hesapmakinesi.com Open in urlscan Pro
137.74.238.33 Public Scan

Software

sffe /

Resource Hash

f32b787aaf35f42eb57c0071995abe5aaa626e8a2bb3f6b850f27799f83b70ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "867 / 703 of 1000 / last-modified: 1620425327"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21210
x-xss-protection: 0
expires: Sun, 09 May 2021 20:15:36 GMT

GET
H/1.1 200
OK jquery.js Show response
hesapmakinesi.com/js/ 68 KB
36 KB 60ms
44ms Script
application/javascript 137.74.238.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://hesapmakinesi.com/js/jquery.js
Requested by: Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/
Protocol: HTTP/1.1
Server: 137.74.238.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ip33.ip-137-74-238.eu
Software: LiteSpeed /
Resource Hash: 748a12dcd56cf75f4cc1ff84f373d564fde1222525ed58c47ee5427ec08ceca3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hesapmakinesi.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://hesapmakinesi.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:15:36 GMT
Content-Encoding: gzip
Last-Modified: Sat, 02 Dec 2017 16:20:11 GMT
Server: LiteSpeed
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 36160
Expires: Sun, 16 May 2021 20:15:36 GMT

GET
H/1.1 200
OK hesapmakinesi.png
hesapmakinesi.com/img/ 5 KB
5 KB 30ms
29ms Image
image/png 137.74.238.33
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hesapmakinesi.com/img/hesapmakinesi.png
Requested by: Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/
Protocol: HTTP/1.1
Server: 137.74.238.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ip33.ip-137-74-238.eu
Software: LiteSpeed /
Resource Hash: 8b1bc2be2ee21f80e6ebbd63cb7b830931f828b19b2010f7294d18a7b0bb01ea

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hesapmakinesi.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hesapmakinesi.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:15:36 GMT
Last-Modified: Sat, 02 Dec 2017 16:20:07 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 5268
Expires: Sun, 16 May 2021 20:15:36 GMT

GET
H/1.1 200
OK x.png
hesapmakinesi.com/img/ 110 B
402 B 64ms
49ms Image
image/png 137.74.238.33
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hesapmakinesi.com/img/x.png
Requested by: Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/
Protocol: HTTP/1.1
Server: 137.74.238.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ip33.ip-137-74-238.eu
Software: LiteSpeed /
Resource Hash: 6f064b11007507ecebb88b25c6b21a41e51189b079c5a30342c8dc8950019c0c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hesapmakinesi.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hesapmakinesi.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:15:36 GMT
Last-Modified: Sat, 02 Dec 2017 16:20:08 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 110
Expires: Sun, 16 May 2021 20:15:36 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-35586993-1

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

88a7727fc497637dba5fcad6a1976e38a21fae4d20f115d655407a56f6c6ef82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35813
x-xss-protection: 0
last-modified: Sun, 09 May 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 09 May 2021 20:15:36 GMT

GET
H3-29 200 pubads_impl_2021042801.js Show response
securepubads.g.doubleclick.net/gpt/ 300 KB
106 KB 64ms
31ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c2525b3e7631f2411872aac663bded4c73bd4e4f26182862b28db7f406d1c61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 28 Apr 2021 08:37:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 108145
x-xss-protection: 0
expires: Sun, 09 May 2021 20:15:36 GMT

GET
H2

200

sdk.js Show response
connect.facebook.net/en_EN/
Redirect Chain

http://connect.facebook.net/en_EN/sdk.js
https://connect.facebook.net/en_EN/sdk.js

3 KB
2 KB

6ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_EN/sdk.js

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1797892196245074a20d09a26769c4dc9e82ccc4aaad4a0d8cb859fe80a943b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: d46zpSh5vfqHHUjdNVZVOw==
cross-origin-resource-policy: cross-origin
expires: Sun, 09 May 2021 20:22:36 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: JuS1y33Z8NH3Jb5xOqVDn4JcpqjN5BPx3dwbA2D10JeOB+GxyhY+indHLUAHJyI/zf6em0vp0v46R8JPL63RkQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 77d3a2691e42a7ea0452c469915a88ab
date: Sun, 09 May 2021 20:15:36 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "08651f859c3714eb4e526f75127dc36e"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

Redirect headers

Location: https://connect.facebook.net/en_EN/sdk.js#xfbml=1&version=v2.5
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK ig-fon.png
hesapmakinesi.com/img/ 5 KB
5 KB 38ms
37ms Image
image/png 137.74.238.33
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hesapmakinesi.com/img/ig-fon.png
Requested by: Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/hm.css
Protocol: HTTP/1.1
Server: 137.74.238.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ip33.ip-137-74-238.eu
Software: LiteSpeed /
Resource Hash: e997e65dc0cde45214e3d3a2813f2f730730a643063e5585a20be58f494ef6a6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hesapmakinesi.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hesapmakinesi.com/hm.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hesapmakinesi.com/hm.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:15:36 GMT
Last-Modified: Sat, 02 Dec 2017 16:20:07 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 4760
Expires: Sun, 16 May 2021 20:15:36 GMT

GET
H/1.1 200
OK ig_button.png
hesapmakinesi.com/img/ 1 KB
1 KB 253ms
253ms Image
image/png 137.74.238.33
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hesapmakinesi.com/img/ig_button.png
Requested by: Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/hm.css
Protocol: HTTP/1.1
Server: 137.74.238.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ip33.ip-137-74-238.eu
Software: LiteSpeed /
Resource Hash: 942bd31d0e5b355ac023a4a63fa0851875bec9337c16dd1bb9a4cf87db167e57

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hesapmakinesi.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hesapmakinesi.com/hm.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hesapmakinesi.com/hm.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:15:36 GMT
Last-Modified: Sat, 02 Dec 2017 16:20:07 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1219
Expires: Sun, 16 May 2021 20:15:36 GMT

GET
H/1.1 200
OK hm.js Show response
hesapmakinesi.com/js/ 5 KB
3 KB 30ms
30ms Script
application/javascript 137.74.238.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://hesapmakinesi.com/js/hm.js?v=1
Requested by: Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/
Protocol: HTTP/1.1
Server: 137.74.238.33 , France, ASN16276 (OVH, FR),
Reverse DNS: ip33.ip-137-74-238.eu
Software: LiteSpeed /
Resource Hash: eb59c9b14e5430ea3b60e4c44e90554d3e286c60276516dd866120508058efe1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hesapmakinesi.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://hesapmakinesi.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:15:36 GMT
Content-Encoding: gzip
Last-Modified: Sat, 02 Dec 2017 16:20:09 GMT
Server: LiteSpeed
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2974
Expires: Sun, 16 May 2021 20:15:36 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-35586993-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6524
date: Sun, 09 May 2021 18:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sun, 09 May 2021 20:26:52 GMT

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 213 KB
63 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=1be950e5a5d81b1f9bb7810d35624b83&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_EN/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

36003f036c56d7fb27b91586f146eb64682be6e6723dea3977f53e51160c3bc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: http://hesapmakinesi.com
Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: H0IMbv/hzYuWC/wD2/G8cw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 64498
x-fb-rlafr: 0
x-fb-debug: elUlB1mXDpdciHmzwNJfUhrnbb7xy4H2QiF5QMHdkLbwRt2Zp7EEBYNWsJWWCH+jgtywLx0qqIwlwL6a7PZ7iw==
x-fb-content-md5: d08f120bd28e0692cc9c2d28a0f411fd
x-frame-options: DENY
date: Sun, 09 May 2021 20:15:36 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "c187342bf98d1627ea6f67670e1d5ac5"
timing-allow-origin: *
priority: u=3,i
expires: Mon, 09 May 2022 18:22:44 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 26ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=293767750&t=pageview&_s=1&dl=http%3A%2F%2Fhesapmakinesi.com%2F&ul=en-us&de=UTF-8&dt=Hesap%20Makinesi&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=2089661745&gjid=692945032&cid=1252599531.1620591336&tid=UA-35586993-1&_gid=2017029131.1620591336&_r=1&gtm=2ou4s0&z=1096929870

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://hesapmakinesi.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.be/adsid/ 107 B
799 B 35ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.be/adsid/integrator.js?domain=hesapmakinesi.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 37ms
16ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hesapmakinesi.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
9 KB 364ms
364ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4001160912563051&correlator=522057209087564&output=ldjh&impl=fif&eid=31060783%2C31060842&vrg=2021042801&ptt=17&sc=0&sfv=1-0-38&ecs=20210509&iu_parts=65969644%2Cgeneric&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&cookie_enabled=1&bc=23&abxe=1&lmt=1620591336&dt=1620591336478&dlt=1620591336189&idt=268&frm=20&biw=1600&bih=1200&oid=3&adxs=320&adys=364&adks=3532993813&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fhesapmakinesi.com%2F&vis=1&scr_x=0&scr_y=0&psz=180x600&msz=160x-1&ga_vid=1252599531.1620591336&ga_sid=1620591336&ga_hid=293767750&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

12fe70b1ef1aaa6609f34537e81ce40824f2c8c50ccfb5bfb493814b8c6fe291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9172
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://hesapmakinesi.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 29ms
13ms Other
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 25ms
6ms Other
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
7 KB 741ms
741ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4001160912563051&correlator=522057209087564&output=ldjh&impl=fif&eid=31060783%2C31060842&vrg=2021042801&ptt=17&sc=0&sfv=1-0-38&ecs=20210509&iu_parts=65969644%2Cgeneric&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cookie_enabled=1&bc=23&abxe=1&lmt=1620591336&dt=1620591336483&dlt=1620591336189&idt=268&frm=20&biw=1600&bih=1200&oid=3&adxs=525&adys=436&adks=3799548520&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fhesapmakinesi.com%2F&vis=1&scr_x=0&scr_y=0&psz=770x1755&msz=728x-1&ga_vid=1252599531.1620591336&ga_sid=1620591336&ga_hid=293767750&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f3b60a80ca8604625e65ed2a32970626c36730d6cbf40097ca1bc96a3e6041

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7588
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://hesapmakinesi.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
7 KB 979ms
979ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4001160912563051&correlator=522057209087564&output=ldjh&impl=fif&eid=31060783%2C31060842&vrg=2021042801&ptt=17&sc=0&sfv=1-0-38&ecs=20210509&iu_parts=65969644%2Cgeneric&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x200&cookie_enabled=1&bc=23&abxe=1&lmt=1620591336&dt=1620591336484&dlt=1620591336189&idt=268&frm=20&biw=1600&bih=1200&oid=3&adxs=525&adys=1413&adks=2055481740&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fhesapmakinesi.com%2F&vis=1&scr_x=0&scr_y=0&psz=770x1755&msz=728x-1&ga_vid=1252599531.1620591336&ga_sid=1620591336&ga_hid=293767750&ga_fc=false&fws=0&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

cafe /

Resource Hash

07d2d1e1e4606b1f98f96fb3b72c0371db1355adcb89c9ae66e1962d68ec9f10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7604
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://hesapmakinesi.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 like.php Show response
www.facebook.com/v2.5/plugins/ Frame 863B 48 KB
16 KB 90ms
89ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2612749ff42b8%26domain%3Dhesapmakinesi.com%26origin%3Dhttp%253A%252F%252Fhesapmakinesi.com%252Ff22ec5e8c1b87dc%26relation%3Dparent.parent&container_width=360&href=http%3A%2F%2Fhesapmakinesi.com%2F&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=1be950e5a5d81b1f9bb7810d35624b83&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

89ce6debb0d3505a3f9490e06a5de09bba9ea4aaf141e518f7865edc1ecfefac

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2612749ff42b8%26domain%3Dhesapmakinesi.com%26origin%3Dhttp%253A%252F%252Fhesapmakinesi.com%252Ff22ec5e8c1b87dc%26relation%3Dparent.parent&container_width=360&href=http%3A%2F%2Fhesapmakinesi.com%2F&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hesapmakinesi.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hesapmakinesi.com/

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-encoding: br
facebook-api-version: v3.3
x-content-type-options: nosniff
vary: Accept-Encoding
pragma: no-cache
x-fb-rlafr: 0
content-type: text/html; charset="utf-8"
x-fb-debug: KymEIFVywiDRO3w/vQUbzfrrj+5pReuzoklMlZwb5m9q46lIfK31zWvs1vazmkWkw63TeGqwYhZJEDAAl6aHDQ==
date: Sun, 09 May 2021 20:15:36 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H3-29 200 OqOE21UvWe3.png
www.facebook.com/rsrc.php/v3/y5/r/ Frame 863B 400 B
449 B 7ms
6ms Image
image/png 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2612749ff42b8%26domain%3Dhesapmakinesi.com%26origin%3Dhttp%253A%252F%252Fhesapmakinesi.com%252Ff22ec5e8c1b87dc%26relation%3Dparent.parent&container_width=360&href=http%3A%2F%2Fhesapmakinesi.com%2F&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=true

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2612749ff42b8%26domain%3Dhesapmakinesi.com%26origin%3Dhttp%253A%252F%252Fhesapmakinesi.com%252Ff22ec5e8c1b87dc%26relation%3Dparent.parent&container_width=360&href=http%3A%2F%2Fhesapmakinesi.com%2F&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug: g9Oyo6H7tPK8KZ+7mFO2JbEnFpSlxdqJuWzkIS/L9CDVrqK9393/u7KrSTUWg/9K4DU+8gtxuFRGP3cij7jVdw==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: uF0RL4E+h23ClLQmPOTTMw==
date: Fri, 07 May 2021 22:09:38 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
content-length: 400
timing-allow-origin: *
priority: u=3,i
x-fb-rlafr: 0
expires: Sat, 07 May 2022 22:09:38 GMT

