7f3f2e513fa085cd7b198f9ab91721a9e8aa7180806ff4aa7b4089a4
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9cde07e0bdd0ecb6e244f72f7fa6f945dfa947d9372f3927ea04c438a0d76c88
9fd38c1b77ad81a89025f2fd50f3724227785734dd611dd7b3d518aaf99d084e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2b9eefee68fa18c6be3c3bbe11d769b5affc01b84ea94c7ec68ae4ffacd858a
a3883d74e906a15c08308ad14d81f875d2c210859d3436b675f718570c6f937c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
aa2d302ba2a2f679282a87b6d28dcea5bbb18c63ecc717760b536032ae2ea8eb
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af
abfe6a17fc75d4b26c8f3e39ec2ce6b16c89dbf538c25f38c5dadc2667234060
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
af072f764b9cf3c397b08f0e8888f4dc61147d00285c7ba90cf9aca0667d6848
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1701639174cb872a535071c10f17980f509ef1588d3a06bc7f8aad5ef0d25aa
b366b8aeb477e04ef8176170034055bc785f329a659ccb6d24bc0a00d2a59b96
b59eac802f22e81565b88541435cdcbc56420edfffb4c8de07456b41e038e958
b5bfdb5e4886a5d739b60e2a8938706714242d4e9a68cb77281630a3e518faad
b626cb98565e377b5fbb449fcb91acaaa421a333bcea9850b70ac58cf9fc4432
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b6b207c7f5820a9c411b81f18dbfb1264550bb0f8bfe26a181006b6d2f781b30
b7166e72d779a4ff0ac969a105e33836fcec03f9f6cc7553b21ab325cedd4ac8
b82ee30b16922c3d43b7e6f8c0c409f596572f4cdff2355e404844c8dc62fee7
bd0cd6d78264020d1bd0a622ae3d2fe8bc40d0bd259efd901ee88cf562f4bb66
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c145205eb5090e66757c98f489cc75049eb7d028374d62418eb7660ed19f1548
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c520c279fc2dab5370a0172bba2353c3c8f0320265a2e268abffd694dfeed4e4
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9ae2761b78607391d6b040e243e3d3fab19c88ce095a90b89d624c3181f5ab1
ca53194ced6bf23bde494f1c6f60f9f68d9315fae31295a6c43f63bad7963abf
ca9c4b37e0e69ab3756510a5181fa8e393f2e381b3f9ae562af5adc2874d1337
cb52111dd9f956e7d4e7aedafd0bb0f1785509e9d242eb245a82f1a165e6462a
cc2018e9cc0f6a353e464a32cd128136bef9b6ecc3c099ee578d6bd8db2cebd0
cd708377cf0cb8d8fd5503d1043b2bee04a0486d38e81babb88fe693acbf5ed3
cd9d10e0fb0377bf2e9383b083d67c40b08993f3ade2fea7b97f13799ef971e8
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d06cd5aed21befc16f2c9df19e22088c1ef6d741fa05a10256b1aef2eadb79e8
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f
d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942
d8b4887a05128d173df033ad7b0ecf00bba347394d67b8800b831a90dfeff00c
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
daa2c52cea0d20298e0bd68c7b48b7ea5ff219b07c0e281d42ea88d2379ab494
daffc7fcc9b29db5ccb50c31f317749cc2127c773b9f45f6cc7f247a073f3483
db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b
dd7419ac2c04d1920350f6b486f662f299717fb2b16b14a824f61cc4a362ad0d
dd9f06a91522ceeca21f0569aa28b2672f05e08e4cd2d8cd8927f1055b9f5475
de9ba43245468758a82e5d578144ef63641d63158b7a2caf4cbbc74c0f2d1e9d
e00b74109d6acff2297e0df091ba38919e0d36a5495d1239695a15cc5d7b21e7
e041f359812b31ffb3d561c106435550a58d86540a0262a93e6e462624fada6f
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e333cb1305d380d1fea95d56af2665209ad86d60e8df0d3d0b1d6aba56d5836f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e634cdea6fc8a42921753f7da1799c4719b763400d8891a778bdcc519e43c919
e79d9ce4ec4a4cd40f50135db771dd46f9a1942556459ca98695c3d07b69a9c2
e7d8342248029f1df308d3f2cb02a6a7a87714307aca80532eb853c198cc92f3
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
ea6ee12fdbac4382e73c3b00218c3fc4187c9e6db19b33bdae6972cb894738d2
eb8e687f8ef4d4838ea77f88aa15f238529f8273aa2d22b7efc8ff18460f7757
ebbe746368e0ba512f0d712c539e1a8cda25100af45df0c2cf185e3ed8fa2002
ec63560c7bd59e4ba1050edca85ee787063217b4e1a67920c0a2789b263d7b71
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3a6cef3c8af50dd4b8e6c84af98d1b9a6acb716a038209d59970ebdb15302c
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f804f604076c09c8076152de029283476bb1d725558001440e6de8dd5d2acfdb
f8a432f5565f3fbe58ea73cf84a66bb75b879376d7ee9b5fcc3f0b28be8d422c
fbd8f8954cfe33bc7d50ea3d6510120231b5fd91a00812bde70039ee7b73fd81

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

478 Requests

92 %HTTPS

40 %IPv6

53 Domains

76 Subdomains

57 IPs

10 Countries

9241 kBTransfer

17474 kBSize

31 Cookies

0 Outgoing links

Redirected requests

478 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

478
Requests

92 %
HTTPS

40 %
IPv6

53
Domains

76
Subdomains

57
IPs

10
Countries

9241 kB
Transfer

17474 kB
Size

31
Cookies

478 HTTP transactions
14 data transactions