GET
H3-29 200 KiJxuYSlQax.js Show response
www.facebook.com/rsrc.php/v3iEpO4/y4/l/en_US/ Frame 863B 503 KB
132 KB 7ms
6ms XHR
application/x-javascript 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3iEpO4/y4/l/en_US/KiJxuYSlQax.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6b8c709460f85b0805002921be87801eccd28208805e086049aa7a0fee07c2c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2612749ff42b8%26domain%3Dhesapmakinesi.com%26origin%3Dhttp%253A%252F%252Fhesapmakinesi.com%252Ff22ec5e8c1b87dc%26relation%3Dparent.parent&container_width=360&href=http%3A%2F%2Fhesapmakinesi.com%2F&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 20:40:10 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 3rlVIn0mXtPOCwHaqEkNew==
cross-origin-resource-policy: cross-origin
content-length: 134884
x-fb-rlafr: 0
x-fb-debug: Bt1fXxMd85nHIHCGqYa+MHlfr+q/XKdyZZgseSfIO1ohJV8ldkctD8+rL/POy3hlQO/wuql+vyrs+EGgjAstdg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 07 May 2022 20:40:10 GMT

GET
H3-29 200 cavalry_endpoint.php
www.facebook.com/common/ Frame 863B 67 B
99 B 47ms
47ms Image
image/png 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1620591336765&t_start=1620591336765&t_domcontent=1620591336773&t_layout=1620591336792&t_onload=1620591336792&t_paint=1620591336792&t_creport=1620591336792&t_tti=1620591336773&lid=6960386789969101659-0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2612749ff42b8%26domain%3Dhesapmakinesi.com%26origin%3Dhttp%253A%252F%252Fhesapmakinesi.com%252Ff22ec5e8c1b87dc%26relation%3Dparent.parent&container_width=360&href=http%3A%2F%2Fhesapmakinesi.com%2F&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: br
x-content-type-options: nosniff
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: EVPbTlDVwBUkvdR6k/txuAYK9Cg4yajWXBu+ufA1XqRy7/qKcSto8mxbq9JrapeGgLaQ8kQSKIyIpN0wB9bkAQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 09 May 2021 20:15:36 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 container.html Show response
0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B8E5 6 KB
3 KB 20ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hesapmakinesi.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hesapmakinesi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sun, 09 May 2021 20:15:36 GMT
expires: Mon, 09 May 2022 20:15:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0248976da97cef9d507c26ab78186f1fc82a4dc71963f29cc49946f09e72d69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386783045400"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28014
x-xss-protection: 0
expires: Sun, 09 May 2021 20:15:36 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 38ms
19ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021042801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96d7df541733b2cdfe50952b358d895d4c452ef07c1b6861e3bdd50f18989629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7644
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 834D 624 B
610 B 24ms
24ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COm_ExDK3oEBGNr56qcBMAE&v=APEucNWPCSNJsv8MOJmvPVl-Bw1a45EqwFvN8hpwJRUM4jyFdudL7jJo_xESv7KxvKvBHjs5c3Qsvx8ZJD0l2xxfN5153uCYJxsjAcD76mgaT5UfQ42-qwu0L3IhSnOC2Ke3nRIMkzI98Rz8Q4tLlLD59urs1aNB4uA_uwyXzrHJYG89Fy3k8yz9cPI7GqqRV_tkGE8p4N6t74Y2vloC-7k-yB6_uN1k7Q

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COm_ExDK3oEBGNr56qcBMAE&v=APEucNWPCSNJsv8MOJmvPVl-Bw1a45EqwFvN8hpwJRUM4jyFdudL7jJo_xESv7KxvKvBHjs5c3Qsvx8ZJD0l2xxfN5153uCYJxsjAcD76mgaT5UfQ42-qwu0L3IhSnOC2Ke3nRIMkzI98Rz8Q4tLlLD59urs1aNB4uA_uwyXzrHJYG89Fy3k8yz9cPI7GqqRV_tkGE8p4N6t74Y2vloC-7k-yB6_uN1k7Q
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 09 May 2021 20:15:36 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUmxDwcLF_lKbEgm-wGZMoDo6RBd4-0e11YLMv1cA9HR5KuMGvnEy61eIQKa; expires=Fri, 03-Jun-2022 20:15:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 09 May 2021 20:15:36 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B8E5 58 KB
24 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C0JcwZpKBGHCyfTBwnfmexwQrtvFkwLKjwxCHFb-OOl1rakz1YpQReHe1tyU3z5A13DY72cWs4ATtXY5rf_nTbfqHcFxlnqh0B62o3UtyjZJE2Lb8puLReDB2bD6l9Vu2ptPqDdtyKwx1GW7nPys9DIOZ_zg&dbm_d=AKAmf-C464956ILmHF9EvXwHIdQUEjpegFNw33FZ_ZhhirsZD-8aejbZ7rvu6GC235-b0b5FOv9Wk-L4RMz5pG9FTgj99uE-F4JZA9_4o9eLS43mw1sbgzkQcQivDArufA_Mz4Nd1wBMDN03wI_tlk45pEuPalUtUmMSFyMqshBKQAqxaB6ood25mwdbFovo6YEc_b8yunwszgxOZ8f_alQiXf6zrlBvTHc6X4xEVBhK1LOVAtHwZbb32YgHs8-fupCukTbiN7tMG0RwJVY3FdTBltDRjF5XbZfGLdlsJjjAPzuM4KBApQ8CJMdiCY2jBJTque6K7R52qOdpGyylhPVq0KOk6DYuxVwvlGCPE2n-FWsrwrkntea86nVazC5ZF_FbTaauC6HmJWUN_pNstNq8TacNl_mgj_0SCcTZjvDqklWQ14ha15PMbPOhDuA49MML3qEDAfDkPNNnoJgAFP5EMZqwY9O0CNgGeT59f9HANJArotyMUeGE_yIuOlVVh0kL5xFpt9OaJOw9JztHxUQggbOJDpdQk-ycV0uVbm8SmwJkWX0c5hK9rNXGTeKuO-Uc95FfV9VxFOhZREYsmKwq26iuFzJRX3W11B7y_2ZL4FHfrOsISJwvI-JUsX-nQzRPji0PjdcwdJGSxLR11CEOTK2DTzm8srw8O04vA4Ep7MDiRd5HEqpZbSH7KPh9reYG8mim5YBnUK5QRwRhXmwbD9WbmK0GGQ6K5n76VxuPSewvTjlG-SPGdaJ66U6tnDYh4gZHda9c0RxS7NVlw7b1YCKVjI0X8QhsLLciAaQ9n4yjfmIy4ajJOSzLrab2A_f4Hqzea9mBmV-r5qfFHgFoqKT7Hp48spHq0GCIahQH7PJVckcprJXsNxweMjHvwiPV6b8r8SMU1hToARIUglhPbXnMuMloMW0MaZ5C1k9J037avoShAw7fDIdagzJK5Ecoo8nB5PTaNSfhGVCrbo2Qf5IbcNPEx1gKDvAZPE7O-8jvRuSj3GDJgFgWEPpYx6WOGDpJPOnM8_24nrudUp6aNoj1F5km7biQCh4YV7ehzs1wHxIieu8gNL9TvG_OqL1KiDO9gwqQ2CmyL2-7qjkKd6TvCRmEMVA4C7wWlnbz-KJKOTK3iG4dVaQG4LZlsmJf4Nv1zcNw_QAqFEPo3W38ts0bEZMJP1B1wPG8ukcQzHUTfQXvi2suzABf8DrYgZIMj1YewBDSwMPa1BtNk41JNW5KZ6CqwxPIo3Qce07vcWRJ35H_8xpIu2VtEVKKajRsnliMtPSlM9VU5sCcA3u1fMJf0Er7I5ywCo9VdxU5DMwreLwqDJ_xTVJM21nlsnFURBSzDzzxfkawixDaLmP68pB3ZQqBNL_zK9U-3Hla0BI3dNc-lno0W23A7Iliu7Add_ihX5RilI95W-RwbANtxgmi2rJnQljPwZQUs8apiG9fDdUtzPk6Hdrw_poQDQL73O06W3HXqE1VJjLRqG_9bbcGSGcd_EXSF3m74Y7dLTS0s93xNaEDxkt3O07quigbB0h_VYGsUqyVHvFTt5soLA6tGKypzyh50ENzP8xeOWE9cZkgjHvdcLGDtoT-nneZ9PDj05zwptfUhyGBU3FhBL2ngfH3OFUIVHlK1LzUCoKvgWSEEIkUERKf6QT7wh4veGYjMMFYiDhEQ3FduguBOMZDcAImjlAPWxldwz9agXrFi9Zycai-KwCT6XPwQC7eB83zvZbe-LECZGhifKMDiO1EIWhXiU_PuhwblqN4PZadiyNGsTtq2QXpHBlQGpi7L4U5m22eNQTddf29oj3TEjWv4GCwFJaty4qy_tZwROFcjDWbZGhvPSJQWsHSZpjbF1JQVHG6XKirSia4BkkAkt_woqFNlHj8m4KbD8edn65NYTg4qpI_H_c5dpoIFmlbHj_0shg60u1rou-2DOym1yLgCdlB0EJuQSQGejA2lKipX1paPMfV_9BZ_pSDmn0EZwHIIYXfFniCCvq1ypu7VbMScve3ZgDAnDu8_3N20keiz_n1hqcXUeXYPatMnXh3YZir4jSbmqMo76P9BhJXBfF5ET9ZXeG9PF8-gTl3IxAEhJRrbGxwk-cicU9NvmnOb99YFgfOMmBkRm3VQCM1s4jq8urkiGKKSH3wKgDWKs_ZMV-8UYWhrLA1O-lOAboTb19-JPQxvajbGbPngrckpvhYj5u1sMjbBCRiVCWrJEvW3omZzRWrZRfCcfb--K_Kj4n2wG3O8LDJ9Y0iCkKMoOq7JcwTKE_dbhQdqiAcEb9EPpxi3LjtHjczbv7OyRXcOodTbh3t7BptvW1Uv5DcPB1_YQdbOFek2hWSUVIBl__zyUIFuGSHh5I-Og8C8-167dn8IohaSHD1pbEn5g5jl-c0VMW43nK5zy6R2q_os2h4NblyrSSc35XxwlmN9kZJ825RmqB-Lck2lr7RUFBA6SNcmLJ2LiK4K7APZ65Tq0U1H_-qv_rbbXz85LGZhGqwGAv0hiI8Z7tS2uBw4OoSXOBS6PiZ0QRmZO5Ho6RQNHbNzUOk60tlU0lYN0LjdXBZ2N9oahhw5YTfaSgQyXj9W4SzgR_wJZmyZ1RfbZnBkxW0uxYbfcRT2Zmxw7dfwRlvq0f-VZ5UfeBa1BFgD2isbQX5KF7wrGC5HVeAFGsT02cJzP3UiWPrqfEfbwsHdabpFuhJYufD5S05q6G7wvrgnfqjEZosmglMxLad8VC7vPFkhne2UXPXhw3fwDaqHLpv8EDSVBKSjDZ137YjRBbtK381WEJqm-yR_a06GOEF6OcRmM4pSOb-d6XGN9YmKvsU4aHDW-XEyOg8HA5ADo69ipJ2pmHQ2loRj1KkDBHukhF_bE90z8tzpXXxtAXeRX_nFzHFTW5Dp9P7q8kYpaA5TvYqvljTTGSwUSxWst9f6Uj5MIIV_b5-crdAbJRvf5DvuAMk6IOpQ8AZuOBCN4-Ln9qNqpZW1_u5dSV3o9jomuVr2cjt5Z0cC1L50LlRW0bV4vcgEGhXqgq96TtGl5d6G1kjUOz5-bVaKK6w0MZvYLB6Do-6Ili-MbFZQFKGZfEt1SRwClvWMqMd0kYpD-AYJLm-H8m4yEKLwBywmzgO7AIwwd_ENZ0&cid=CAASPeRoqQqP12TAIdlfw0rGS47RJEz7bBtpSWNiMaQ2uRzx76VEzATYubm6WWpB_OZF47zxIHYx-qJbGCqYArM&rfl=1%2Chttp%253A%252F%252Fhesapmakinesi.com%252F%240

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3fbe0e632487447c59013b0e7e0116ca10405df206020489a9eddf3ecfa0e54e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24107
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B8E5 42 B
207 B 39ms
38ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BMVY8R8OeqhI1zWtCp4-eJlPVZwlLcybqpbU1iMSDULC-rnbvnRn-SgrE-9NhdoBV3iUMlrjx_ss_qVKaaaWvJKikfKX4DGZ-R22yBSrL8tZWyzv8

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame B8E5 2 KB
1 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/window_focus_fy2019.js

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:13:55 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B8E5 116 KB
35 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d0699772b8ca80d6ef1ac55871141afd77cda372f15f1a97b74b41dae70ab25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386788828326"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36100
x-xss-protection: 0
expires: Sun, 09 May 2021 20:15:36 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame B8E5 13 KB
6 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 122
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:13:34 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sun, 09 May 2021 20:15:36 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame BB2A 12 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hesapmakinesi.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hesapmakinesi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sun, 09 May 2021 18:34:50 GMT
expires: Mon, 09 May 2022 18:34:50 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6046
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 834D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1

43 B
1014 B

54ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COm_ExDK3oEBGNr56qcBMAE&v=APEucNWPCSNJsv8MOJmvPVl-Bw1a45EqwFvN8hpwJRUM4jyFdudL7jJo_xESv7KxvKvBHjs5c3Qsvx8ZJD0l2xxfN5153uCYJxsjAcD76mgaT5UfQ42-qwu0L3IhSnOC2Ke3nRIMkzI98Rz8Q4tLlLD59urs1aNB4uA_uwyXzrHJYG89Fy3k8yz9cPI7GqqRV_tkGE8p4N6t74Y2vloC-7k-yB6_uN1k7Q
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:15:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 09 May 2021 20:15:37 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 834D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJhC6UrHZqsdUjRMOGBriwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1

43 B
894 B

37ms
36ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COm_ExDK3oEBGNr56qcBMAE&v=APEucNWPCSNJsv8MOJmvPVl-Bw1a45EqwFvN8hpwJRUM4jyFdudL7jJo_xESv7KxvKvBHjs5c3Qsvx8ZJD0l2xxfN5153uCYJxsjAcD76mgaT5UfQ42-qwu0L3IhSnOC2Ke3nRIMkzI98Rz8Q4tLlLD59urs1aNB4uA_uwyXzrHJYG89Fy3k8yz9cPI7GqqRV_tkGE8p4N6t74Y2vloC-7k-yB6_uN1k7Q
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:15:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 09 May 2021 20:15:37 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 834D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIoiVRiwtoKl9VyQEPNZX7A&google_cver=1

43 B
1 KB

42ms
25ms

Image
image/gif

37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIoiVRiwtoKl9VyQEPNZX7A&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COm_ExDK3oEBGNr56qcBMAE&v=APEucNWPCSNJsv8MOJmvPVl-Bw1a45EqwFvN8hpwJRUM4jyFdudL7jJo_xESv7KxvKvBHjs5c3Qsvx8ZJD0l2xxfN5153uCYJxsjAcD76mgaT5UfQ42-qwu0L3IhSnOC2Ke3nRIMkzI98Rz8Q4tLlLD59urs1aNB4uA_uwyXzrHJYG89Fy3k8yz9cPI7GqqRV_tkGE8p4N6t74Y2vloC-7k-yB6_uN1k7Q

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:15:37 GMT
X-Proxy-Origin: 37.120.143.228; 37.120.143.228; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.48:80
AN-X-Request-Uuid: f75ff3cb-ba5a-412a-84a1-3f5d915f7384
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIoiVRiwtoKl9VyQEPNZX7A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 834D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc0Nzg0ODEwODE1NzMwODg0Mw%3D%3D

170 B
188 B

113ms
82ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc0Nzg0ODEwODE1NzMwODg0Mw%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:15:37 GMT
X-Proxy-Origin: 37.120.143.228; 37.120.143.228; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.152:80
AN-X-Request-Uuid: 9a212e50-9435-466c-8d03-62b1ef39cb4a
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc0Nzg0ODEwODE1NzMwODg0Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame B8E5 111 KB
39 KB 25ms
5ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 10:26:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35332
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 May 2021 10:26:44 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/ Frame B8E5 8 KB
3 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C0JcwZpKBGHCyfTBwnfmexwQrtvFkwLKjwxCHFb-OOl1rakz1YpQReHe1tyU3z5A13DY72cWs4ATtXY5rf_nTbfqHcFxlnqh0B62o3UtyjZJE2Lb8puLReDB2bD6l9Vu2ptPqDdtyKwx1GW7nPys9DIOZ_zg&dbm_d=AKAmf-C464956ILmHF9EvXwHIdQUEjpegFNw33FZ_ZhhirsZD-8aejbZ7rvu6GC235-b0b5FOv9Wk-L4RMz5pG9FTgj99uE-F4JZA9_4o9eLS43mw1sbgzkQcQivDArufA_Mz4Nd1wBMDN03wI_tlk45pEuPalUtUmMSFyMqshBKQAqxaB6ood25mwdbFovo6YEc_b8yunwszgxOZ8f_alQiXf6zrlBvTHc6X4xEVBhK1LOVAtHwZbb32YgHs8-fupCukTbiN7tMG0RwJVY3FdTBltDRjF5XbZfGLdlsJjjAPzuM4KBApQ8CJMdiCY2jBJTque6K7R52qOdpGyylhPVq0KOk6DYuxVwvlGCPE2n-FWsrwrkntea86nVazC5ZF_FbTaauC6HmJWUN_pNstNq8TacNl_mgj_0SCcTZjvDqklWQ14ha15PMbPOhDuA49MML3qEDAfDkPNNnoJgAFP5EMZqwY9O0CNgGeT59f9HANJArotyMUeGE_yIuOlVVh0kL5xFpt9OaJOw9JztHxUQggbOJDpdQk-ycV0uVbm8SmwJkWX0c5hK9rNXGTeKuO-Uc95FfV9VxFOhZREYsmKwq26iuFzJRX3W11B7y_2ZL4FHfrOsISJwvI-JUsX-nQzRPji0PjdcwdJGSxLR11CEOTK2DTzm8srw8O04vA4Ep7MDiRd5HEqpZbSH7KPh9reYG8mim5YBnUK5QRwRhXmwbD9WbmK0GGQ6K5n76VxuPSewvTjlG-SPGdaJ66U6tnDYh4gZHda9c0RxS7NVlw7b1YCKVjI0X8QhsLLciAaQ9n4yjfmIy4ajJOSzLrab2A_f4Hqzea9mBmV-r5qfFHgFoqKT7Hp48spHq0GCIahQH7PJVckcprJXsNxweMjHvwiPV6b8r8SMU1hToARIUglhPbXnMuMloMW0MaZ5C1k9J037avoShAw7fDIdagzJK5Ecoo8nB5PTaNSfhGVCrbo2Qf5IbcNPEx1gKDvAZPE7O-8jvRuSj3GDJgFgWEPpYx6WOGDpJPOnM8_24nrudUp6aNoj1F5km7biQCh4YV7ehzs1wHxIieu8gNL9TvG_OqL1KiDO9gwqQ2CmyL2-7qjkKd6TvCRmEMVA4C7wWlnbz-KJKOTK3iG4dVaQG4LZlsmJf4Nv1zcNw_QAqFEPo3W38ts0bEZMJP1B1wPG8ukcQzHUTfQXvi2suzABf8DrYgZIMj1YewBDSwMPa1BtNk41JNW5KZ6CqwxPIo3Qce07vcWRJ35H_8xpIu2VtEVKKajRsnliMtPSlM9VU5sCcA3u1fMJf0Er7I5ywCo9VdxU5DMwreLwqDJ_xTVJM21nlsnFURBSzDzzxfkawixDaLmP68pB3ZQqBNL_zK9U-3Hla0BI3dNc-lno0W23A7Iliu7Add_ihX5RilI95W-RwbANtxgmi2rJnQljPwZQUs8apiG9fDdUtzPk6Hdrw_poQDQL73O06W3HXqE1VJjLRqG_9bbcGSGcd_EXSF3m74Y7dLTS0s93xNaEDxkt3O07quigbB0h_VYGsUqyVHvFTt5soLA6tGKypzyh50ENzP8xeOWE9cZkgjHvdcLGDtoT-nneZ9PDj05zwptfUhyGBU3FhBL2ngfH3OFUIVHlK1LzUCoKvgWSEEIkUERKf6QT7wh4veGYjMMFYiDhEQ3FduguBOMZDcAImjlAPWxldwz9agXrFi9Zycai-KwCT6XPwQC7eB83zvZbe-LECZGhifKMDiO1EIWhXiU_PuhwblqN4PZadiyNGsTtq2QXpHBlQGpi7L4U5m22eNQTddf29oj3TEjWv4GCwFJaty4qy_tZwROFcjDWbZGhvPSJQWsHSZpjbF1JQVHG6XKirSia4BkkAkt_woqFNlHj8m4KbD8edn65NYTg4qpI_H_c5dpoIFmlbHj_0shg60u1rou-2DOym1yLgCdlB0EJuQSQGejA2lKipX1paPMfV_9BZ_pSDmn0EZwHIIYXfFniCCvq1ypu7VbMScve3ZgDAnDu8_3N20keiz_n1hqcXUeXYPatMnXh3YZir4jSbmqMo76P9BhJXBfF5ET9ZXeG9PF8-gTl3IxAEhJRrbGxwk-cicU9NvmnOb99YFgfOMmBkRm3VQCM1s4jq8urkiGKKSH3wKgDWKs_ZMV-8UYWhrLA1O-lOAboTb19-JPQxvajbGbPngrckpvhYj5u1sMjbBCRiVCWrJEvW3omZzRWrZRfCcfb--K_Kj4n2wG3O8LDJ9Y0iCkKMoOq7JcwTKE_dbhQdqiAcEb9EPpxi3LjtHjczbv7OyRXcOodTbh3t7BptvW1Uv5DcPB1_YQdbOFek2hWSUVIBl__zyUIFuGSHh5I-Og8C8-167dn8IohaSHD1pbEn5g5jl-c0VMW43nK5zy6R2q_os2h4NblyrSSc35XxwlmN9kZJ825RmqB-Lck2lr7RUFBA6SNcmLJ2LiK4K7APZ65Tq0U1H_-qv_rbbXz85LGZhGqwGAv0hiI8Z7tS2uBw4OoSXOBS6PiZ0QRmZO5Ho6RQNHbNzUOk60tlU0lYN0LjdXBZ2N9oahhw5YTfaSgQyXj9W4SzgR_wJZmyZ1RfbZnBkxW0uxYbfcRT2Zmxw7dfwRlvq0f-VZ5UfeBa1BFgD2isbQX5KF7wrGC5HVeAFGsT02cJzP3UiWPrqfEfbwsHdabpFuhJYufD5S05q6G7wvrgnfqjEZosmglMxLad8VC7vPFkhne2UXPXhw3fwDaqHLpv8EDSVBKSjDZ137YjRBbtK381WEJqm-yR_a06GOEF6OcRmM4pSOb-d6XGN9YmKvsU4aHDW-XEyOg8HA5ADo69ipJ2pmHQ2loRj1KkDBHukhF_bE90z8tzpXXxtAXeRX_nFzHFTW5Dp9P7q8kYpaA5TvYqvljTTGSwUSxWst9f6Uj5MIIV_b5-crdAbJRvf5DvuAMk6IOpQ8AZuOBCN4-Ln9qNqpZW1_u5dSV3o9jomuVr2cjt5Z0cC1L50LlRW0bV4vcgEGhXqgq96TtGl5d6G1kjUOz5-bVaKK6w0MZvYLB6Do-6Ili-MbFZQFKGZfEt1SRwClvWMqMd0kYpD-AYJLm-H8m4yEKLwBywmzgO7AIwwd_ENZ0&cid=CAASPeRoqQqP12TAIdlfw0rGS47RJEz7bBtpSWNiMaQ2uRzx76VEzATYubm6WWpB_OZF47zxIHYx-qJbGCqYArM&rfl=1%2Chttp%253A%252F%252Fhesapmakinesi.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:13:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:13:54 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/ Frame B8E5 22 KB
8 KB 19ms
8ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f6579b2c579aa6a2e089f3d0f7beda646657ccbc948b87d1c3ff972bd05fa4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8628
x-xss-protection: 0
server: cafe
etag: 13656602236642303355
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:15:26 GMT

GET
H3-29 200 h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js Show response
pagead2.googlesyndication.com/bg/ Frame BB2A 14 KB
6 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8786ea05fcdb361c9f5bf875ad59965c141a27fcc7b99c6462a76ab35180dc5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:40:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 03 May 2021 10:48:00 GMT
server: sffe
age: 5691
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Mon, 09 May 2022 18:40:45 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B8E5 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 12:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27487
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 09 May 2022 12:37:29 GMT

GET
DATA 200
OK truncated
/ Frame B8E5 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1200877d2048096137ac22a5dc7a89846d053f53ea5f552950394732e36b4ef4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 160x600.html Show response
s0.2mdn.net/8501025/1620114432763/ Frame 08EA 6 KB
2 KB 20ms
7ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8501025/1620114432763/160x600.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

842d0eb89985c444c3269760136e896f16543d773142a627dcb19de4b026ebe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /8501025/1620114432763/160x600.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 2324
date: Sun, 09 May 2021 19:48:44 GMT
expires: Mon, 10 May 2021 19:48:44 GMT
last-modified: Tue, 04 May 2021 07:47:12 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 1613
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B8E5 0
107 B 422ms
300ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv4cxtC0QX4eBvRAx3JrW4NEZmw9hh-UtLtAhJJPWifgoAY4zeoo6TuSp6CiAZQ8CxyAmEngJ3vxlsoKbPWe409Zdb3r5oNzVR8W8q6UN2vbnjBfgj8L-2tqIuh_z4ic6FIT1p45UMta4Ay0OAHDROu4w-feg2-4kVGUadoWM9KJCGG9Eqhb8FY80Ft8G0DU5_Ni4BFaPdHXCmIMvIEzNNDZYKT8ExL5gqSakcQE1duIJ2qR3vvX2k8xMcTch0GHnbTS-cadE0ZNI_z_bHEZVeEOHgd6HjF-L31IuO5LoQKKAyNKd9nUV1mcfymonPMaA06w-Uf7lTCitsxxntyWwnEmZCG1fMqoQyxQ9LEef6vhOzguRyuaROH5ObVC3pjyvOOnNfFDvjKsPaT5Vxm6S28PTJEAf79o_1sdTZGIi0l5X43XBcJZZwtD0S4BBDNldL9_AIDMASwGc_ya5x9pBVfmBt3RUP4ONY0YCMcvXdhLxoT-km0sXQtnsqbKqN1t-jiAjN0K7ib-u9CrB8HwxKFwwNNCft1b757vL4qBdbwtmlhaQlPBK6WJhDBQSSTKRIADzA8iAL1wZlTvCnpdgcw_Q7IGt318t_ZPDJ3BM4V9xvHl3DGV3SrZw3Hp_XBcv52CqapoGloGiwgirUC10QmTceXGqGJ7AtR47cHogY2kUhrAprZ0J4Y9jqjW79zKJhVVbvO2RTSlIw6hp7mf9Vi3KCJmEW3sXpvem8kNxa5aBqiMeGrvlDSfE0NXrEO5tF0ElPr-I9OLkbVRF-kgMHwnTJk0fHqDNVjZhHqHlF1XvEf5vl4P1b8xZJBV0YUamsCJVaH-crxq_S-yeX92hSimHlREsZT_AFsCBttPo9Q-G7PIdqwobfo-ybpS1hvKAra0CK31fVXRy-PGGTDOXwCNSk6G4Nf431wHx5kOtQdBE_1J37WQVvs4-K6RJYNLNOejI0aUQuVlTXt0crStz-aKofm6lUizMN4twKuAx9S9tR_zXv0N4Cq4YMCAwj6vNTOdKF4qRHnJaqaAqcMv9YQpZxGDPt0dIOKYmuRG0R55LCCL1H-vM_kaP7YufQS0Y4LfEFEobaIvxfbRX5qRJYQR85gAvWfZIsYBcgnKIZxjLYOdbsSl8gsFZBQVd1P0FFKFZ1OyPVnHR_CF6X7uS7emV434XtsphMDCpdrY2BN2ZcVz6Y92LMhaNT5TLSd6W-WVElP3-ETp-eau9-aOgk3JbgSDNXhSiDLhpt_iUwmGSvpqEPRaA&sai=AMfl-YSKMIMOzvcaLdEvll720De9p3mDEvV7NebBFgOOLO8igxlzVUWSqOhENldinajKkQeIGz1N4TFk0edM1s0Dj4qsscoHm0I9iBthCK8camX6YF98r6y4YZDORpcNzNTvx0wYvQOB4Ku2k5Apz2T3ulF2XK6IsCItH9wYgRyj3RGW5YJJOnFTZwh92d04xhZVYGGUWEyJRbFN9Ed10qhBOEmyiAP7vAbZX1TZdr3twmqWIt9SNxqde7HVizTFnw2Wtw&sig=Cg0ArKJSzJwkhbygFR8IEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=113&cbvp=1&cstd=109&cisv=r20210505.87194&adurl=

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 09 May 2021 20:15:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 15ED 22 KB
8 KB 6ms
5ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 09 May 2021 12:37:29 GMT
expires: Mon, 09 May 2022 12:37:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 27488
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 createjs.min.js Show response
s0.2mdn.net/8501025/1620114432763/libs/ Frame 08EA 236 KB
62 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8501025/1620114432763/libs/createjs.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8501025/1620114432763/160x600.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bce1a3e8c91b71186d76d82901b87cd125140595731334f288ea8eb609371d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8501025/1620114432763/160x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 19:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1612
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63902
x-xss-protection: 0
last-modified: Tue, 04 May 2021 07:47:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Mon, 10 May 2021 19:48:45 GMT

GET
H3-29 200 160x600.js Show response
s0.2mdn.net/8501025/1620114432763/ Frame 08EA 105 KB
19 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8501025/1620114432763/160x600.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8501025/1620114432763/160x600.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01aba78d05c12cff7671d75e9df1be291c7d9f4393bc40cbc45609943fdef358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8501025/1620114432763/160x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 19:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1612
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19013
x-xss-protection: 0
last-modified: Tue, 04 May 2021 07:47:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Mon, 10 May 2021 19:48:45 GMT

GET
H3-29 200 h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js Show response
pagead2.googlesyndication.com/bg/ Frame 15ED 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8786ea05fcdb361c9f5bf875ad59965c141a27fcc7b99c6462a76ab35180dc5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:40:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 03 May 2021 10:48:00 GMT
server: sffe
age: 5692
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Mon, 09 May 2022 18:40:45 GMT

GET
H3-29 200 160x600_atlas_NP_1.jpg
s0.2mdn.net/8501025/1620114432763/images/ Frame 08EA 50 KB
50 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8501025/1620114432763/images/160x600_atlas_NP_1.jpg

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c2fb1cd4d90594f9890330657b29fdb0dbf94ac6d25383cdef91543c4dcfa0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8501025/1620114432763/160x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 19:48:45 GMT
x-content-type-options: nosniff
last-modified: Tue, 04 May 2021 07:47:13 GMT
server: sffe
age: 1612
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51221
x-xss-protection: 0
expires: Mon, 10 May 2021 19:48:45 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B8E5 0
528 B 118ms
63ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:15:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 container.html Show response
0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6D2B 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hesapmakinesi.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hesapmakinesi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sun, 09 May 2021 20:15:36 GMT
expires: Mon, 09 May 2022 20:15:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A9CF 624 B
299 B 25ms
25ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-i5AEQkO20AhiM0belATAB&v=APEucNWq07oXBKnoo1d416k22Vjy39lyvzLZSX7q36u7pOeypz-auxy0M9ROgWrUQ3ii8joFA_rFeyDVa0jUcB7m0Fhe_gbUz_FKgYGFkVNWyM7hhidvDTHZ652rALD0nMLaqWPvGs1W5-qCMpIbzSweab05BiAF0k29rxqi5O20KU3gU7xutSbApxYhHU_ZXsx24PGxhVgNLaBzlqKZFQicfo8JSvJ_4g

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJ-i5AEQkO20AhiM0belATAB&v=APEucNWq07oXBKnoo1d416k22Vjy39lyvzLZSX7q36u7pOeypz-auxy0M9ROgWrUQ3ii8joFA_rFeyDVa0jUcB7m0Fhe_gbUz_FKgYGFkVNWyM7hhidvDTHZ652rALD0nMLaqWPvGs1W5-qCMpIbzSweab05BiAF0k29rxqi5O20KU3gU7xutSbApxYhHU_ZXsx24PGxhVgNLaBzlqKZFQicfo8JSvJ_4g
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk7NrMdlOsEvcNep9b0SZUdQ43ot8j60UEcGV1pwczqfpSEyBGIguEbcyybDm0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 09 May 2021 20:15:37 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 09 May 2021 20:15:37 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6D2B 67 KB
25 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVZ8GaWxF79cOZJ8wRF50rp-wE0tVb05aOUz_nBI27f3zzMNSek2Lq9WFndMDF6JLddk2YQ12j4LJ0R5dg2wwWZfOJrBCkNUH76vBCf9kbZc6Jo8COO203TUMcoKX3jKv7-vgrEnyunm1c2rbUnJnarS8XtQ&dbm_d=AKAmf-D9bhe5ZHooCrrcigPkgIk-bPM0gF80xOs7Fj_9rOFqeFp1Cc0aEA04LOhlmAO2VgRU3C4ZFlO7m84mU8F-0CXyzrMv30Lxx6PCUv8ddnFsJZHuGOsR-f4T7kUnp_WNRxD-kt37EWl69_e141dvK9Kgu5yFHN7Z0cITGrCAAZciTzsx0U5QmYMvahrxI1ThzDb-RCHitu5B2XgNCQwQSnLGzx35erbyOJmmihZe22UDTHpGlzlCuOmMubazC9Iw5MsUvLqphmvwypoXYXMKUe2fJKXBPR9doo89EmR8A7pFgxrMgtM9UYpWhkH2ZaUU4ymq6P8ijFYbYv6Hu9UUljnhyFVzYtD-tA985Qa08mCnMwWKy3-8RqkQztg7_rl-UPRZFQcDYNwXS1dEXWVyDg2YuhoigLTjfqg45UIMf3rlUzDADywh7fLy4NKVRilcczoMnzGJBOKkxNRPfqqmaoS1GazzKrrA3uNlvIeA1XAWOy_a2-18D5LeTtcKGmLoecVb21xhMHs7Y1yYYb96KZ8TO_5IC0LDv92OI0qeZt1UL-yfhlv-2kiL0olW7uuHcSZHHP3hCdQ9wcArH1keq9Y7Ctj6alqPOjzhUncmRUOjx5LtQVHZQip6WTyQep2aFtpos6t-_-juTKuAXg56MKsBAPsPiOd_wqEhLVRx5JNpZ8H7_PcrEXeHzI27GYBs0SIRUnd1eC6msVyt1M6Q1sj5zr75xira3cuU8Xti7mYxBvDL2k9OiSxGE4MG8PLXzXIwCRLyTlFpdt7zjfbRMyWJFaQhZeyVGI4eOT4hg3n8pffxczpn51MymoakZNvhes5sEkSKHDMTicNp41ynjYrNRuZDEEuRxmbjHDxIKBw0aiLBTM-pvzJ0Pv2P6UKx0wrVcLx5z0HWnV42_BB0qpaK4MA6VYoyS4dCYkF8ygk4dsxjhN6r_fCFwXh8_AzVioIk88atcySSlJcAqrGpZPN187nC4j2zoVxCgabCKbfwGu-_1RQeATgVjKSgq58apbazX9vP1SESBI5ebDvPrFH8fVMDvlX1uqKXK5RgqkWEnli2zY5jpymEsspL8er2Gn4Pt0I7SA6t-zCqNdBuXnvgLNRMJXS9e5cCkBY7qvsGTYkTwfiwdkhetJ1S1LcaXDKh7jqeThtPVQ0hsJwHdm3auYvSZL9iRr4ytZQm9Zeoehdo_Fe8b9RbPv3_BIYYfXNQT69DnZ5SgjMGx958cUgBxfYpKpny2oqHZTJ-zsusDzSqSyrDEvFSWZz-SNODBxM9ioziHX5ImhBO9OrO8HB5ngqL24Dl3PGAVMrJbOH4qvstiCGkpmNk_Ldoo3iDHbiZQgMKDZzIAx3Jk24zCe2o9UsdJu4u2kdFdj-Mrwc5EdRIVyJfE9S7usdshRZ6kk0pzkahYSqlGPUyNHViGsmcA7KEDkQDMxBcdP7L6_4vnklbEnHajOGvHGCC9yXMeGs1rasijYihAKTUF3nVaMl8MmxPkohwTirH-Haa3vYpHfJ_yDAqkypl1IkiP7KBwJZVWuc9OeaQk27nSG1aoKU03AtNB4ptPVjs7dHJEmd-MAKAmqSAkNYq-FzdEkib62n5BM0YDVgjUurxe4OJw8dWVH655oq8UByDt8N-9Cjexn0ws9NN7DY5ifi1xnDlxpxmpGnTFZvFjoRbiyUNCkFvEV6CLLYW5kJFqECz0tojz5uigIffpD_yUL-eVR5IFhv4SrJF36xUKeOXO9DTEsqIA2gKwDiumS0ZpnJ4y3DBwS8pxAjq-FiOpT2tgTafHBUwvgsSEqb0U_-Ozvw_azNicwv9SISJrbjcjPXAzKH3-leGsqaz0xWRqzyGotBw-1LADcTQzt6QkLOwvFLx1OEDykIErpjhKWdpKLKFs1pKyuzLdNGnM57xRpw1j_CCm9BZMPi7LWznG8EqD29QkPbhjRVacD7PhPzaPsaYUp0GWVltRrvrzQI2EH5Z_ScXAmrTiMZL0-SrEDwubaP_vSpf64WFI7fjvtvichOWaik92VwYNIV9Z0psT977mE8ptP9PzqmRerg5xLS6dv2zRNtCuSFAGqs8i5lHmAi0VOH83MoeCUFsYzZyPfc3NG9-8cUT0zK5ODEjS47x2cfdzHp4vCUSZRL3i2dfryjiqgNj5NpCHXmZ5-_VxdU1GM4vYUdzR5Z3_iHosPSxErq_YJdfWp1Ho5uCDLQdseBpar6uLZPplFUrwPAEVYkxKAUgaaoCkzgpDwVoJPIUeHZIeZhmGX3CEfL4aDeY92ygGfnmjevZHBs2G2v54rMlK90Q2v0gzE2fGtROnYd70liKzymkt8VZ5jQ6KwAvUNIbWhfr4JQHm3VgxjH_fLa8WP_HGPsDIJK_p68SS3F4I2EWJwPfArHYbe61aaKKTscEp3GRTmkGnHOEjD9zYv_MKo-SYA-ZODxVUr28g-7YpvMxicSn9fHd-17-_gbyUenEkkw3Z6mGeSuwzQUO9dDKjB0qY8GGCNiRI8DRQ9u-uJ8aP-oZ0TFixjQW696WwQF5EyLAcZDTJ_WDweMh21b6gCV0OvVggeA6hBTwf0LGNr0Ua504Izo-KNO_Ru23J77f7uE6eXeS7iJebQd9F-U46mVl9gfORZhEqmQHK0b4tldcp1fqJMdlD59dS7_96HAc7U68nrnp4unxIN1crR2bvrteZniGP6GJ01UjS8_RU0xMwElCa3sn6tjbaYF2EihKSC1bVp0NmsNB0vdlnA1p0XRzJLuzLi_NttaaGLqLek7xu06edwsXlWdO7S35ZU8h9FAnE3nlp_dUUvQ2CJTUpXLtxdtWJF0kESDUyFNVdaUZ88o1ZsrJ9pK-ECbLFqBAlViQEd5dUfIYDEp-TZEzc-SSfMRnG3j4jIc--Y4BzSj8c5SQDaDs0_7dAVTzVqSrfeTFT95lkl1BYMRW-eP-BHp9ACiBMrz0UJV6f5Lr9FH6iM_KpBG44vkrZ_uR03BWm37TxmKrauwLUC5vFTvOklOlWBSGW0GFgj9rNG8LCbqgNq0skeSLF8jsOnw4r4wdFrhj2J0jGXXjf45H_nZLYCiSPJVP6kCyeEbeUKrUccRpsBVzrtYnzocuKBdUjIjYPtEXu8EEvkrx-v8CjT_jueDqELTX7w8XduXtCAzxpTA-Tir8ChCM_g&cid=CAASPeRoehQfYMIzf_gweheYQpPUmzlDJfidALz_ijJ9SYVt0qFVbrhH6XMqycDXAxFfwkaUBxuILHHZcvGQKMk&rfl=1%2Chttp%253A%252F%252Fhesapmakinesi.com%252F%240

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c3a9d569d164562d95eec58ffcb07b984e203873d28ad2ebe146b518e376f18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25455
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6D2B 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C3pcG9NaztMHtBLP99kAROiXSoGXseBG_9q_L3aJV_SLUlL_jLRUoPEuPP75SLIUZw8lsyIh9ckiP1d_oj-TBt51lvmiYGvOXSurHKZv-t0AfGO7g

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 6D2B 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/window_focus_fy2019.js

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:13:55 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6D2B 116 KB
35 KB 27ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d0699772b8ca80d6ef1ac55871141afd77cda372f15f1a97b74b41dae70ab25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386788828326"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36100
x-xss-protection: 0
expires: Sun, 09 May 2021 20:15:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 6D2B 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:13:34 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6D2B 0
0 14ms
13ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSvf2ciF3FYWofJ_-xJh-KpFdwEgy2v84g7x6lZnrfMgJiwWtnQ_ruavIa2BydQQrPjKUJN
Requested by: Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021042801&jk=4001160912563051&bg=!xcalxoLNAAYP3QOmD907ACkAdvg8WrtTdC91ktGdLbEVmdWv7iuvQie9O_Xj9fGJf_LTqlk4NORKkgIAAAEQUgAAAA1oAQcKAIPl3Jd6p1E2rlxc305rTzyR_GERcY5TdQJmUSRt3QgioxT3CLGm9jeUl9JWdQkoORGTX4s6y_mkBCXUGWDkvqtIrWxxhcVDrWDVUupoUyOcj_4xXoijaZIkA4p6BFcH9tYWsF9vmBxNCCMNVN7k3hlPE6Yq1Yga81aRPRmwHgNoQs-tBpkCNiosFqgw8W8P7NOGpekihtcIGN1SZBCS1Xch0n_Xy_N8Ew9pcFV3TagLOauwMNrPCK1Yk-HMzjZF0tNZDA_POpsYMyBLvpfOeziikskv6upb4zDmfW6ElCebXnIx1QHyCljoC4go413ZSPfhHvCzOqDrPICUWCsGZkzMjZEvmYfNiMSpMGzwMF0neMbOC_lMuN_ICo93eQAcj7riefRAjTk88Bmx_F8vGevvAbi-M-fGTSqjhw9fiAjPhtVjcBy54ZB6UoJJX7BQa--HKdBIPHzRdbWnehdefHqaOwo4hIGmp3iO7zUJDWrTsS3E7fhkXYR39oNgcbfKfayW9wM2eOjP4nDlM8EwRXXV1pU2TX_GgzR_1pQf3HsnGCuVLhvE9OwXrG0Zjtecidx-Tduj1pkjbvt69TR6fc4UC9n23kaH_tXZrG9_TKb6vGn0tk4W5G8GgHwJnmwy48EKKkfTjU8vNZTEzevHb8BHZ5McyPtJr_JDshHQZ68cS1oM5zIl6M9Dwj7Wh5O6xqW8VpTNeU4iU93JSlJt1mFd2FI-t_lJXcX69Z_Rjs8ubC3-1yAjmTyzZ_MNXn0-ucBc62qjcuC8ogvZFl0D1_czblLsXWE99bh74lBamClVxje3Oe1F6g5Id5UFLAdEao9kX_tUOmJRNwoArq6UA9pyHjnrDrTJbgVSl665cLk9eYdyD7dxU9-kjDqkfGJv5Jr33tqA4AZ-ZNo8ShSBy1VhPFOMdPL7T9d5-Z7S

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hesapmakinesi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A9CF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1

43 B
894 B

36ms
36ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-i5AEQkO20AhiM0belATAB&v=APEucNWq07oXBKnoo1d416k22Vjy39lyvzLZSX7q36u7pOeypz-auxy0M9ROgWrUQ3ii8joFA_rFeyDVa0jUcB7m0Fhe_gbUz_FKgYGFkVNWyM7hhidvDTHZ652rALD0nMLaqWPvGs1W5-qCMpIbzSweab05BiAF0k29rxqi5O20KU3gU7xutSbApxYhHU_ZXsx24PGxhVgNLaBzlqKZFQicfo8JSvJ_4g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:15:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 09 May 2021 20:15:37 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A9CF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJhC6UrHZqsdUjRMOGBriwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1

43 B
894 B

35ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-i5AEQkO20AhiM0belATAB&v=APEucNWq07oXBKnoo1d416k22Vjy39lyvzLZSX7q36u7pOeypz-auxy0M9ROgWrUQ3ii8joFA_rFeyDVa0jUcB7m0Fhe_gbUz_FKgYGFkVNWyM7hhidvDTHZ652rALD0nMLaqWPvGs1W5-qCMpIbzSweab05BiAF0k29rxqi5O20KU3gU7xutSbApxYhHU_ZXsx24PGxhVgNLaBzlqKZFQicfo8JSvJ_4g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:15:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 09 May 2021 20:15:37 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGyPoxYU9Jiry--8KhffcFM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A9CF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIoiVRiwtoKl9VyQEPNZX7A&google_cver=1

43 B
1 KB

33ms
32ms

Image
image/gif

37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIoiVRiwtoKl9VyQEPNZX7A&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-i5AEQkO20AhiM0belATAB&v=APEucNWq07oXBKnoo1d416k22Vjy39lyvzLZSX7q36u7pOeypz-auxy0M9ROgWrUQ3ii8joFA_rFeyDVa0jUcB7m0Fhe_gbUz_FKgYGFkVNWyM7hhidvDTHZ652rALD0nMLaqWPvGs1W5-qCMpIbzSweab05BiAF0k29rxqi5O20KU3gU7xutSbApxYhHU_ZXsx24PGxhVgNLaBzlqKZFQicfo8JSvJ_4g

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:15:37 GMT
X-Proxy-Origin: 37.120.143.228; 37.120.143.228; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.200:80
AN-X-Request-Uuid: f6f1448c-ab16-40f8-8242-aea1892f654d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIoiVRiwtoKl9VyQEPNZX7A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A9CF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc0Nzg0ODEwODE1NzMwODg0Mw%3D%3D

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc0Nzg0ODEwODE1NzMwODg0Mw%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:15:37 GMT
X-Proxy-Origin: 37.120.143.228; 37.120.143.228; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.238:80
AN-X-Request-Uuid: 4e170ae6-c726-447c-9a38-2dd4531705ea
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc0Nzg0ODEwODE1NzMwODg0Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 6D2B 176 KB
61 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 13:57:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22712
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 May 2021 13:57:05 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/ Frame 6D2B 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVZ8GaWxF79cOZJ8wRF50rp-wE0tVb05aOUz_nBI27f3zzMNSek2Lq9WFndMDF6JLddk2YQ12j4LJ0R5dg2wwWZfOJrBCkNUH76vBCf9kbZc6Jo8COO203TUMcoKX3jKv7-vgrEnyunm1c2rbUnJnarS8XtQ&dbm_d=AKAmf-D9bhe5ZHooCrrcigPkgIk-bPM0gF80xOs7Fj_9rOFqeFp1Cc0aEA04LOhlmAO2VgRU3C4ZFlO7m84mU8F-0CXyzrMv30Lxx6PCUv8ddnFsJZHuGOsR-f4T7kUnp_WNRxD-kt37EWl69_e141dvK9Kgu5yFHN7Z0cITGrCAAZciTzsx0U5QmYMvahrxI1ThzDb-RCHitu5B2XgNCQwQSnLGzx35erbyOJmmihZe22UDTHpGlzlCuOmMubazC9Iw5MsUvLqphmvwypoXYXMKUe2fJKXBPR9doo89EmR8A7pFgxrMgtM9UYpWhkH2ZaUU4ymq6P8ijFYbYv6Hu9UUljnhyFVzYtD-tA985Qa08mCnMwWKy3-8RqkQztg7_rl-UPRZFQcDYNwXS1dEXWVyDg2YuhoigLTjfqg45UIMf3rlUzDADywh7fLy4NKVRilcczoMnzGJBOKkxNRPfqqmaoS1GazzKrrA3uNlvIeA1XAWOy_a2-18D5LeTtcKGmLoecVb21xhMHs7Y1yYYb96KZ8TO_5IC0LDv92OI0qeZt1UL-yfhlv-2kiL0olW7uuHcSZHHP3hCdQ9wcArH1keq9Y7Ctj6alqPOjzhUncmRUOjx5LtQVHZQip6WTyQep2aFtpos6t-_-juTKuAXg56MKsBAPsPiOd_wqEhLVRx5JNpZ8H7_PcrEXeHzI27GYBs0SIRUnd1eC6msVyt1M6Q1sj5zr75xira3cuU8Xti7mYxBvDL2k9OiSxGE4MG8PLXzXIwCRLyTlFpdt7zjfbRMyWJFaQhZeyVGI4eOT4hg3n8pffxczpn51MymoakZNvhes5sEkSKHDMTicNp41ynjYrNRuZDEEuRxmbjHDxIKBw0aiLBTM-pvzJ0Pv2P6UKx0wrVcLx5z0HWnV42_BB0qpaK4MA6VYoyS4dCYkF8ygk4dsxjhN6r_fCFwXh8_AzVioIk88atcySSlJcAqrGpZPN187nC4j2zoVxCgabCKbfwGu-_1RQeATgVjKSgq58apbazX9vP1SESBI5ebDvPrFH8fVMDvlX1uqKXK5RgqkWEnli2zY5jpymEsspL8er2Gn4Pt0I7SA6t-zCqNdBuXnvgLNRMJXS9e5cCkBY7qvsGTYkTwfiwdkhetJ1S1LcaXDKh7jqeThtPVQ0hsJwHdm3auYvSZL9iRr4ytZQm9Zeoehdo_Fe8b9RbPv3_BIYYfXNQT69DnZ5SgjMGx958cUgBxfYpKpny2oqHZTJ-zsusDzSqSyrDEvFSWZz-SNODBxM9ioziHX5ImhBO9OrO8HB5ngqL24Dl3PGAVMrJbOH4qvstiCGkpmNk_Ldoo3iDHbiZQgMKDZzIAx3Jk24zCe2o9UsdJu4u2kdFdj-Mrwc5EdRIVyJfE9S7usdshRZ6kk0pzkahYSqlGPUyNHViGsmcA7KEDkQDMxBcdP7L6_4vnklbEnHajOGvHGCC9yXMeGs1rasijYihAKTUF3nVaMl8MmxPkohwTirH-Haa3vYpHfJ_yDAqkypl1IkiP7KBwJZVWuc9OeaQk27nSG1aoKU03AtNB4ptPVjs7dHJEmd-MAKAmqSAkNYq-FzdEkib62n5BM0YDVgjUurxe4OJw8dWVH655oq8UByDt8N-9Cjexn0ws9NN7DY5ifi1xnDlxpxmpGnTFZvFjoRbiyUNCkFvEV6CLLYW5kJFqECz0tojz5uigIffpD_yUL-eVR5IFhv4SrJF36xUKeOXO9DTEsqIA2gKwDiumS0ZpnJ4y3DBwS8pxAjq-FiOpT2tgTafHBUwvgsSEqb0U_-Ozvw_azNicwv9SISJrbjcjPXAzKH3-leGsqaz0xWRqzyGotBw-1LADcTQzt6QkLOwvFLx1OEDykIErpjhKWdpKLKFs1pKyuzLdNGnM57xRpw1j_CCm9BZMPi7LWznG8EqD29QkPbhjRVacD7PhPzaPsaYUp0GWVltRrvrzQI2EH5Z_ScXAmrTiMZL0-SrEDwubaP_vSpf64WFI7fjvtvichOWaik92VwYNIV9Z0psT977mE8ptP9PzqmRerg5xLS6dv2zRNtCuSFAGqs8i5lHmAi0VOH83MoeCUFsYzZyPfc3NG9-8cUT0zK5ODEjS47x2cfdzHp4vCUSZRL3i2dfryjiqgNj5NpCHXmZ5-_VxdU1GM4vYUdzR5Z3_iHosPSxErq_YJdfWp1Ho5uCDLQdseBpar6uLZPplFUrwPAEVYkxKAUgaaoCkzgpDwVoJPIUeHZIeZhmGX3CEfL4aDeY92ygGfnmjevZHBs2G2v54rMlK90Q2v0gzE2fGtROnYd70liKzymkt8VZ5jQ6KwAvUNIbWhfr4JQHm3VgxjH_fLa8WP_HGPsDIJK_p68SS3F4I2EWJwPfArHYbe61aaKKTscEp3GRTmkGnHOEjD9zYv_MKo-SYA-ZODxVUr28g-7YpvMxicSn9fHd-17-_gbyUenEkkw3Z6mGeSuwzQUO9dDKjB0qY8GGCNiRI8DRQ9u-uJ8aP-oZ0TFixjQW696WwQF5EyLAcZDTJ_WDweMh21b6gCV0OvVggeA6hBTwf0LGNr0Ua504Izo-KNO_Ru23J77f7uE6eXeS7iJebQd9F-U46mVl9gfORZhEqmQHK0b4tldcp1fqJMdlD59dS7_96HAc7U68nrnp4unxIN1crR2bvrteZniGP6GJ01UjS8_RU0xMwElCa3sn6tjbaYF2EihKSC1bVp0NmsNB0vdlnA1p0XRzJLuzLi_NttaaGLqLek7xu06edwsXlWdO7S35ZU8h9FAnE3nlp_dUUvQ2CJTUpXLtxdtWJF0kESDUyFNVdaUZ88o1ZsrJ9pK-ECbLFqBAlViQEd5dUfIYDEp-TZEzc-SSfMRnG3j4jIc--Y4BzSj8c5SQDaDs0_7dAVTzVqSrfeTFT95lkl1BYMRW-eP-BHp9ACiBMrz0UJV6f5Lr9FH6iM_KpBG44vkrZ_uR03BWm37TxmKrauwLUC5vFTvOklOlWBSGW0GFgj9rNG8LCbqgNq0skeSLF8jsOnw4r4wdFrhj2J0jGXXjf45H_nZLYCiSPJVP6kCyeEbeUKrUccRpsBVzrtYnzocuKBdUjIjYPtEXu8EEvkrx-v8CjT_jueDqELTX7w8XduXtCAzxpTA-Tir8ChCM_g&cid=CAASPeRoehQfYMIzf_gweheYQpPUmzlDJfidALz_ijJ9SYVt0qFVbrhH6XMqycDXAxFfwkaUBxuILHHZcvGQKMk&rfl=1%2Chttp%253A%252F%252Fhesapmakinesi.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:13:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:13:54 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/ Frame 6D2B 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f6579b2c579aa6a2e089f3d0f7beda646657ccbc948b87d1c3ff972bd05fa4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8628
x-xss-protection: 0
server: cafe
etag: 13656602236642303355
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:15:26 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6D2B 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 12:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27488
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 09 May 2022 12:37:29 GMT

GET
DATA 200
OK truncated
/ Frame 6D2B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86d84f7d29faa53245710c3e877f9b574eb227fdf619ecda00cd4300e7f0b799

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/ Frame 7F9E 7 KB
1 KB 14ms
14ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26685c4f7d3edd42da885b90f9eb7137518aca3e36e0d8b3b6d0e6c4d23dbaf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1251
date: Sun, 09 May 2021 20:15:37 GMT
expires: Mon, 10 May 2021 20:15:37 GMT
cache-control: public, max-age=86400
last-modified: Fri, 27 Mar 2020 13:17:07 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6D2B 0
24 B 99ms
67ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvPfRz5_hhOzQvJ2QxHOjJDAIWK6zsr0lsLzqLJ8FcF6pDacioPaDe4SSATnQWX-OBrY5mOrQ4FAaSwdypGpR_aF4GpXNqR5UeQdRCZmIkky1_BYd9VoZXdJvnwUWYyEzNVoZpgBeAor6RuZ1undPaaycVoKgXm8FfAoIIuiDDwGyaMKs5tp7ZCwssl9IHKuSrdksrPdaOkvk5kGdF3YvXlH2pCYpnDn4BEMa0DPBFM3BTvfP-EyVDHVO1LeoBJcj_Q7tZeVR_0Dlq9gQUsbuGhsq2IVN3pzqWCyRR05u62Af3cxkn2La32feAmFP28GQ8wsdL77XEMkv9-uNDiz82rVU3BvueH0AEUZ05O9LCFQEnc6b12ZBiqxG0polYDC4GQxDCe0AXvpxB5Tpx5uY9mC3AADl73I-HvRVND4qu6k-ogBvP7UCE4B_MhhPwY7q_btkWCadQC8fYPyNQqV0HTKwJC-Y0uPMXymXshDIWPlU3HTHeZVe6_Iyb7F0RxrHt3VK9bszp8C_GoX8_pQ2KmiR9FirUYGRIR5iefQsM1o3ztBw_auuz-583YZD_WbTa8keGgInvPgttrUaIiLIf0cvITkGjCdIUmPgBWIFn2cubFE9og5RE60w2pt_7bQgGvltkZ-HwdARJbZ9VL6FpcIp4rrwi2GmAGOir2H5kfRwLFofFHcq_QHtx4ggVo2SjOZKvSVH-qXkPB-mIOqo1HlHps1yzFGKhmEDob5Gt7hOPyaahA3nbiTJA7fBnUre1Zp6VEg9d7n12IoI7gzd4YHAi-uQLrVt1BWXoJ-rU_MstNvU14kgHmjBiDInkR3RMzZqBTC-7yr0K2d43ZMVCeVDQQwUEHFzMBZ5jtTfmsCXkkzVIsIEV4YppqSioqFsr0Dt-9x0ViN_PrBwtoLreFCAXhQ3f8bMrZzLNVLNxD8RqOUYI1ZyWOPwiTtBYXd3w0TMt--bi7akTZyzVj6-qo1Z6ceTqhIeWyZM7srHIowFJEkmQXlXIaQQEaoyoGM2QZTVo_IjaWGwqOsIeNYjZ-Ha2keJrkgQC82F5-DmSVU_oQbGjC4mHIceqPE-3AYGam8R6xWPjkmk8dCfS0buUH1zMq7tEHdegV4aN88JAnex64O8RM_RAN07VKMpAlLg1SobTa7EOeJOmXisn5ld0sg4yraPmi14Tg-jSk7HV-pYGk-zqEwEV6-UExni8OPHkdVjjOWwMD3fg_HhY7_cBW3R_Awxruid5VH8I9yZHmCQ48yonMytc&sai=AMfl-YSeKiiIF-PiGCxHHyb0titsxflVY0ymz7pbzI4zWmGQJtq0OaD5Sv7K1JM-8b20x2XNNAMxpRCFyWh7EA_cIzpdGCkcBfJ9W9t1p_AateKzrS_oVCNHwFlx1mkelj1Z4rzRRd0tx_3gbz2Rddw8wf-U3SP0nC0CFr6BeCGeBTIFPpnRIL7pyFRjI4j0LCBcyydb0_B7XNntmNfoEU8-ueh5mvVRxWRzMs-nBwP7qA&sig=Cg0ArKJSzBfWgw5h5GilEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=66&cbvp=1&cstd=60&cisv=r20210505.55365&adurl=

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 09 May 2021 20:15:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9671 22 KB
8 KB 6ms
5ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 09 May 2021 12:37:29 GMT
expires: Mon, 09 May 2022 12:37:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 27488
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 15ED 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BaCo46EKYYNG6N8Ht3wPeo6qQBgAAAAA4AeAEAg&bg=!HB-lH1vNAAYP3QOmD907ACkAdvg8Wu4eDTu04Xk4qdxJwH6Dlq70OVoLuMaNE3BAhFad_fvUmmTtIAIAAADLUgAAACBoAQcKAK1sfitT2478n6CvLMGOi_QdoiTXepCqbCQWgiHTLCl5GTigpvoB9Y1rOPsy4WCDIERM4cbErsSsJ9Qs6Xt1U4VokxU6HwqqsVAPRi4hBSc8Q4QqPBzs4cEB1zD8hrrkqgOZsYaNw2jwYrTYoc_fiPXL9zN26S0ShcTe1_r2-MKnM7zMGmh9rc8_73jNVv4pvH-xYQra4HTbvdm1NxzYotBfjtIO7rcCZCzBTeUEypkCjUYdVaENG8BE4VwEOtG2-MApT66cSR5vg7Zg_D_E4vYnsiQCgmGKu3BfYGp02X1DHaWshki29YoSvj6AS4xZyLdmnbfeRL6YOyF2IWtnfbDx-XQtWqp8iB2rGLim-EhsUTdXOX2hN28XJXC92o3wEmQdwu5aFfq5zLKIDGgpk9YfK94B8VqGMQSZdijra2hmUDJ5Sya_dXJ5Q1RBbvuqdcer2Ge5jCsGb9u3HuJiKNetcy0415dhku-cM57NT5UgJkTE_AEYR3oLTj6q6hLopvam6kSFXjSk-VkAUs0fFArtqyMkAdgDXjdrp0N5EPiMe4g_7uV9hulV5MpPKGCRuljqywCmnduK9LPoX2GCXPGNM2L8UHlp6chmUkZWbazAL0kXAJ9tLyOL4zZd5twpqDBRV2YfG8iV-V3kiq7VTYCC9CXkTOfSTb3SUM-LXN-0AGen3Ha-fbxn3_rrI6cynIRblISrFOn6flcOE3rog5y01voTnSxvUvH0owyJ9_k9YyafOlcBNtUbsPzlkzQQzlFDgkbbAuMy-WgojUO26J-672-97-sBsvydwkw1a3mdPdxykv2bp0TR23rHgPLfHe87n4JzlKWoyPtOF4e742HRRuY4qKBpIj8rRwk2paGCrsIGZVItHbb-IBDwrvKMQChJiLJovOaBdQ39Rx5aLAeybwHqONhheeoBuNkVb_Xz8KTPqCzne_ty3rzGvEu3_MTwKNJy39sHFZDjDf9rH3jurJZzUViFQPq8ABbB2VlxzzMv7zye3RWMCOwavJqH_F1wRsOlAlS2wHu49ivj1th6-vpwRBGFk8wXeTRs9sYTTjoYcmUNJxzvpZCQRH51FDq3dj58DVsKFFGpdpkd

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 styles.css
s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/ Frame 7F9E 13 KB
2 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85c97b0c7662dcd5b594d32792149d9d95b832b21904e2827d7c5101f8657606

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:57:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4666
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1924
x-xss-protection: 0
last-modified: Fri, 27 Mar 2020 13:17:07 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 May 2021 18:57:51 GMT

GET
H3-29 200 Enabler_01_242.js Show response
s0.2mdn.net/879366/ Frame 7F9E 107 KB
37 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_242.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7effa4abb1004ac11058d1fc73b1ebb9cbf993bc96dd96be50ba81ba895bd69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 10:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36228
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37452
x-xss-protection: 0
last-modified: Thu, 06 Feb 2020 15:49:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 May 2021 10:11:49 GMT

GET
H3-29 200 tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 7F9E 112 KB
38 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38407
x-xss-protection: 0
last-modified: Wed, 04 Oct 2017 18:33:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 May 2021 20:15:37 GMT

GET
H3-29 200 script.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/ Frame 7F9E 59 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d735cd4dcb7f78f885ca2d4af945482c9109bd05c07d1b0e65c74ffbe3aab961

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 11:32:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31414
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7358
x-xss-protection: 0
last-modified: Fri, 27 Mar 2020 13:17:07 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 May 2021 11:32:03 GMT

GET
H3-29 200 close.png
s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/ Frame 7F9E 1 KB
1 KB 6ms
6ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/close.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf35104eaf1a29228a8d804c7d84583c89fae218bfb1f418ee91bb2ed44e7253

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 08:19:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 27 Mar 2020 13:17:07 GMT
server: sffe
age: 42967
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1242
x-xss-protection: 0
expires: Mon, 10 May 2021 08:19:30 GMT

GET
H3-29 200 h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js Show response
pagead2.googlesyndication.com/bg/ Frame 9671 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8786ea05fcdb361c9f5bf875ad59965c141a27fcc7b99c6462a76ab35180dc5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:40:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 03 May 2021 10:48:00 GMT
server: sffe
age: 5692
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Mon, 09 May 2022 18:40:45 GMT

GET
H3-29 200 container.html Show response
0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5260 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hesapmakinesi.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hesapmakinesi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sun, 09 May 2021 20:15:36 GMT
expires: Mon, 09 May 2022 20:15:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Interstate-Regular.woff2
s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/ Frame 7F9E 12 KB
12 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/Interstate-Regular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/styles.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1824a5b94661f2ac4c70d728fb803f8f9d63cfa09e0a68789ded3bb76a6d340

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 05:48:29 GMT
x-content-type-options: nosniff
last-modified: Fri, 27 Mar 2020 13:17:07 GMT
server: sffe
age: 52028
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12400
x-xss-protection: 0
expires: Mon, 10 May 2021 05:48:29 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6D2B 0
23 B 60ms
60ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:15:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0AE7 640 B
318 B 15ms
15ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YY8NzgaDAB&v=APEucNUBMleg_7O6FrITEziTBG0u2rihrT7JMVgjMy0q_xCek6e99VdQXNOp-c8n9wnhO6ie2G3YI9ExFp-H93sArk_buxkd5kcgaDdX7AVeCGXs0v0GuHvbT76zDqCLVpu-6EtugZgo0Tf3p16gKLdZ1VVaoVHXKok6oeujyhogLKLKyH1Nym9h4ZYA3TYpDELcUFZLU0JsoauCFiLLZI03lwKN3GHNZg

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CInSVRCfg1YY8NzgaDAB&v=APEucNUBMleg_7O6FrITEziTBG0u2rihrT7JMVgjMy0q_xCek6e99VdQXNOp-c8n9wnhO6ie2G3YI9ExFp-H93sArk_buxkd5kcgaDdX7AVeCGXs0v0GuHvbT76zDqCLVpu-6EtugZgo0Tf3p16gKLdZ1VVaoVHXKok6oeujyhogLKLKyH1Nym9h4ZYA3TYpDELcUFZLU0JsoauCFiLLZI03lwKN3GHNZg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk7NrMdlOsEvcNep9b0SZUdQ43ot8j60UEcGV1pwczqfpSEyBGIguEbcyybDm0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 09 May 2021 20:15:37 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 09 May 2021 20:15:37 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5260 48 KB
23 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ApmePEMoZruOPiSI32j1D67qzkvn70f3lAF8eiJ3pf6VDWD0I0zUJW-j-jSYqFMeid1M-VpS0GIRvGIdJPKJF28wiLTsUGup2U7Cd8fELDsAhywoVVXfJtGovJyULq_SCwlNd1WRMGoMsQ1-L9i9qcdPowzg&dbm_d=AKAmf-CwzwrbYuuwYD66aK1o31nDf6bMnmoiY4IMFLqYxDvkXEPp9AbLetEJHtVExnIiG1o8T5UC6IXA_D6_44_wqm4OZQiKc7US6fUkuDKN1JLj1s5uIjIJCaN5Axhsdq_DiGpZCpQrhCa2q1tbyZ8G8cVzkij1N-I0cM1AwEWl10Ck0t4cBm5D-h7_SV6FrFXCDjzxFQjGkl2AXTQ-TuWuW6Zok5Ws6KepWczOp21QDVWE52biKHM-u2nS6HwKMURW20Bl9xzLicjbog5Tyn__bqlxQshEF3feLyg2Nt8tMd2AJI6BKRAC7wxTg0slh2RbdLDHPMlKJgaa7SMDFyjE6S79g5ErVWqlrvMidOq0nzkglj7WHh1XI4LsXRW14Hv7D95RtDYoCCTS7zmcl-Wa4pnvnbLaZDO0bs9npfjme3HjqgtCWtUyLfy3KbaupXzKhnUJCFBn3MH0VpLGup0StBjL4Stu0XcdoP-Fj3rlGAb3Y6JB-xyNCjdEvmUkPqOkgLctioB58RlUr2kTbw8AX_xHS3meMz1siYAXZplrOKH5IAHJt7FB9ZgAVoGj-IEJnUDnsR6Kq8WbfJR4-2ZfrKM0q5DKiIqtzSH8x5gqXLl6hUjFE6qOTnEeL0upigYiBdyej5yVJ4eNP5h1ArCQLd0EZOQWEFmi93LtG--vbQxTR6wBMqirJK02kC9BvhkFvAdVDYMYAeNOzBr5FcoCDesYmksUViHg_YxVUNZwaor3fmRRhMlRptfqQxEm1Xp1JkE40cwY7yzFtvgQBdRQj0CsRKs8tSFy3SvoI3RqjsnuDFRZMfb1FYnfrbV8rTkb7o9FZ5eFJuE5emMtEZxrhWt18Lokep5Bt0T2bimlxhnHpmyLnsSzJMeXe4ZAd4Z47WOZZ6ACMNWKyueO29G1nUJwe583tFEvJgRh8OJsAwN5vd8o-SAGNWZfYg2IrGKzpGvjplD_z9f8bAOq-QQOpv7djEkjFYQSwwGxPt5XS2TUNMm-lbSfEd0UYDYxra1YhMxLPIORJr79CgjUCAGh8cl4n1Z3GdPWES3kZKEkRkJdt4hKv4PrKAgjMb2dZYw3DeRR2sDHPfFQs44wyneJjKs73Nkb0pchh6MlwgffARwuZCuMlw7hi0vXuGAt7-GWbDJV9xyt9MYoWq5y3eJCpRux6UO25hTZ-A9cLu-Z8gv6q9YHpMYIBAwmNLiCo6s_URmc5LZtOV1bE2NbiUbcte_1aZ6_7XY1Ybqvb-K50LGmYFc4x_27_pCUNcJP87ybGBA33Bi_1xyTM-kUpSVojpBWH8Pj9sahQLoiGJ-YpAGhx1h6eEvO2rExq25ksSnqb1uoQi0ClJOsa6sFXPQqauFvo16YgqH_DN7rNiS1FU6Y0hNqwO5SYZzfuz2DjGQMgTEtXuiX_hSL5B7BT70V4WAuVf4QBHi8ZmmK3myvAIf2tYUGgCZlSS-p0tpWFc3vEiR3h_g1Rew61_PnKjkY22oT2dtuK_ki5TSOwUfjOwvRvf6ebXeTj5RkdVNDiP2WgZ9O4LooR4sm1OtHirUsizGNaSXtAVoEJLbkjFpmfMz-ds-t3zCTd3NDFKl2UV9S4y4ZGEQbMK-L6nDJXqs6UzYBzAf2Adu2eL68TM9uHdFItVGZNSSjmNgWo3rtS3WdrXyZDwGLYHz_H2B_qzrr5SMsnChAH2KmjdRHIZv2ASD4a5TJQ972LF_HN_mLiMZ8V_K95O9LiddhlKu1CcZ9fdJghYl79gR9TddRJkJpZ6TV0PTbEP27QCY6zUFGkzuiEPL1js3eX8_AgmS0ohQAKSDF0pBg2lhbf5fjCqA5FUUR7wkEE2OWAjmuKgCE9uTS9tZimCnA1f1e5K19GqaU48NR0nfra_Y_sDMokkAldayBBUHLNHEtTE5peL8o3su-ddiTPk83LUMBdBqwKivOrKGCduAjHM5fXv5NMeIAuoPZNVgBKqIALimthq40gB5MJiKXczKlJnHmDGY5izzlmawj_DZDRZGCdtZrTopCpSFgGRRUCrRL4jBYJswGxN0jaU5j1IUVNvY6oYKvXM6sYUC0xfgNtgoaAP-sJweyX4TpdebsSy5GRtyKNIGZnafYJ2qmydhowoG6a1Kd5nxf44qgOwDNqC72Btbt5qL4VbqrKGlxINAOrzUrS5rQmh2p5-2w70NOHz-mrBW_UAyGmWNvesFoSpLTtz8F-4quq36OC2rFrCzP8PY3u46IZ57cKKGSCKip-dgWVkUT0icqpugNYOCYJzkajL3g2zTpf9lQfo2H2M7jc66Bptc_5fDlnNcZmVH8tDcclxSU8j9_q70YcFQLWF-0nXDIVl_lyUe0mgSlQAj39y2pgGrWkhdZRkAY4av4u41-reM5ejRGI9ovx8tO2fCOIwtvp2oQBo9d4zHm-D3YCzUmci31176sg4p1rdGIr9lXTRG_OnJ4AjU6tqp1xr7jY9h4cfbs7HSZ7scrc8r_VMs6kryXULFOcPfhcyof1uGMElcMBcZ-mYV0OYMm-P5Z0I_lEDkx7wiRdunxuhTiDRhr27egCVrK_v8NPildjfLp-jX883VuKEASYKjqF0MS0CcQL3V88q79gtShvTQk5Lgo_2bScmAnK4jYxUUbRotf8uxhHMZ9WzO52_4YfZVkOWLP6mvr-6IabHipie13JyOT5rAlpHO8qLYkF_duSqtTkmrXwbv5ax0xvf1QiFmPmfXHwMyKi_sSRaW7PcDZIvx4AtEiI1u0q6vWPTckVnbrzi_rhI-eXBlbkwVhD4_x0olVaOGwEmB9fy5MTmbTvx1AL2er4Xp6vxgcFCAp8aKldghRpzmCSuQyU25hUBKwt_yZlYcjRng9JZKERLiyC4H8Vdvzyj2te53Vt_pDQqlkXKABFiM50866ORZwswzEnag29IpKa3dNfWq-Tlq1OKlvSaufRv5SUo6a9t66pfHtstkhA1M0UebPI-uGLiaoo-f6vKSkWTBOLAeO49_A8aS-kCLh4wdBG82VWSEfB3sy6fULcN6Vtfm5LUk1vpdycm5iAlZmA_8pbcfc-rTiOWM-crgqbU41rtUmtXtUWz1bUXKrkLjqBCdiP8iHFceqy1Nz0ibVtTstGeLHeGvH3WWY5dnTwtV1xPe-B-xjoY8bfwklkoFJJmFqdMWWdjAwZl2WV6WlZRs0FMbI7TaTrF6kWWfcVzEyUGLEsPsT&cid=CAASFeRoYmFGjdpCfVAE6A4esCofK84qHg&rfl=1%2Chttp%253A%252F%252Fhesapmakinesi.com%252F%240

Requested by

Host: hesapmakinesi.com
URL: http://hesapmakinesi.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7011f50de61c90bc6fdebea5cbf260398cc56948c0d3fb2f1ea7034a3745202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23219
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5260 42 B
63 B 40ms
38ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AhVhJZN9OTO2hzEUM9wc2bXeXRpaXR9AhHOYFSketAQs5no0csV6KYNl0UfLGkq-qeYNM4xwYl1wo62j6ze9HexAduPCwW3ZImNAJrsLVF8oEkovg

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 5260 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/window_focus_fy2019.js

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:13:55 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5260 116 KB
35 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d0699772b8ca80d6ef1ac55871141afd77cda372f15f1a97b74b41dae70ab25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386788828326"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36100
x-xss-protection: 0
expires: Sun, 09 May 2021 20:15:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 5260 13 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:13:34 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 5260 0
0 15ms
14ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSLZ4tkG1V9qSGk9JD0qccb5eP2ClStOElVHCweQqejIV5jSNJXESrbrABlt852DpydkIcP17Wacemy2Qo08mbtvQixqw
Requested by: Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 Interstate-Light.ttf
s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/ Frame 7F9E 35 KB
17 KB 7ms
6ms Font
font/ttf 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/Interstate-Light.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/styles.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c186aa6432df74fd9422fe9dfa5093980d7298522b8033f0bf9e6e30dc7337d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 10:03:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36741
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17468
x-xss-protection: 0
last-modified: Fri, 27 Mar 2020 13:17:07 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 May 2021 10:03:16 GMT

GET
H3-29 200 Interstate-Bold.woff2
s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/ Frame 7F9E 12 KB
12 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/Interstate-Bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/styles.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6206f080f99a1e0a0d9347dbbb35b7a2f7d088e228cf434acb6ffc2527ef3acb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 08:24:57 GMT
x-content-type-options: nosniff
last-modified: Fri, 27 Mar 2020 13:17:07 GMT
server: sffe
age: 42640
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11820
x-xss-protection: 0
expires: Mon, 10 May 2021 08:24:57 GMT

GET
H3-29 200 60015939_20200327025622481_invesco_logo.png
s0.2mdn.net/ads/richmedia/studio/60015939/ Frame 7F9E 4 KB
4 KB 7ms
6ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60015939/60015939_20200327025622481_invesco_logo.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdebaf746a826f84833701c56ce109d323efe505d2ee20958e963872cc242b0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61428569/20200327061707249/index.html?e=69&leftOffset=0&topOffset=0&c=GEU23YPLcu&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 03:57:26 GMT
x-content-type-options: nosniff
last-modified: Fri, 27 Mar 2020 09:56:22 GMT
server: sffe
age: 58691
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3870
x-xss-protection: 0
expires: Mon, 10 May 2021 03:57:26 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/ Frame 5260 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ApmePEMoZruOPiSI32j1D67qzkvn70f3lAF8eiJ3pf6VDWD0I0zUJW-j-jSYqFMeid1M-VpS0GIRvGIdJPKJF28wiLTsUGup2U7Cd8fELDsAhywoVVXfJtGovJyULq_SCwlNd1WRMGoMsQ1-L9i9qcdPowzg&dbm_d=AKAmf-CwzwrbYuuwYD66aK1o31nDf6bMnmoiY4IMFLqYxDvkXEPp9AbLetEJHtVExnIiG1o8T5UC6IXA_D6_44_wqm4OZQiKc7US6fUkuDKN1JLj1s5uIjIJCaN5Axhsdq_DiGpZCpQrhCa2q1tbyZ8G8cVzkij1N-I0cM1AwEWl10Ck0t4cBm5D-h7_SV6FrFXCDjzxFQjGkl2AXTQ-TuWuW6Zok5Ws6KepWczOp21QDVWE52biKHM-u2nS6HwKMURW20Bl9xzLicjbog5Tyn__bqlxQshEF3feLyg2Nt8tMd2AJI6BKRAC7wxTg0slh2RbdLDHPMlKJgaa7SMDFyjE6S79g5ErVWqlrvMidOq0nzkglj7WHh1XI4LsXRW14Hv7D95RtDYoCCTS7zmcl-Wa4pnvnbLaZDO0bs9npfjme3HjqgtCWtUyLfy3KbaupXzKhnUJCFBn3MH0VpLGup0StBjL4Stu0XcdoP-Fj3rlGAb3Y6JB-xyNCjdEvmUkPqOkgLctioB58RlUr2kTbw8AX_xHS3meMz1siYAXZplrOKH5IAHJt7FB9ZgAVoGj-IEJnUDnsR6Kq8WbfJR4-2ZfrKM0q5DKiIqtzSH8x5gqXLl6hUjFE6qOTnEeL0upigYiBdyej5yVJ4eNP5h1ArCQLd0EZOQWEFmi93LtG--vbQxTR6wBMqirJK02kC9BvhkFvAdVDYMYAeNOzBr5FcoCDesYmksUViHg_YxVUNZwaor3fmRRhMlRptfqQxEm1Xp1JkE40cwY7yzFtvgQBdRQj0CsRKs8tSFy3SvoI3RqjsnuDFRZMfb1FYnfrbV8rTkb7o9FZ5eFJuE5emMtEZxrhWt18Lokep5Bt0T2bimlxhnHpmyLnsSzJMeXe4ZAd4Z47WOZZ6ACMNWKyueO29G1nUJwe583tFEvJgRh8OJsAwN5vd8o-SAGNWZfYg2IrGKzpGvjplD_z9f8bAOq-QQOpv7djEkjFYQSwwGxPt5XS2TUNMm-lbSfEd0UYDYxra1YhMxLPIORJr79CgjUCAGh8cl4n1Z3GdPWES3kZKEkRkJdt4hKv4PrKAgjMb2dZYw3DeRR2sDHPfFQs44wyneJjKs73Nkb0pchh6MlwgffARwuZCuMlw7hi0vXuGAt7-GWbDJV9xyt9MYoWq5y3eJCpRux6UO25hTZ-A9cLu-Z8gv6q9YHpMYIBAwmNLiCo6s_URmc5LZtOV1bE2NbiUbcte_1aZ6_7XY1Ybqvb-K50LGmYFc4x_27_pCUNcJP87ybGBA33Bi_1xyTM-kUpSVojpBWH8Pj9sahQLoiGJ-YpAGhx1h6eEvO2rExq25ksSnqb1uoQi0ClJOsa6sFXPQqauFvo16YgqH_DN7rNiS1FU6Y0hNqwO5SYZzfuz2DjGQMgTEtXuiX_hSL5B7BT70V4WAuVf4QBHi8ZmmK3myvAIf2tYUGgCZlSS-p0tpWFc3vEiR3h_g1Rew61_PnKjkY22oT2dtuK_ki5TSOwUfjOwvRvf6ebXeTj5RkdVNDiP2WgZ9O4LooR4sm1OtHirUsizGNaSXtAVoEJLbkjFpmfMz-ds-t3zCTd3NDFKl2UV9S4y4ZGEQbMK-L6nDJXqs6UzYBzAf2Adu2eL68TM9uHdFItVGZNSSjmNgWo3rtS3WdrXyZDwGLYHz_H2B_qzrr5SMsnChAH2KmjdRHIZv2ASD4a5TJQ972LF_HN_mLiMZ8V_K95O9LiddhlKu1CcZ9fdJghYl79gR9TddRJkJpZ6TV0PTbEP27QCY6zUFGkzuiEPL1js3eX8_AgmS0ohQAKSDF0pBg2lhbf5fjCqA5FUUR7wkEE2OWAjmuKgCE9uTS9tZimCnA1f1e5K19GqaU48NR0nfra_Y_sDMokkAldayBBUHLNHEtTE5peL8o3su-ddiTPk83LUMBdBqwKivOrKGCduAjHM5fXv5NMeIAuoPZNVgBKqIALimthq40gB5MJiKXczKlJnHmDGY5izzlmawj_DZDRZGCdtZrTopCpSFgGRRUCrRL4jBYJswGxN0jaU5j1IUVNvY6oYKvXM6sYUC0xfgNtgoaAP-sJweyX4TpdebsSy5GRtyKNIGZnafYJ2qmydhowoG6a1Kd5nxf44qgOwDNqC72Btbt5qL4VbqrKGlxINAOrzUrS5rQmh2p5-2w70NOHz-mrBW_UAyGmWNvesFoSpLTtz8F-4quq36OC2rFrCzP8PY3u46IZ57cKKGSCKip-dgWVkUT0icqpugNYOCYJzkajL3g2zTpf9lQfo2H2M7jc66Bptc_5fDlnNcZmVH8tDcclxSU8j9_q70YcFQLWF-0nXDIVl_lyUe0mgSlQAj39y2pgGrWkhdZRkAY4av4u41-reM5ejRGI9ovx8tO2fCOIwtvp2oQBo9d4zHm-D3YCzUmci31176sg4p1rdGIr9lXTRG_OnJ4AjU6tqp1xr7jY9h4cfbs7HSZ7scrc8r_VMs6kryXULFOcPfhcyof1uGMElcMBcZ-mYV0OYMm-P5Z0I_lEDkx7wiRdunxuhTiDRhr27egCVrK_v8NPildjfLp-jX883VuKEASYKjqF0MS0CcQL3V88q79gtShvTQk5Lgo_2bScmAnK4jYxUUbRotf8uxhHMZ9WzO52_4YfZVkOWLP6mvr-6IabHipie13JyOT5rAlpHO8qLYkF_duSqtTkmrXwbv5ax0xvf1QiFmPmfXHwMyKi_sSRaW7PcDZIvx4AtEiI1u0q6vWPTckVnbrzi_rhI-eXBlbkwVhD4_x0olVaOGwEmB9fy5MTmbTvx1AL2er4Xp6vxgcFCAp8aKldghRpzmCSuQyU25hUBKwt_yZlYcjRng9JZKERLiyC4H8Vdvzyj2te53Vt_pDQqlkXKABFiM50866ORZwswzEnag29IpKa3dNfWq-Tlq1OKlvSaufRv5SUo6a9t66pfHtstkhA1M0UebPI-uGLiaoo-f6vKSkWTBOLAeO49_A8aS-kCLh4wdBG82VWSEfB3sy6fULcN6Vtfm5LUk1vpdycm5iAlZmA_8pbcfc-rTiOWM-crgqbU41rtUmtXtUWz1bUXKrkLjqBCdiP8iHFceqy1Nz0ibVtTstGeLHeGvH3WWY5dnTwtV1xPe-B-xjoY8bfwklkoFJJmFqdMWWdjAwZl2WV6WlZRs0FMbI7TaTrF6kWWfcVzEyUGLEsPsT&cid=CAASFeRoYmFGjdpCfVAE6A4esCofK84qHg&rfl=1%2Chttp%253A%252F%252Fhesapmakinesi.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f6579b2c579aa6a2e089f3d0f7beda646657ccbc948b87d1c3ff972bd05fa4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8628
x-xss-protection: 0
server: cafe
etag: 13656602236642303355
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:15:26 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/ Frame 5260 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:13:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:13:54 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5260 0
24 B 67ms
67ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstzqf8U1fudn1v5b0-Txijzli2NQ9-Ysvnx2HvcIxQfEuERYcVQIUhtMu-835Z-zKHUd-_LwjznKUS8OqUfSnh30o5yhHq8DobjW-4A67ARTf6d0sMzluc5xG4-a4IGRijRNHfFfreUu5-tCfouajknRXZ7i0P2-e5pC9NOqvmHOnrc1tKUh63PB8xbvzZW3wqmqMBpeldlSQ8Lnl_kf43INOpLVJHSMD4n1zgstm_JzFeZ-JCatogxfxAbDhak1x8HkHZS4-Z_bNF5xkWZVSroKRfRTqxy9ctHNshRE45FYW0JLQNIRKepo1J1lYYTEDUiw31FP45CrMhjUynxr5ZcOEKfSC3jcMhGhdNbB5CdKYC_MGP67Sn8eoP3b3Lflqx6NoEq7NN1hVfRhmcWM9hnC6CCICmG1Po1qbr-iUEqnO9rJmlaMVuhjh0t8LFCOMhwgJDKbl5mFzYKuVqtuGFr5CP4WlAHZeLItXPQMEff-GYfgpRlEL8q820iwthYsPz-Z6tsrgv0tVlBe-mgVkWgqRD7KzvgZaKdDXrYWnqAEFnpyoyIqEiyFwB_MC1a8MqpuuQigy3Ujb6H16UeCgKp3MTLjsGjkokytXAoXjYOmTFNI_9wPnWMAhrLWM2xgst8Uynro-02UXmOi3MP5wE-DppeydLhAoFoESCatCVn5mv2XpvhUD6_cwIJChlCMNEe7xpFt5O2ClMdjwlv53XJQDP2tnuF8rMQlMvoI-nkbCxp25A6CLX9094rT_FXeKHrgH2DmtUY1T3SkYXXxwhBUTdEP316quwGYv6xJ8Z9KUfloo6SZq-JnBvU46AhPQhB6byRJk3epOhJgbm710TNsbigUux1UxMdV_DXReLm6MVjbyGeLLCieOIOfBJ0XFSO1Pt71ZZY2geifg-WMnVzd6gpsCrjkiDLuKEl0B1SLfJiRdDQNaHmg5UWcwqvQ0S-T4Jd2qM6kJXZJiaJDtaeGETk519UmOtai5GG8wgZbheSK8j4XX2qlYENhPZHbWLO7Dk-Gfgz_v0_19J2SUPfdLJ5ZDW2rQzPy44OOUKqANJxqLBdO4NYFdlD715JElcJwqmxSFehCURjtje75Y-2eyFzqDyVoFdpyt8yccU-dVRddJ05dNt7-WRrpABqHCFJkKl30qPEi_Rs9UVyvytJaaeHF-HVyi4JOIA2NeCmOy55qJw&sai=AMfl-YQVaZuQM8e3DYAxavSN2xmSQhrT5LTmgaSnNQXR7gW4EOGDfRv9iLTCS_uCxOPPgIo-b4mvndIgQIioputMVLdmORTC2l6S73Hy-TMOp3AxrU9zFpEdHsFBqhZ0BHvWRt3SfTKGs2UVo1mDAjxulFrwzXuZ07Dy_qgo3kg&sig=Cg0ArKJSzDIgU_RcgMwEEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210505.23823&adurl=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 09 May 2021 20:15:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5260 41 KB
15 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 12:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27488
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 09 May 2022 12:37:29 GMT

GET
H3-29 200 01282020-053702847-728_90.gif
s0.2mdn.net/6266241/ Frame 5260 30 KB
30 KB 7ms
6ms Image
image/gif 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6266241/01282020-053702847-728_90.gif

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a915af9057e28b306176ae64c4a1600600d31984428184306a9a907032d1511d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 11:08:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 28 Jan 2020 13:37:02 GMT
server: sffe
age: 32834
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30473
x-xss-protection: 0
expires: Mon, 10 May 2021 11:08:23 GMT

GET
H2 200 img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=23774700;s.a=3213511;p.a=266209541;a.a=461363440;cache=3172013703;
ad.atdmt.com/i/ Frame 5260 43 B
995 B 439ms
417ms Image
image/gif 2a03:2880:f01c:202:face:b00c:0:8c
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.atdmt.com/i/img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=23774700;s.a=3213511;p.a=266209541;a.a=461363440;cache=3172013703;

Requested by

Host: 0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com
URL: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:202:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://0bd06e9cb33e0023433c3603f41e2ae9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: kNhYM2rD3MYBx6998enCXjHoeUrzQw+SCEutcUqUH33EeBjvUlpepGsC7DldeOdrCJuVdQU78XutcqYTXhc9Rg==
content-encoding: br
x-content-type-options: nosniff
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sun, 09 May 2021 20:15:38 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: image/gif
x-xss-protection: 0
cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
vary: Accept-Encoding
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0AE7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGjkwwfsRoDJwaZtve8Hr0A&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEGjkwwfsRoDJwaZtve8Hr0A&google_cver=1

43 B
172 B

25ms
25ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEGjkwwfsRoDJwaZtve8Hr0A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YY8NzgaDAB&v=APEucNUBMleg_7O6FrITEziTBG0u2rihrT7JMVgjMy0q_xCek6e99VdQXNOp-c8n9wnhO6ie2G3YI9ExFp-H93sArk_buxkd5kcgaDdX7AVeCGXs0v0GuHvbT76zDqCLVpu-6EtugZgo0Tf3p16gKLdZ1VVaoVHXKok6oeujyhogLKLKyH1Nym9h4ZYA3TYpDELcUFZLU0JsoauCFiLLZI03lwKN3GHNZg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEGjkwwfsRoDJwaZtve8Hr0A&google_cver=1
date: Sun, 09 May 2021 20:15:37 GMT
via: 1.1 google
server: OXGW/16.206.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0AE7
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmViMzY2NzItY2E2My0yYTcyLWM3OTktOTI3MWI3YWI2M2I1

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmViMzY2NzItY2E2My0yYTcyLWM3OTktOTI3MWI3YWI2M2I1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YY8NzgaDAB&v=APEucNUBMleg_7O6FrITEziTBG0u2rihrT7JMVgjMy0q_xCek6e99VdQXNOp-c8n9wnhO6ie2G3YI9ExFp-H93sArk_buxkd5kcgaDdX7AVeCGXs0v0GuHvbT76zDqCLVpu-6EtugZgo0Tf3p16gKLdZ1VVaoVHXKok6oeujyhogLKLKyH1Nym9h4ZYA3TYpDELcUFZLU0JsoauCFiLLZI03lwKN3GHNZg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 09 May 2021 20:15:37 GMT
content-encoding: gzip
server: OXGW/16.206.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmViMzY2NzItY2E2My0yYTcyLWM3OTktOTI3MWI3YWI2M2I1
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 0AE7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEJRF2fU-gIyRejQSX-HGhjU&google_cver=1

23 B
172 B

48ms
47ms

Image
image/gif

184.31.88.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEJRF2fU-gIyRejQSX-HGhjU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YY8NzgaDAB&v=APEucNUBMleg_7O6FrITEziTBG0u2rihrT7JMVgjMy0q_xCek6e99VdQXNOp-c8n9wnhO6ie2G3YI9ExFp-H93sArk_buxkd5kcgaDdX7AVeCGXs0v0GuHvbT76zDqCLVpu-6EtugZgo0Tf3p16gKLdZ1VVaoVHXKok6oeujyhogLKLKyH1Nym9h4ZYA3TYpDELcUFZLU0JsoauCFiLLZI03lwKN3GHNZg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.88.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-88-106.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sun, 09 May 2021 20:15:37 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEJRF2fU-gIyRejQSX-HGhjU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0AE7
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=Njg0MjNkYTAtOTBhZS00NWI3LWE1MTQtYzU0MDc2NGExZGNm

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=Njg0MjNkYTAtOTBhZS00NWI3LWE1MTQtYzU0MDc2NGExZGNm

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:15:37 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=Njg0MjNkYTAtOTBhZS00NWI3LWE1MTQtYzU0MDc2NGExZGNm
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Sun, 09 May 2021 20:15:37 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5260 0
23 B 60ms
60ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS