m.ensonhaber.com Open in urlscan Pro
2606:4700:10::6816:49e7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi...
Submission: On April 16 via manual (April 16th 2022, 3:55:10 am UTC) from TR — Scanned from DE

Summary HTTP 129 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 41 IPs in 9 countries across 29 domains to perform 129 HTTP transactions. The main IP is 2606:4700:10::6816:49e7, located in United States and belongs to CLOUDFLARENET, US. The main domain is m.ensonhaber.com. The Cisco Umbrella rank of the primary domain is 179990.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 9th 2021. Valid for: a year.

This is the only time m.ensonhaber.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:10:... 2606:4700:10::6816:49e7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2606:4700:10:... 2606:4700:10::ac43:442	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:440e::ac40:9c1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	193.33.29.8 193.33.29.8	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
7	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	99.86.4.120 99.86.4.120	16509 (AMAZON-02) (AMAZON-02)
15	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	99.86.4.6 99.86.4.6	16509 (AMAZON-02) (AMAZON-02)
1	52.25.210.71 52.25.210.71	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	89.187.169.39 89.187.169.39	60068 (CDN77 ^_^) (CDN77 ^_^)
2 3	188.132.147.236 188.132.147.236	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
5 5	3.126.125.87 3.126.125.87	16509 (AMAZON-02) (AMAZON-02)
2 2	3.125.247.50 3.125.247.50	16509 (AMAZON-02) (AMAZON-02)
8	188.132.147.235 188.132.147.235	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	51.89.20.87 51.89.20.87	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center ColoCALL)
4	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1 1	34.255.51.86 34.255.51.86	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:6800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3 4	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 4	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.33.221.119 185.33.221.119	29990 (ASN-APPNEX) (ASN-APPNEX)
11	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1 2	54.171.18.52 54.171.18.52	16509 (AMAZON-02) (AMAZON-02)
1	213.202.235.8 213.202.235.8	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	54.77.7.200 54.77.7.200	16509 (AMAZON-02) (AMAZON-02)
129	41

7 2606:4700:10::6816:49e7 (United States)

ASN13335 (CLOUDFLARENET, US)

m.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
icdn.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700:10::ac43:442 (United States)

ASN13335 (CLOUDFLARENET, US)

icdn.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-stg.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::ac40:9c1a (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.33.29.8 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

cdn2.admatic.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-120.fra6.r.cloudfront.net

certify-js.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-6.fra6.r.cloudfront.net

certify.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.25.210.71 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-210-71.us-west-2.compute.amazonaws.com

redirect.prod.experiment.routing.cloudfront.aws.a2z.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.187.169.39 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-39.cdn77.com

cdn.admatic.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.132.147.236 (Turkey) 2 redirects

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)
PTR: static-236-147-132-188.sadecehosting.net

admatic.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads4.admatic.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.125.87 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-125-87.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.125.247.50 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-247-50.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 188.132.147.235 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)
PTR: static-235-147-132-188.sadecehosting.net

ads3.admatic.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.20.87 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p19.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.149.0.72 (Ukraine)

ASN15497 (COLOCALL Internet Data Center ColoCALL, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.51.86 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-51-86.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:6800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.35.236.247 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.119 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 917.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.18.52 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-18-52.eu-west-1.compute.amazonaws.com

skydeutschland.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.8 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.77.7.200 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-7-200.eu-west-1.compute.amazonaws.com

r.scoota.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	googlesyndication.com ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 tpc.googlesyndication.com — Cisco Umbrella Rank: 128	152 KB
25	ensonhaber.com m.ensonhaber.com — Cisco Umbrella Rank: 179990 icdn.ensonhaber.com — Cisco Umbrella Rank: 159654 www.ensonhaber.com — Cisco Umbrella Rank: 139797 api-stg.ensonhaber.com — Cisco Umbrella Rank: 296037	917 KB
16	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 stats.g.doubleclick.net — Cisco Umbrella Rank: 95 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 cm.g.doubleclick.net — Cisco Umbrella Rank: 211 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 293	250 KB
14	admatic.com.tr 2 redirects cdn2.admatic.com.tr — Cisco Umbrella Rank: 59337 cdn.admatic.com.tr — Cisco Umbrella Rank: 67406 ads4.admatic.com.tr — Cisco Umbrella Rank: 43306 ads3.admatic.com.tr — Cisco Umbrella Rank: 47847	113 KB
11	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 262	241 KB
5	criteo.com 1 redirects bidder.criteo.com — Cisco Umbrella Rank: 758 gum.criteo.com — Cisco Umbrella Rank: 383 mug.criteo.com — Cisco Umbrella Rank: 2668	7 KB
5	google.com adservice.google.com — Cisco Umbrella Rank: 77 www.google.com — Cisco Umbrella Rank: 4	2 KB
5	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 289	3 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575	4 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 248	3 KB
3	gstatic.com www.gstatic.com	14 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 176	101 KB
2	scoota.co 2 redirects r.scoota.co — Cisco Umbrella Rank: 35578	1 KB
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 632	62 KB
2	demdex.net 1 redirects skydeutschland.demdex.net — Cisco Umbrella Rank: 155380	2 KB
2	adsafeprotected.com 1 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 573 static.adsafeprotected.com — Cisco Umbrella Rank: 565	666 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	2 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 7579 www.google.de — Cisco Umbrella Rank: 5383	1 KB
2	creative-serving.com 2 redirects ads.creative-serving.com — Cisco Umbrella Rank: 3847	1 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1681 id5-sync.com — Cisco Umbrella Rank: 699	8 KB
2	alexametrics.com certify-js.alexametrics.com — Cisco Umbrella Rank: 6799 certify.alexametrics.com — Cisco Umbrella Rank: 3855	3 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 238	22 KB
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 13218	1 KB
1	adtarget.com.tr sync.console.adtarget.com.tr — Cisco Umbrella Rank: 5813	473 B
1	consensu.org admatic.mgr.consensu.org — Cisco Umbrella Rank: 83500	432 B
1	a2z.com redirect.prod.experiment.routing.cloudfront.aws.a2z.com	48 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1199	5 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	38 KB
129	29

	Domain	Requested by
20	icdn.ensonhaber.com	m.ensonhaber.com icdn.ensonhaber.com
13	tpc.googlesyndication.com	securepubads.g.doubleclick.net ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net
12	pagead2.googlesyndication.com	securepubads.g.doubleclick.net ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
11	s0.2mdn.net	m.ensonhaber.com s0.2mdn.net ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
8	ads3.admatic.com.tr	m.ensonhaber.com cdn.admatic.com.tr
7	securepubads.g.doubleclick.net	icdn.ensonhaber.com securepubads.g.doubleclick.net
5	x.bidswitch.net	5 redirects
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	www.google.com	ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com tpc.googlesyndication.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	www.gstatic.com	ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
3	ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com m.ensonhaber.com
3	www.googletagservices.com	icdn.ensonhaber.com ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
3	m.ensonhaber.com	icdn.ensonhaber.com static.cloudflareinsights.com
2	r.scoota.co	2 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	static.criteo.net	icdn.ensonhaber.com static.criteo.net
2	skydeutschland.demdex.net	1 redirects ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	m.ensonhaber.com
2	googleads.g.doubleclick.net	ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com m.ensonhaber.com
2	fonts.googleapis.com	ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
2	bidder.criteo.com	icdn.ensonhaber.com
2	ads4.admatic.com.tr	2 redirects
2	ads.creative-serving.com	2 redirects
2	cdn.admatic.com.tr	cdn2.admatic.com.tr cdn.admatic.com.tr
2	cdn2.admatic.com.tr	m.ensonhaber.com cdn2.admatic.com.tr
1	mug.criteo.com
1	cdnjs.cloudflare.com	s0.2mdn.net
1	m.exactag.com	ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
1	static.adsafeprotected.com	ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
1	pixel.adsafeprotected.com	1 redirects
1	www.google.de
1	sync.console.adtarget.com.tr	m.ensonhaber.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	id5-sync.com	cdn.id5-sync.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	cdn2.admatic.com.tr
1	admatic.mgr.consensu.org	cdn2.admatic.com.tr
1	redirect.prod.experiment.routing.cloudfront.aws.a2z.com	m.ensonhaber.com
1	certify.alexametrics.com	m.ensonhaber.com
1	api-stg.ensonhaber.com	icdn.ensonhaber.com
1	www.ensonhaber.com	icdn.ensonhaber.com
1	certify-js.alexametrics.com	m.ensonhaber.com
1	static.cloudflareinsights.com	m.ensonhaber.com
1	www.googletagmanager.com	m.ensonhaber.com
129	48

This site contains links to these domains. Also see Links.

Domain
icdn.ensonhaber.com
news.google.com
ensonhaber.me

Subject Issuer	Validity	Valid
ensonhaber.com Cloudflare Inc ECC CA-3	`2021-06-09` - `2022-06-08`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
cdn2.admatic.com.tr R3	`2022-04-09` - `2022-07-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
certify-js.alexametrics.com Amazon	`2021-06-14` - `2022-07-13`	a year	crt.sh
certify.alexametrics.com Amazon	`2021-06-14` - `2022-07-13`	a year	crt.sh
*.prod.experiment.routing.cloudfront.aws.a2z.com Amazon	`2021-10-13` - `2022-11-11`	a year	crt.sh
cdn.admatic.com.tr R3	`2022-04-01` - `2022-06-30`	3 months	crt.sh
ads4.admatic.com.tr R3	`2022-02-03` - `2022-05-04`	3 months	crt.sh
cdn.id5-sync.com R3	`2022-04-13` - `2022-07-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-07`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
sync.console.adtarget.com.tr R3	`2022-03-28` - `2022-06-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2021-08-16` - `2022-09-14`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-13`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Frame ID: 8D669763940CEE05EF0E616D06096B61
Requests: 59 HTTP requests in this frame

Frame: https://cdn.admatic.com.tr/user/
Frame ID: 8FBBA1DE44D2841B93DACB832DD4AA93
Requests: 8 HTTP requests in this frame

Frame: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FBC7D801C36E985A6E33E93714F78A43
Requests: 1 HTTP requests in this frame

Frame: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E37743CAE27C2C03570C289EC251A024
Requests: 5 HTTP requests in this frame

Frame: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6F2D8A802230B63CD6FEFC623E5ACB9B
Requests: 18 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 9E84A4C65B71F6033D746659E3284930
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXzQrkKyWvPET2WLyLWWlEahtYX7KQMgl5r76e1UwP5wOFDEP0aCM5fYniZFVlneW4ET-vYQEfV7gpsWp5d98e3mNkJFjVmV60T9XM4irQ5UWtdMZ91O9SiMPSbGjzAx9oCtvhlBSpiUQKi0MFUdKWxayRZm79XsMQMBNS4iOjqhQkTc8s
Frame ID: 6F60E3CD59803C5A263279E6E3F2F9E2
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8A6CC2C5A363AF1A6A87CE262C1B4A01
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E4BC1F7E2A763CA95092CD208DB61181
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9536B723F7E58DBB2BC92E1BC902993F
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2
Frame ID: E234488AFF4DDD5D33A15105A947CD33
Requests: 13 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=m.ensonhaber.com
Frame ID: FCE2D8E9B4985485176EE03855A46B74
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/l2o4cWLNalU19nN7vA12WZhb1qS4KDqIWPmZT-glBuk.js
Frame ID: 36F31ECDD36554768AF3CDB608F00B33
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gönül Dağı'nın Asuman'ı sere serpe kanepeye uzandı, kırmızı kombini mest etti! 'Yaktın ortalığı güzellik'

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

129
Requests

93 %
HTTPS

48 %
IPv6

29
Domains

48
Subdomains

41
IPs

9
Countries

1962 kB
Transfer

4078 kB
Size

36
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://icdn.ensonhaber.com/resimler/diger/kok/2022/04/15/gonul-dagi-asuman_9008.jpg

Search URL Search Domain Scan URL

URL: https://news.google.com/publications/CAAqBwgKMJDvkQswkoSnAw?hl=tr&gl=TR&ceid=TR:tr

Search URL Search Domain Scan URL

URL: https://ensonhaber.me/rz
Title: Günümüz Yatırım Araçları ile Kazanç Sağlayın! ADVERTORIAL Coin Haber

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://x.bidswitch.net/sync?ssp=admatic HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=admatic HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=admatic&bsw_custom_parameter=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=admatic&bsw_custom_parameter=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=a6360fd9-0b64-4395-a1e8-d720f6f02f12&ssp=admatic&expires=30&user_group=5&bsw_param=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7 HTTP 302
https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id= HTTP 302
https://ads3.admatic.com.tr/user?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=

Request Chain 81

https://pixel.adsafeprotected.com/rfw/st/999585/61793174/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_dspID=3&ias_campId=27619584&ias_pubId=pub-8601585505701947&ias_chanId=1&ias_placementId=16725763156&bidurl=https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0i1rGduCMyDGfW8HwYdwmF0 HTTP 302
https://static.adsafeprotected.com/skeleton.gif

Request Chain 87

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFWtumiZiNz93sJqHLv8ME&google_cver=1

Request Chain 88

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ylo.GnJljP4LEwtB.hQw7AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPw-nsERgtgvvO4amoGLzkY&google_cver=1&google_hm=2

Request Chain 89

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAaZvqA0-hdAiswV6z-y4WM&google_cver=1

Request Chain 90

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE0NzE0MTY5NDQxMDM2NTIxMw%3D%3D

Request Chain 105

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=1886800136&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=1886800136&gdpr=&gdpr_consent=

Request Chain 123

https://gum.criteo.com/sid/json?origin=publishertag&domain=ensonhaber.com&sn=ChromeSyncframe&so=0&topUrl=m.ensonhaber.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=x1HYSHxsKzN3c1ljeVBaZ3hOZEI1UytJa3lTSW92anhuenhpZGpqWUhHdUN0RWg3YlA2OUhqYUZDZ25NOFNRR1BZVDRwdElSMzFQQVlFbXZicFZuL2VpT0VJK2x2VExpeTdwNHhjU0RjYmJMK1ZkelpEMERubm9nYzNyZ2hwQllISGVvdEUwcm15RjJFdE9vM2l1bWlSNkQ0R2JYUk5tcjR5RUVpblk2SFhiTGtSaE90bkd6WUQ4TGhvTjVaZE1KYW1HTTE2VzZZTi9XTGFDUWRUNEI1SGRFMWw2bGE4Sms2UGJyaE92QndEWUNDSGFNYlBhQUo5S3JRSFNzbzRjRjlNRzBDL2ZEUXRONzV3WlJ6eU1jMmdDSFI0Zz09fA&cppv=2

Request Chain 124

https://x.bidswitch.net/sync?ssp=admatic HTTP 302
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=admatic HTTP 302
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=admatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=389f8b2a-2477-4e5e-9333-87a8b9cb7b45&ssp=admatic HTTP 302
https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id= HTTP 302
https://ads3.admatic.com.tr/user?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=

129 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik Show response
m.ensonhaber.com/medya/ 32 KB
7 KB 118ms
90ms Document
text/html 2606:4700:10::6816:49e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c23d25864e05885416098b46152edafa1ef89ad6c8fa14654e92dd0d70df697

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6fc9fbbb7b1e9076-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 16 Apr 2022 03:55:04 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
vary: Accept-Encoding

GET
H2 200 main.min.css
icdn.ensonhaber.com/cdn/mobil/assets/css/ 127 KB
24 KB 26ms
15ms Stylesheet
text/css 2606:4700:10::6816:49e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f761fbf7c69adc2f4b0c9e272eb85f90f21752316479ccbfb025f531e9dafe3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 316379
x-msg-hkn: js
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Wed, 10 Feb 2021 10:29:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5184000
cf-ray: 6fc9fbbc3bca9076-FRA
expires: Sat, 11 Jun 2022 12:02:01 GMT

GET
H2 200 main.min.js Show response
icdn.ensonhaber.com/cdn/mobil/assets/js/ 369 KB
105 KB 33ms
21ms Script
application/javascript 2606:4700:10::6816:49e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/js/main.min.js?v=?v=2.0.0.0.5.2.0
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26efd8b38b93a5e0dc25f2a5eb279a8a9276b84e66bc0410d689cf5c9999db02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 5596
x-msg-hkn: js
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Tue, 12 Apr 2022 10:10:28 GMT
server: cloudflare
etag: W/"62555014-5c430"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cf-ray: 6fc9fbbc3bcb9076-FRA

GET
H2 200 h-sb.otf
icdn.ensonhaber.com/cdn/desktop/fonts/ 89 KB
90 KB 65ms
23ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/desktop/fonts/h-sb.otf
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07d5087b985f403c77f82394589566967faf7abf28cdc561759f9655fabcb42d

Request headers

Referer: https://m.ensonhaber.com/
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 1918
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 91284
cf-request-id: 0aacc5fe9700002bddc6012000000001
last-modified: Sun, 26 Apr 2020 16:07:19 GMT
server: cloudflare
etag: "5ea5b1b7-16494"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbc69f6916a-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 139ms
51ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-87983201-1

Requested by

Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

346a2372ce4bfbc63d8413fa315f4fe4272a55fff6fc232f50fbe541fb5c4119

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38565
x-xss-protection: 0
last-modified: Sat, 16 Apr 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 16 Apr 2022 03:55:05 GMT

GET
H2 200 esh-logo.png
icdn.ensonhaber.com/cdn/mobil/assets/img/ 4 KB
4 KB 14ms
11ms Image
image/webp 2606:4700:10::6816:49e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/img/esh-logo.png
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50589621055ce4191a6b1a0a6c6b0d2c76c7586a73bfe58565edbe751c96d937

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 3557913
cf-polished: origFmt=png, origSize=4980
x-msg-hkn: /
content-length: 3940
content-disposition: inline; filename="esh-logo.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Sun, 15 Mar 2020 15:34:37 GMT
server: cloudflare
etag: "5e6e4b0d-1374"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 22 Dec 2021 07:17:26 GMT
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 6fc9fbbc5be39076-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 gonul-dagi-asuman_9008.jpg
icdn.ensonhaber.com/resimler/diger/kok/2022/04/15/ 90 KB
90 KB 15ms
13ms Image
image/jpeg 2606:4700:10::6816:49e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/resimler/diger/kok/2022/04/15/gonul-dagi-asuman_9008.jpg
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3edbc9164485c707a3eca64c82eaa0838bc098ca3a21841685aa66caf0a72135

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 40279
cf-polished: origSize=96284, status=webp_bigger
x-msg-hkn: /
content-length: 92196
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 15 Apr 2022 16:30:09 GMT
server: cloudflare
etag: "62599d91-1781c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Tue, 14 Jun 2022 16:29:32 GMT
cache-control: max-age=5356800
accept-ranges: bytes
cf-ray: 6fc9fbbc5be59076-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 interested-placeholder.gif
icdn.ensonhaber.com/cdn/mobil/assets/img/ 612 B
779 B 15ms
12ms Image
image/webp 2606:4700:10::6816:49e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/img/interested-placeholder.gif
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c172bb39bfa6678554f8b0a2b2b1e8097f2f2c7a0b6d6e9695ce90457ccbd79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 194859
cf-polished: origFmt=gif, origSize=961
x-msg-hkn: /
content-length: 612
content-disposition: inline; filename="interested-placeholder.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Sun, 15 Mar 2020 15:34:37 GMT
server: cloudflare
etag: "5e6e4b0d-3c1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 22 Dec 2021 07:59:25 GMT
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 6fc9fbbc5be89076-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 vignette.js Show response
icdn.ensonhaber.com/cdn/interstitial/ 6 KB
2 KB 15ms
12ms Script
application/javascript 2606:4700:10::6816:49e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/interstitial/vignette.js?v=2.0.0.0.5.2.0
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8b9dedc5630db6f206165bf8636f8c241b29648fbb33bed5f9dcbe8ef5e55f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 5847
x-msg-hkn: js
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Mon, 17 May 2021 18:42:21 GMT
server: cloudflare
etag: W/"60a2b90d-1732"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cf-ray: 6fc9fbbc5be19076-FRA
cf-bgj: minify

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 95ms
50ms Script
text/javascript 2606:4700:440e::ac40:9c1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::ac40:9c1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://m.ensonhaber.com/
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6fc9fbbc9fc8997b-FRA

GET
H2 200 showad.js Show response
cdn2.admatic.com.tr/showad/ 220 KB
86 KB 181ms
82ms Script
text/javascript 193.33.29.8
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn2.admatic.com.tr/showad/showad.js

Requested by

Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.33.29.8 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

nginx /

Resource Hash

78621be4aa2814708ce6f6c7c7b209d997165922ff98857c1e18a94df55b8b82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 12 Mar 2022 02:02:16 GMT
server: nginx
etag: W/"dedacc32b535d81:0"
content-type: text/javascript; charset=UTF-8
cache-control: max-age=7200
timing-allow-origin: *
x-xss-protection: 0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 113ms
40ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/interstitial/vignette.js?v=2.0.0.0.5.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

607621318571f4c48784c196784133fb7ea6db9c1ad3fb28deac95d17d91883f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28546
x-xss-protection: 0
server: sffe
etag: "1188 / 376 of 1000 / last-modified: 1650060417"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 16 Apr 2022 03:55:05 GMT

GET
H3 200 flag.svg
icdn.ensonhaber.com/cdn/mobil/assets/img/ 430 B
607 B 20ms
20ms Image
image/svg+xml 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/img/flag.svg
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b138dcab9d0b8f24962dc2171882913b8982b5c18e3e51b1ae7da3d76a95fdf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 286
x-msg-hkn: js
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Sun, 15 Mar 2020 15:34:37 GMT
server: cloudflare
etag: W/"5e6e4b0d-1ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 6fc9fbbc8f6e92b4-FRA

GET
H3 200 google-news.svg
icdn.ensonhaber.com/cdn/ 3 KB
2 KB 20ms
19ms Image
image/svg+xml 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/cdn/google-news.svg
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: feec2c569371060f3d2b0907dc013b54d9c4a0ac2171fabcdd5a4b1d62cf4212

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 5589
x-msg-hkn: js
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
cf-request-id: 0aacd07b75000005f968394000000001
last-modified: Mon, 24 Aug 2020 02:33:43 GMT
server: cloudflare
etag: W/"5f432707-d65"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6fc9fbbc8f6f92b4-FRA

GET
H3 200 esh.ttf
icdn.ensonhaber.com/cdn/mobil/assets/fonts/ 20 KB
21 KB 45ms
35ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/fonts/esh.ttf?v=2.2
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ac9f8752c678a0d8cf16d73cb9a9d257a79dabc1e526e03067a5008fb505045

Request headers

Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 1315
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 20780
cf-request-id: 0aacc5f33b00001f450e0ae000000001
last-modified: Thu, 28 Nov 2019 14:37:52 GMT
server: cloudflare
etag: "5ddfdbc0-512c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbcaa509944-FRA

GET
H3 200 h-m.otf
icdn.ensonhaber.com/cdn/mobil/assets/fonts/ 89 KB
89 KB 51ms
42ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/fonts/h-m.otf
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01adbdcdde3d55ba3376328000c9afa1f5c19b2029b29b72d720a704c5342ec2

Request headers

Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 13928
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 90660
cf-request-id: 083224ee9100004ab697aa4000000001
last-modified: Sat, 09 Mar 2019 11:13:03 GMT
server: cloudflare
etag: "5c839fbf-16224"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbcaa4e9944-FRA

GET
H3 200 sf-m.woff2
icdn.ensonhaber.com/cdn/mobil/assets/fonts/ 30 KB
31 KB 28ms
19ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/fonts/sf-m.woff2
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecdc8348a360b40b4db59b3b9000ad3361ebe9e6ef1c00648c26b304f90eab45

Request headers

Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 1016
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30952
cf-request-id: 0aacc5fb9c0000d6b533348000000001
last-modified: Sat, 09 Mar 2019 11:13:04 GMT
server: cloudflare
etag: "5c839fc0-78e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbcaa519944-FRA

GET
H3 200 h-b.otf
icdn.ensonhaber.com/cdn/mobil/assets/fonts/ 83 KB
84 KB 44ms
35ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/fonts/h-b.otf
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69531c551a4db00b2810f3b1c3323b5c7dd8b0869aac0e0596c821702ad941f8

Request headers

Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: BYPASS
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 85472
cf-request-id: 08322bca8c0000c2ef8094a000000001
last-modified: Sat, 09 Mar 2019 11:13:03 GMT
server: cloudflare
etag: "5c839fbf-14de0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbcaa529944-FRA

GET
H3 200 h-l.otf
icdn.ensonhaber.com/cdn/mobil/assets/fonts/ 76 KB
76 KB 57ms
49ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/fonts/h-l.otf
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3625c3de2c5ff3ae1d390f25c3626c637dff10b1a651c097b45bceee62062093

Request headers

Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 9000
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77436
cf-request-id: 0aacc7add500002c368320a000000001
last-modified: Sat, 09 Mar 2019 11:13:03 GMT
server: cloudflare
etag: "5c839fbf-12e7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbcaa539944-FRA

GET
H3 200 sf-r.woff2
icdn.ensonhaber.com/cdn/mobil/assets/fonts/ 28 KB
28 KB 36ms
28ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/fonts/sf-r.woff2
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51b238e76824248990b6afee557335a862af977789109b95fffb871b81cb80f8

Request headers

Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 1016
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28560
cf-request-id: 0aacc7add10000c2eac1880000000001
last-modified: Sat, 09 Mar 2019 11:13:04 GMT
server: cloudflare
etag: "5c839fc0-6f90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbcaa549944-FRA

GET
H3 200 sf-sb.woff2
icdn.ensonhaber.com/cdn/mobil/assets/fonts/ 30 KB
30 KB 63ms
56ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/fonts/sf-sb.woff2
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fdf1f493fe942dc93a3c6995b356a9d715ee631ed67f8533d75968738b04a464

Request headers

Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 13851
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30776
cf-request-id: 0aacc5fbdd00004e9d8f257000000001
last-modified: Sat, 09 Mar 2019 11:13:04 GMT
server: cloudflare
etag: "5c839fc0-7838"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbcaa559944-FRA

GET
H3 200 h-sb.otf
icdn.ensonhaber.com/cdn/mobil/assets/fonts/ 89 KB
90 KB 63ms
57ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/fonts/h-sb.otf
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07d5087b985f403c77f82394589566967faf7abf28cdc561759f9655fabcb42d

Request headers

Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 12998
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 91284
cf-request-id: 0aacc5eb2700004ee617b53000000001
last-modified: Sat, 09 Mar 2019 11:13:03 GMT
server: cloudflare
etag: "5c839fbf-16494"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbcaa569944-FRA

GET
H3 200 h-r.otf
icdn.ensonhaber.com/cdn/mobil/assets/fonts/ 86 KB
86 KB 68ms
62ms Font
application/octet-stream 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/fonts/h-r.otf
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59f64cdfb1dbf90eeed41b90d8925b78f78887dd3d64b79e93c70241391ce8d0

Request headers

Referer: https://icdn.ensonhaber.com/cdn/mobil/assets/css/main.min.css?v=2.0.0.0.5.2.0
Origin: https://m.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 10312
x-msg-hkn: js
x-vtex-cache-status-nginx-thumbor: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 87724
cf-request-id: 0aacc7add70000177e8a21a000000001
last-modified: Sat, 09 Mar 2019 11:13:03 GMT
server: cloudflare
etag: "5c839fbf-156ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6fc9fbbcaa579944-FRA

GET
H/1.1 200
OK atrk.js Show response
certify-js.alexametrics.com/ 4 KB
2 KB 34ms
7ms Script
application/javascript 99.86.4.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://certify-js.alexametrics.com/atrk.js
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-120.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 05 Mar 2022 07:54:07 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
Server: AmazonS3
Age: 3614459
ETag: W/"d89453438fbf10dcf4c13265c40d5160"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 8cdf0467c0468ddfe8e9873c6bb8304c.cloudfront.net (CloudFront)
Cache-Control: max-age=26920000
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA6-C1
X-Amz-Cf-Id: hrAm_U_OxD9CNJHcOldQNK58KDElL8YBs18omoDLtsDS9G5x0e9RrQ==

GET
H3 200 prebid4.6.0_cr_tt_adf_rtb.js Show response
icdn.ensonhaber.com/test/native/ 167 KB
54 KB 23ms
23ms Script
application/javascript 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/test/native/prebid4.6.0_cr_tt_adf_rtb.js
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/js/main.min.js?v=?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05690fb6a6129da06d2e597e73de0d90292ad5916f532645a0fbbc8c38ed6f52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 1485
cf-polished: origSize=170699
x-msg-hkn: js
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
cf-request-id: 0aacc664a500009ab6658ef000000001
last-modified: Mon, 07 Sep 2020 16:31:28 GMT
server: cloudflare
etag: W/"5f566060-29acb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6fc9fbbd0fe592b4-FRA
cf-bgj: minify

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 83 KB
28 KB 135ms
48ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/js/main.min.js?v=?v=2.0.0.0.5.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

607621318571f4c48784c196784133fb7ea6db9c1ad3fb28deac95d17d91883f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28546
x-xss-protection: 0
server: sffe
etag: "1188 / 278 of 1000 / last-modified: 1650060417"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 16 Apr 2022 03:55:05 GMT

POST
H2 200 s.php Show response
www.ensonhaber.com/esh/ 1 B
125 B 84ms
75ms XHR
text/html 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ensonhaber.com/esh/s.php?i=844814&n=0.6011135093376978
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/js/main.min.js?v=?v=2.0.0.0.5.2.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.14
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Accept: */*
Referer: https://m.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-powered-by: PHP/7.2.14
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-server-count: c4
access-control-allow-origin: *
cf-ray: 6fc9fbbd1ad2916a-FRA
content-type: text/html; charset=UTF-8

POST
H2 200 844814 Show response
api-stg.ensonhaber.com/esh/say/h/ 1 B
244 B 151ms
142ms XHR
text/html 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-stg.ensonhaber.com/esh/say/h/844814?n=0.24612163928719233
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/js/main.min.js?v=?v=2.0.0.0.5.2.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.29
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Accept: */*
Referer: https://m.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-powered-by: PHP/7.3.29
cf-ray: 6fc9fbbd1ad4916a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: Cache-Control: public, no-cache, proxy-revalidate
x-server: api-srv-1
x-robots-tag: noindex
access-control-allow-headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK atrk.gif
certify.alexametrics.com/ 43 B
551 B 35ms
7ms Image
image/gif 99.86.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=G%C3%B6n%C3%BCl%20Da%C4%9F%C4%B1%27n%C4%B1n%20Asuman%27%C4%B1%20sere%20serpe%20kanepeye%20uzand%C4%B1%2C%20k%C4%B1rm%C4%B1z%C4%B1%20kombini%20mest%20etti!%20%27Yakt%C4%B1n%20ortal%C4%B1%C4%9F%C4%B1%20g%C3%BCzellik%27&time=1650081305146&time_zone_offset=0&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=https%3A%2F%2Fm.ensonhaber.com%2Fmedya%2Fgonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik&random_number=13443204562&sess_cookie=c1e2cf4e1803082923acdd8dae9&sess_cookie_flag=1&user_cookie=c1e2cf4e1803082923acdd8dae9&user_cookie_flag=1&dynamic=true&domain=ensonhaber.com&account=DIQbh1acOh00yC&jsv=20130128&user_lang=en-US
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-6.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 16 Apr 2022 03:20:01 GMT
Via: 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
Server: AmazonS3
Age: 79730
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA6-C1
x-amz-meta-alexa-last-modified: 20110117123941
Content-Length: 43
X-Amz-Cf-Id: cDTJMr-q9z1e2tL2OYH2LuGYvcKoyn-qQkdDgp68BJxEL6plUk_w-g==

GET
H2 204 x.png
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/ 0
48 B 533ms
169ms Image
text/plain 52.25.210.71
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.210.71 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-210-71.us-west-2.compute.amazonaws.com
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
server: Server

GET
H3 200 pubads_impl_2022041201.js Show response
securepubads.g.doubleclick.net/gpt/ 369 KB
125 KB 72ms
32ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

ae1662349ff25bf23f2d8c4d4affd74d2531892eac8dabfd7a05d80459c36583

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 21:29:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127945
x-xss-protection: 0
last-modified: Tue, 12 Apr 2022 08:36:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Apr 2023 21:29:22 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 247 B
165 B 80ms
40ms XHR
application/json 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=m.ensonhaber.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

64f9f3a3e3272fde20321b5ff5eea87d95a58797d957f255725f2be032ea90ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
expires: Sat, 16 Apr 2022 03:55:05 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 124ms
39ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-87983201-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5874
date: Sat, 16 Apr 2022 02:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 16 Apr 2022 04:17:11 GMT

GET
H2 200 / Show response
cdn.admatic.com.tr/user/ Frame 8FBB 251 B
658 B 39ms
7ms Document
text/html 89.187.169.39
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admatic.com.tr/user/
Requested by: Host: cdn2.admatic.com.tr
URL: https://cdn2.admatic.com.tr/showad/showad.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.39 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-39.cdn77.com
Software: BunnyCDN-DE1-755 /
Resource Hash: 62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd

Request headers

Referer: https://m.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=3600
cdn-cache: HIT
cdn-cachedat: 02/08/2022 18:16:12
cdn-edgestorageid: 565
cdn-fileserver: 141
cdn-proxyver: 1.02
cdn-pullzone: 266102
cdn-requestcountrycode: DE
cdn-requestid: cac19cb45f033bfd120cfbf1cb69b177
cdn-requestpullcode: 206
cdn-requestpullsuccess: True
cdn-status: 200
cdn-storageserver: DE-51
cdn-uid: bea626e5-d007-4073-8941-73ce8dd2f81c
content-encoding: gzip
content-type: text/html
date: Sat, 16 Apr 2022 03:55:05 GMT
last-modified: Thu, 11 Feb 2021 13:30:42 GMT
server: BunnyCDN-DE1-755
vary: Accept-Encoding

GET
H2 200 query Show response
admatic.mgr.consensu.org/ 19 B
432 B 186ms
47ms XHR
application/json 188.132.147.236
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://admatic.mgr.consensu.org/query
Requested by: Host: cdn2.admatic.com.tr
URL: https://cdn2.admatic.com.tr/showad/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.132.147.236 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: static-236-147-132-188.sadecehosting.net
Software: AdMatic / AdMatic
Resource Hash: e9c3c5d55b8780688e2c047d655d38d3d16db2662e041462e2b32302b1d9c56d

Request headers

Referer: https://m.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:04 GMT
content-encoding: br
server: AdMatic
x-powered-by: AdMatic
vary: Accept-Encoding
access-control-allow-methods: POST,GET,OPTIONS,PUT,DELETE
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://m.ensonhaber.com
access-control-max-age: 86400
cache-control: no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Accept-Encoding, Authorization
content-length: 23

GET
H2 200 ads.css
cdn2.admatic.com.tr/content/ 14 KB
4 KB 43ms
43ms Stylesheet
text/css 193.33.29.8
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn2.admatic.com.tr/content/ads.css?cb=458356

Requested by

Host: cdn2.admatic.com.tr
URL: https://cdn2.admatic.com.tr/showad/showad.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.33.29.8 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

nginx /

Resource Hash

dba4d22701369b2c2e7adfa8c39cfea3e5ffbb503d3d510fcc79e34a7aa20ca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 27 Feb 2017 07:26:48 GMT
server: nginx
etag: W/"501979dbca90d21:0"
content-type: text/css
cache-control: max-age=7200
timing-allow-origin: *
x-xss-protection: 0

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/0.9/ 20 KB
7 KB 29ms
9ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/0.9/id5-api.js

Requested by

Host: cdn2.admatic.com.tr
URL: https://cdn2.admatic.com.tr/showad/showad.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

1ed5f2fc1e66035303acba9525aeae50f4b303e9dc137c6e1ced3c240048dddd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
date: Sat, 16 Apr 2022 03:13:41 GMT
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
accept-ranges: bytes
content-length: 7102
x-request-id: 666241182

GET
H2

200

user
ads3.admatic.com.tr/
Redirect Chain

https://x.bidswitch.net/sync?ssp=admatic
https://x.bidswitch.net/ul_cb/sync?ssp=admatic
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=admatic&bsw_custom_parameter=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=admatic&bsw_custom_parameter=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7
https://x.bidswitch.net/sync?dsp_id=4&user_id=a6360fd9-0b64-4395-a1e8-d720f6f02f12&ssp=admatic&expires=30&user_group=5&bsw_param=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7
https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=
https://ads3.admatic.com.tr/user?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=

35 B
180 B

46ms
45ms

Image
image/gif

188.132.147.235
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads3.admatic.com.tr/user?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H2
Server: 188.132.147.235 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: static-235-147-132-188.sadecehosting.net
Software: AdMatic / AdMatic
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
server: AdMatic
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
x-powered-by: AdMatic
content-type: image/gif
cache-control: no-cache
timing-allow-origin: *
content-length: 35

Redirect headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:04 GMT
location: https://ads3.admatic.com.tr/user?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=
x-powered-by: AdMatic
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://m.ensonhaber.com
cache-control: no-cache
access-control-allow-credentials: true
content-type: text/html; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 221

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 126ms
44ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=m.ensonhaber.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 131ms
47ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=m.ensonhaber.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 136 KB
35 KB 363ms
363ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4122921727724021&correlator=1340953588030206&eid=31061690%2C31064019%2C31065517&output=ldjh&gdfp_req=1&vrg=2022041201&ptt=17&impl=fifs&iu_parts=9170022%2Cinterstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=2447352499&sfv=1-0-38&ecs=20220416&ists=1&fas=8&fsapi=false&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1650081305367&lmt=1650081305&dlt=1650081304961&idt=386&biw=1600&bih=1200&adxs=-9&adys=-9&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fm.ensonhaber.com%2Fmedya%2Fgonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=553546818.1650081305&ga_sid=1650081305&ga_hid=2108957684&ga_fc=false&btvi=-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

ceb5fbd97069204b5a063bf53221869aff3df83eb1fb5eeffd77fc635fed5d91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35638
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://m.ensonhaber.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FBC7 6 KB
4 KB 149ms
46ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://m.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Apr 2022 03:55:05 GMT
expires: Sun, 16 Apr 2023 03:55:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022041201.js Show response
securepubads.g.doubleclick.net/gpt/ 35 KB
13 KB 32ms
32ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022041201.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

bc82686ad7d60362610cb0d7958d05585ce911948be0392097e20e3d4ed207a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 10:50:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320658
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13274
x-xss-protection: 0
last-modified: Tue, 12 Apr 2022 08:36:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 12 Apr 2023 10:50:47 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
314 B 81ms
43ms XHR
application/json 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.6.0&cb=82716868655

Requested by

Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/test/native/prebid4.6.0_cr_tt_adf_rtb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://m.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://m.ensonhaber.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
313 B 80ms
45ms XHR
application/json 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.6.0&cb=25638414427

Requested by

Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/test/native/prebid4.6.0_cr_tt_adf_rtb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://m.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://m.ensonhaber.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

POST
H3 200 ui Show response
m.ensonhaber.com/api/uye/ 1 KB
839 B 101ms
100ms XHR
text/html 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://m.ensonhaber.com/api/uye/ui?i=501
Requested by: Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/cdn/mobil/assets/js/main.min.js?v=?v=2.0.0.0.5.2.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.14
Resource Hash: f0bc21749ac4d20190188bf9a49343edbef134fdd7e4f6303f4844fb22d62934

Request headers

Accept: */*
Referer: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/7.2.14
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cf-ray: 6fc9fbbeb97292b4-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 bundle.js Show response
cdn.admatic.com.tr/user/ Frame 8FBB 54 KB
20 KB 7ms
7ms Script
application/javascript 89.187.169.39
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admatic.com.tr/user/bundle.js
Requested by: Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.39 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-39.cdn77.com
Software: BunnyCDN-DE1-755 /
Resource Hash: 8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.admatic.com.tr/user/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
cdn-edgestorageid: 632
cdn-fileserver: 141
cdn-storageserver: DE-165
cdn-cachedat: 03/14/2022 19:30:29
cdn-pullzone: 266102
server: BunnyCDN-DE1-755
last-modified: Fri, 12 Mar 2021 04:24:48 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"604aed10-d908"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: bea626e5-d007-4073-8941-73ce8dd2f81c
cache-control: public, max-age=3600
cdn-requestid: 7f149101d7d7f913da359b447f7d7251
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

POST
H/1.1 200 381.json Show response
id5-sync.com/g/v2/ 213 B
534 B 34ms
8ms XHR
application/json 51.89.20.87
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/381.json?gdpr_consent=&gdpr=0

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/0.9/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.20.87 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p19.id5-sync.com

Software

Resource Hash

bba94951470925772b3600a4881d00ff3571d446e9078ef4e53bb055587c2068

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://m.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://m.ensonhaber.com
Date: Sat, 16 Apr 2022 03:55:04 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 94ms
47ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2108957684&t=pageview&_s=1&dl=https%3A%2F%2Fm.ensonhaber.com%2Fmedya%2Fgonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik&ul=en-us&de=UTF-8&dt=G%C3%B6n%C3%BCl%20Da%C4%9F%C4%B1%27n%C4%B1n%20Asuman%27%C4%B1%20sere%20serpe%20kanepeye%20uzand%C4%B1%2C%20k%C4%B1rm%C4%B1z%C4%B1%20kombini%20mest%20etti!%20%27Yakt%C4%B1n%20ortal%C4%B1%C4%9F%C4%B1%20g%C3%BCzellik%27&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=1400933844&gjid=2020583122&cid=553546818.1650081305&tid=UA-87983201-1&_gid=1280510724.1650081305&_r=1&gtm=2ou4d0&z=1192713912

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://m.ensonhaber.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 85ms
39ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108957684&t=event&_s=2&dl=https%3A%2F%2Fm.ensonhaber.com%2Fmedya%2Fgonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik&ul=en-us&de=UTF-8&dt=G%C3%B6n%C3%BCl%20Da%C4%9F%C4%B1%27n%C4%B1n%20Asuman%27%C4%B1%20sere%20serpe%20kanepeye%20uzand%C4%B1%2C%20k%C4%B1rm%C4%B1z%C4%B1%20kombini%20mest%20etti!%20%27Yakt%C4%B1n%20ortal%C4%B1%C4%9F%C4%B1%20g%C3%BCzellik%27&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=editor&ea=gosterim&el=Nejla%20%C3%9Cng%C3%BCl&_u=YAhAAUABAAAAAC~&jid=&gjid=&cid=553546818.1650081305&tid=UA-87983201-1&_gid=1280510724.1650081305&gtm=2ou4d0&z=641268643

Requested by

Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 04:02:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 85961
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 user Show response
ads3.admatic.com.tr/ Frame 8FBB 51 B
418 B 149ms
49ms XHR
application/json 188.132.147.235
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads3.admatic.com.tr/user
Requested by: Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.132.147.235 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: static-235-147-132-188.sadecehosting.net
Software: AdMatic / AdMatic
Resource Hash: 09f3adc0d0724a762e8d87525f3510ffa0ec0577e316c4e7c8e4f899810b3d37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.admatic.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
server: AdMatic
x-powered-by: AdMatic
vary: Origin,Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://cdn.admatic.com.tr
cache-control: no-cache
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 55

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
8 KB 290ms
290ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4122921727724021&correlator=145763354250659&eid=31061690%2C31064019%2C31065517&output=ldjh&gdfp_req=1&vrg=2022041201&ptt=17&impl=fifs&iu_parts=9170022%2Ceshmobilweb%2Ckutu1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250%7C320x100%7C336x336%7C336x280%7C320x250%7C300x100%7C375x170&fluid=height&ifi=2&adks=1664534805&sfv=1-0-38&ecs=20220416&fsapi=false&eri=1&cust_params=eshmobilweb%3Dmedya%26editor%3DNejla%2520%25C3%259Cng%25C3%25BCl&sc=1&cookie_enabled=1&abxe=1&dt=1650081305483&lmt=1650081305&dlt=1650081304961&idt=386&biw=1600&bih=1200&adxs=650&adys=699&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fm.ensonhaber.com%2Fmedya%2Fgonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik&frm=20&vis=1&scr_x=0&scr_y=0&psz=600x15&msz=600x15&fws=4&ohw=600&ga_vid=553546818.1650081305&ga_sid=1650081305&ga_hid=2108957684&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

1a2d828fe48b1da0812195702e18e13c1d297d302b1a6487f422b0afd865fc82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8267
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://m.ensonhaber.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 452 B
278 B 239ms
238ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4122921727724021&correlator=4332879185717905&eid=31061690%2C31064019%2C31065517&output=ldjh&gdfp_req=1&vrg=2022041201&ptt=17&impl=fifs&iu_parts=9170022%2Ceshmobilweb%2Cmasthead_detail&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x100&ifi=3&adks=3562119842&sfv=1-0-38&ecs=20220416&fsapi=false&eri=1&cust_params=eshmobilweb%3Dmedya%26editor%3DNejla%2520%25C3%259Cng%25C3%25BCl&sc=1&cookie_enabled=1&abxe=1&dt=1650081305493&lmt=1650081305&dlt=1650081304961&idt=386&biw=1600&bih=1200&adxs=500&adys=62&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fm.ensonhaber.com%2Fmedya%2Fgonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik&frm=20&vis=1&scr_x=0&scr_y=0&psz=572x0&msz=586x0&fws=4&ohw=600&ga_vid=553546818.1650081305&ga_sid=1650081305&ga_hid=2108957684&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

5c1646ab2a0a2cc9c387c8e1a34b515dc9a0ef54c6061a48ee08717705acb93c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 248
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://m.ensonhaber.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 186ms
28ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-87983201-1&cid=553546818.1650081305&jid=1400933844&gjid=2020583122&_gid=1280510724.1650081305&_u=YAhAAUAAAAAAAC~&z=1626111125

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 16 Apr 2022 03:55:05 GMT
content-type: text/plain
access-control-allow-origin: https://m.ensonhaber.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 new Show response
ads3.admatic.com.tr/user/ Frame 8FBB 145 B
434 B 49ms
49ms XHR
application/json 188.132.147.235
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads3.admatic.com.tr/user/new
Requested by: Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.132.147.235 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: static-235-147-132-188.sadecehosting.net
Software: AdMatic / AdMatic
Resource Hash: 8a81ff37e5a151a46d0bc1f14b4c9f6a3f5af6bead3610664b58a97facbab0ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.admatic.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
etag: DrocTndw1HXdTZ2--IC-YrSKBd8WsxuPFTKaH18f4qpysfYOrJxVY_OdQW3e2Cs1xpmiaipJk17CiDKVuqXFZA
last-modified: Sat, 16 Apr 2022 04:55:05 GMT
server: AdMatic
x-powered-by: AdMatic
vary: Origin,Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://cdn.admatic.com.tr
cache-control: no-cache
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 149

GET
H2 200 user Show response
ads3.admatic.com.tr/ Frame 8FBB 171 B
289 B 50ms
49ms XHR
application/json 188.132.147.235
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads3.admatic.com.tr/user
Requested by: Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.132.147.235 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: static-235-147-132-188.sadecehosting.net
Software: AdMatic / AdMatic
Resource Hash: ceba684149cd5d5974e25ea4565a40af7239f8e0af49cc00146ae6317a6bf756

Request headers

Referer: https://cdn.admatic.com.tr/
If-None-Match: undefined
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
etag: Has8dGU6fa_ynRoiMv-mENvsBWt0hobc8z6L_xd8tkgG0Lv2WUH4AQmANoU7g_0T804m3iWrlcFv4v9yF6b5Hg
last-modified: Sat, 16 Apr 2022 04:55:05 GMT
server: AdMatic
x-powered-by: AdMatic
vary: Origin,Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://cdn.admatic.com.tr
cache-control: no-cache
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 175

OPTIONS
H2 204 user
ads3.admatic.com.tr/ Frame 0
0 148ms
51ms Preflight 188.132.147.235
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads3.admatic.com.tr/user
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.132.147.235 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: static-235-147-132-188.sadecehosting.net
Software: AdMatic / AdMatic
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: if-none-match
Access-Control-Request-Method: GET
Origin: https://cdn.admatic.com.tr
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: if-none-match
access-control-allow-origin: https://cdn.admatic.com.tr
cache-control: no-cache
date: Sat, 16 Apr 2022 03:55:05 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
server: AdMatic
timing-allow-origin: *
vary: Origin
x-powered-by: AdMatic

OPTIONS
H2 204 user
ads3.admatic.com.tr/ Frame 0
0 62ms
51ms Preflight 188.132.147.235
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads3.admatic.com.tr/user
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.132.147.235 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: static-235-147-132-188.sadecehosting.net
Software: AdMatic / AdMatic
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: if-none-match
Access-Control-Request-Method: GET
Origin: https://cdn.admatic.com.tr
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: if-none-match
access-control-allow-origin: https://cdn.admatic.com.tr
cache-control: no-cache
date: Sat, 16 Apr 2022 03:55:05 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
server: AdMatic
timing-allow-origin: *
vary: Origin
x-powered-by: AdMatic

GET
H2 200 user Show response
ads3.admatic.com.tr/ Frame 8FBB 171 B
287 B 51ms
49ms XHR
application/json 188.132.147.235
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads3.admatic.com.tr/user
Requested by: Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.132.147.235 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: static-235-147-132-188.sadecehosting.net
Software: AdMatic / AdMatic
Resource Hash: 0f846ea7b44f98a35d908e9e0b43741bad0ad9969cfad2418405b703508ac84e

Request headers

Referer: https://cdn.admatic.com.tr/
If-None-Match: gcST93H2zF-HMgfBMSLuS40177GaOEJX-vsQ3S5d6kcM7pI7hS__F62YeKj9AMe9oAFhiVwPPqv7SoSwdrx7cw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
etag: XJzhDa43QvzyrUepjuG5crp60w_Y-PG6YAQLIvpH2P9bsGRYoLrBcsge_zB69_psKL4ITFRXHsBwbJopMPuyfQ
last-modified: Sat, 16 Apr 2022 04:55:05 GMT
server: AdMatic
x-powered-by: AdMatic
vary: Origin,Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://cdn.admatic.com.tr
cache-control: no-cache
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 175

GET
H/1.1 200
OK csync
sync.console.adtarget.com.tr/ Frame 8FBB 0
473 B 735ms
258ms Image
text/plain 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=314221&extuid=gcST93H2zF-HMgfBMSLuS40177GaOEJX-vsQ3S5d6kcM7pI7hS__F62YeKj9AMe9oAFhiVwPPqv7SoSwdrx7cw
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.admatic.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Sat, 16 Apr 2022 03:55:05 GMT
Server: VertaMedia 1.0
Etag: 7784ed69058593ac
Content-Length: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 161ms
52ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022041201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

207ca22a1c047fb3b4f310037c5172e7422bec1574ffa0a827f0b6432d591c39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10552
x-xss-protection: 0

POST
H3 200 rum Show response
m.ensonhaber.com/cdn-cgi/ 0
166 B 32ms
32ms XHR
text/plain 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://m.ensonhaber.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
content-type: application/json

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://m.ensonhaber.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6fc9fbc0ab2f92b4-FRA
vary: Origin

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 143ms
51ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-87983201-1&cid=553546818.1650081305&jid=1400933844&_u=YAhAAUAAAAAAAC~&z=1460060318

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 134ms
48ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-87983201-1&cid=553546818.1650081305&jid=1400933844&_u=YAhAAUAAAAAAAC~&z=1460060318

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E377 6 KB
3 KB 88ms
40ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://m.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Apr 2022 03:55:05 GMT
expires: Sun, 16 Apr 2023 03:55:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6F2D 6 KB
3 KB 59ms
41ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://m.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Apr 2022 03:55:05 GMT
expires: Sun, 16 Apr 2023 03:55:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 172ms
85ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Apr 2022 03:55:05 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame E377 4 KB
1 KB 129ms
45ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 16 Apr 2022 02:23:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 16 Apr 2022 03:55:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 16 Apr 2022 03:55:05 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9E84 8 KB
965 B 120ms
46ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 16 Apr 2022 03:25:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 16 Apr 2022 03:55:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 16 Apr 2022 03:55:05 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9E84 2 KB
984 B 152ms
78ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3124
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Apr 2022 03:03:01 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 9E84 19 KB
8 KB 112ms
40ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 400
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8002
x-xss-protection: 0
server: cafe
etag: 5332015062585099865
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Apr 2022 03:48:25 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9E84 3 KB
1 KB 148ms
76ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Apr 2022 03:51:34 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9E84 119 KB
36 KB 143ms
97ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36909
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649897599747219"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Apr 2022 03:55:05 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9E84 15 KB
6 KB 121ms
49ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:29:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1550
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Apr 2022 03:29:15 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9E84 0
0 96ms
47ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSE_AcSrOl7KBAxSI25sgzix-PsAGSisKieFaP85g9WSssDXw1XQ0vmgmr4XfqhpjlIrpcH95HbWlKpWA0hNl4IEhS70w
Requested by: Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 fb084ba56019ecef1e967c41e75d05fd.js Show response
www.gstatic.com/mysidia/ Frame 9E84 29 KB
12 KB 124ms
39ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fb084ba56019ecef1e967c41e75d05fd.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 08:37:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242272
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11996
x-xss-protection: 0
last-modified: Thu, 07 Apr 2022 03:53:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 12 Jul 2022 08:37:13 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame E377 19 KB
8 KB 112ms
44ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1240106b570dda5fdb8cf5e703d20b1068194eb2f18795e20fa85fcb96108fdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 02:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 13275616604445095965
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Apr 2022 02:29:59 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E377 205 B
294 B 128ms
47ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:11:12 GMT
x-content-type-options: nosniff
age: 2633
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 16 Apr 2023 03:11:12 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E377 604 B
991 B 126ms
45ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 00:22:53 GMT
x-content-type-options: nosniff
age: 12732
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 16 Apr 2023 00:22:53 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6F60 624 B
975 B 138ms
53ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXzQrkKyWvPET2WLyLWWlEahtYX7KQMgl5r76e1UwP5wOFDEP0aCM5fYniZFVlneW4ET-vYQEfV7gpsWp5d98e3mNkJFjVmV60T9XM4irQ5UWtdMZ91O9SiMPSbGjzAx9oCtvhlBSpiUQKi0MFUdKWxayRZm79XsMQMBNS4iOjqhQkTc8s

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 16 Apr 2022 03:55:05 GMT
expires: Sat, 16 Apr 2022 03:55:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6F2D 97 KB
38 KB 179ms
95ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dhu7l5cl7mUjvyQ-ZB_q9LCvbZwNU9CnHCq4YFElb18-pphGiDbh4hYI4T4F_zNaH68SPUsNGi99qfz5sjE88etEncIFtpJD6vgMjnLmkmwK37sKHZNUy-cFEnJLrYUpQMoVQxEduWCU2ZxqZDgX7D_l6Gcw&dbm_d=AKAmf-B5tcsiaStaBx2THa18RNyVF7Ytw6MtldJzC13JsTIN0eoLFjewyDXcBMxFv6-gI1donYNwozhRvYXLlaeA3ToC88lNVdHgjcth5e30LERhbWFWkHNxnGtl2XGrelxOrlJTZtUE26lwDf0GdTOkwLuBc2QsfWPUvdrbG0PLek1Q4QexI_XmJCLFNxI2hIzzBQHidEUp2y_-Q5AdZWrPHthfgi08_i1QyMea5a_eHPaWUOvju6QqFwt4Rha-i33-wpzcSbJKW2dssMAmGhTn0WkldgJEHikV9y9qOpGZQmobqpcPHkEf9etoiQ9B5Ki69RshFLnJxX2hiDRW7Z0bTRkKWTX81rVxoPLGBQYyOx0doA6kN55ziwtml99NbjVEqFjzl5jiTn9SiavJxR_6Zq3JizJQMqgq_pnp45AaPUDRogsssdiTNPuFicLZAXFSqCMq8DtgIDDP5nx602p8eV296DslvvEPRPaKxx4NDIbQQUTjMMT5-pemzeul4OZW_eUveiskqNfxP29U1-LcrdkifDqmQy2UBC6qvOHtlEgp-s1X3a17uNJTwE1oKVNDQnx0bGP73hZUhgJ-bp0IJ36b-mjs2CHNAbYfC_T05FAlfgx0ve0KBkG_cGc6gXpNB6mAi_GaUulZS1_TQsEHotm7U7oarYG9g0ZQKxHBsLnsk7AmO0b-Pu2iypRRrIRJuCylh1ZLyCpAe1g5-YdYKhXiSvMJJlzfh0UE8wNDiyncdpf55Epiok6yqwuVh1VVhRt-D2u85nYPf5yD7p9a6aAG8U6mvXEnQL0GgYuo9mDO2xIVUDWHVDJRBZ8zAe5fRG5e2xC59dXiG0nc_NPIW5o8rO4JJGwtgYrwDP9PfLgaUAJS8_qARqBt65IPrOZsn6OB2OXZqd8yDXJfU9ETZY71EwYOQN7p7uw-yxKCsneSG2-f-g0_wOn4817oKBMbDh1VrDEN-1kS5SUINhXuX-5ZC0yiA2O0p5H5S83jwsTfJceBY0H4Wq3PAX82NZcZ9-YjHuR5xUusbVlK_DJZDsmn0RcPP3Smbus7VFZkjCkbpNq5aYZ932iamgV38YNxkZrajwZAn2Xmw-78pZsN_87lNg8astVbOBaSGy-AfARL09JzDUJJ8DBMj9Qo1TRKMSAJDh0Tca04DG_LScg4zKkQ1HyBJYvq1qZ4k0vnXXiN6iRDKCTgNTW9kNswzj6x2KiBWLoKsLzVbSM35tsmaIgIpzxEmRRcgvcUm1gWVKymSnXeqsKG-7Z8nDnnKFOlhPMwOBp93Z5g5hN0TYcltFLKiegyYpImiLfGRIcJPQb3dQEMUBK-zzbzamLMCnqk7o_wpNYqONIO4V3ajxTVVVTizMfoPg29PCxjxq0cp71_Ef2XL3v7YDTy30_1bbC8s04YhcTxMzYqCZGOtGatN02r5105-B4w4yv419_hgEpvlnegPehFKQY1CaqspyUTQBg3cTlI9QzuLBn3PTufHNuKDxeN9PI0HQPGFqf6fQ1igbmS-GSPgCNCJ01FbqPokAXIS2yrigDdY_cqmM8MGqjZzE7X7E34NCSTc2C3D2V2UwRHi_4eT18gXz02IW496GowzmGYs8Bwt2O2gczGilV-c9kd9qSUpZR1NQlLxUkg5P3aagAX3hARh4swRQ7AVWtiqg4qn-34K3A0VRvqGPqi8-Dd64aSA62GJhojd9Q8mCEZSmlLiLqlxpr3CTDuPYlKjxfud2LBHladkvUXPCMXdhYBmkxxRr4hSF0fEfvZahuE8UJ_k2aiW9qF4na0Gkd_vYG_RI7Sptl7Nx8ITDr5MPfQMymxp_kVN7ySTz-nosZkgXRyQvsM5qXTdpnJdqBZy2Up4-VI8bPL8rT1CIGNRZ0RTRynVOO0hhlbVMZHnv6TueSoCMfcf-kPG9gdu_6aHkc9P9vUbe_8hkReg_qzur4RVBBrd4AEsfvzvOnH6BDlqiT2QHk9GK8mdtvW-jF8wv0erX2W5s1WkUgUI9uWr22nU4dJRJWRqF3lv1BYOd3OoDfN-4aKKgYAX-_QQ5aITux6YefKH6Ne6L3DUt87wsN8RWLPrKi6ittjvV8oCSLX7EAmhVT7JSSMrpT-SvB6ymPfrvXaiSrKWAMUk3KZRJv5NGU4SbF8CIFWEt0bAxD4IkqGnnLfX1Mfq6t-_crWM-hxaYQk4PrLHbnfDkJCnLzXW-IsFq_gdbLCjNcUadFdMiBjxa1G9Fx-Q0GyMVwJttoaBe6xdlbEto9d3T3SBf1SfJxo_1dGMTbU2bJ_0H1jVUEx2puwQABOf0EzPKnPCrlDSKTHkFBBpPsIW68C9RA7vhWQZs4eZ3Lwu76Vg3sEGXLor50KKTYpeb2xTS023a8tFtQONa6CA_XKZKiCUnrrb2QJlw-C8s6ETYzbj4OxPXcJ36OlReGEHZRt5ruP3vu2lJacdNyDEPBKTFsMkyR8AtQ92gXdqq_BtuBCYjvTDVUq4TnDVrQSe9GjkKjg4cLgUxIRxUcN423iEjTENNDQE3uXgno3bw9PBEnGm8m0BhT1oyGO6HFJjvAqD4YB0actQETJwnFEM7Q3aVnyYHm51P-VQua0a8d8Cd8UM19MUlK-BFaWcdj_4Oqp--NdZfINei5up4zUg7TN-mIYbzf5hBRcZPG5tnmGp0btO07WV1rTWGG0htilOg8qumWDYv8gnZmaU7o9eqV3kEQwo-dY_MaPEa1WLxpqwC8EnwEpUX2LeOUgtkxms2yLgwOFvyRgf9phkM2kcks16cjU_rgvYNXBs7CuY4jOi8I0yX9p8JPSiQuq23MEXCWjoqTkgvnPnOdLnx9KKkfHQpQFYBxkcAFhbB4qcAupL72BvavQXtM4W2FjxYKKokZxA5YypoKzgnazELIPA4zWKpfNkp2QGTVpL-Z7SzdZmiZjYdTh7sWLRMaGbdejCwdm_im7uiCRKVEUBZjUG1HfEfH5iWu_AVN75mlLzEUQybdiMHqPH6D52z-bk_NQH0PMCYl-ZJfYTcASjaB4afA3I6tBn5L57nUDmZjYSy2ok7Ehp-43rJtCNMG10fqw-JyIKFS0I-Ny5ewyHRya-DXq8_uC2R1kPZGe44-sVgPmc5zsVB4lvpMBlAZxXzNW-ade7UmHEbmdx08JtUHC50fwt22onqq9V5MqzC140WzSN4zm5QV8rudKCqULTtZzCoIInhfee5ObCdGuo0r-hwm9lQppxqDQ0P1tIqBiowh7nmSjsBjZp1LnihZNYVONgl61lFL8iiG7OUPIYaiM2JIlPwIbtR2bRw1U999Qjm5MyxXQDOBRePH286gSTR24HAYymgDrHIFJs67h2ufyhLE-XF6Bmnrb7zwXev-i_gBh4CfGKl6TXtY&cid=CAQSLQCNIrLM7EM2JZ8YS4lHTRj_6Z8-z4hdiv0J9SNo_4o8uqKAIzsh_Ng6sGjBTxgB&rfl=1%2Chttps%253A%252F%252Fm.ensonhaber.com%252F%240

Requested by

Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa3e1227abca3c89f70ca6324bdd8c87b2fac3f7f4c69c6033859c4cf4942f8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38102
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F2D 42 B
63 B 117ms
71ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A7el4Uwu7cTdPhuHmQLmpgsOMBGoXh5PRYMcEnAHGvHfMRIoQFmnFjscOqY-KXz6dZwzhtL3kmH0gVhP68G6vVNzGLF8KmvyPyS0VMn-JzFOqA3yg

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame 6F2D
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/999585/61793174/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_dspID=3&ias_campId=27619584&ias_pubId=pub-8601585505701947&ias_chanId=1&ias_placementId=167257...
https://static.adsafeprotected.com/skeleton.gif

43 B
481 B

45ms
7ms

Image
image/gif

2600:9000:214f:6800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:214f:6800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
age: 21814832
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: cZy7qn9xfIbQ39d07YAfVZe_t3l2S4pgM4_JmcpTstYkBTa4MeeC2g==

Redirect headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:05 GMT
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 6F2D 3 KB
1 KB 146ms
83ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2021.js

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Apr 2022 03:16:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 6F2D 15 KB
6 KB 142ms
78ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6808c7f1192e091f9e9b4e15e28fa2a8904117ba54c11e51fc8eb9d179733e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 00:13:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6368
x-xss-protection: 0
server: cafe
etag: 1861550861606854559
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Apr 2022 00:13:35 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6F2D 0
0 89ms
47ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTxXAUYudlhq8FBihGhDU4B9iYHuvFEc198qRXBmU45IWOYL122ddAZM8b313ldA6O6gltI
Requested by: Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6F2D 119 KB
36 KB 160ms
122ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36909
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649897599747219"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Apr 2022 03:55:06 GMT

GET
H3 200 eshinterstitial.js Show response
icdn.ensonhaber.com/cdn/mobil/assets/js/ 3 KB
2 KB 21ms
20ms Script
application/javascript 2606:4700:10::ac43:442
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icdn.ensonhaber.com/cdn/mobil/assets/js/eshinterstitial.js
Requested by: Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:442 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41829f9cf69f7b56f6b7a464f962cee7cdb73dc9ba3f7ae91808ba6cc37cfc18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:06 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4664
x-msg-hkn: js
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-vtex-cache-status-nginx-thumbor: HIT
cf-request-id: 0aacc824be00002b4d70398000000001
last-modified: Wed, 28 Oct 2020 20:46:22 GMT
server: cloudflare
etag: W/"5f99d89e-ce6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6fc9fbc29cf692b4-FRA
cf-bgj: minify

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6F60
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFWtumiZiNz93sJqHLv8ME&google_cver=1

43 B
894 B

45ms
45ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFWtumiZiNz93sJqHLv8ME&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXzQrkKyWvPET2WLyLWWlEahtYX7KQMgl5r76e1UwP5wOFDEP0aCM5fYniZFVlneW4ET-vYQEfV7gpsWp5d98e3mNkJFjVmV60T9XM4irQ5UWtdMZ91O9SiMPSbGjzAx9oCtvhlBSpiUQKi0MFUdKWxayRZm79XsMQMBNS4iOjqhQkTc8s
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 16 Apr 2022 03:55:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 16 Apr 2022 03:55:06 GMT

Redirect headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFWtumiZiNz93sJqHLv8ME&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6F60
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ylo.GnJljP4LEwtB.hQw7AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPw-nsERgtgvvO4amoGLzkY&google_cver=1&google_hm=2

43 B
894 B

26ms
14ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPw-nsERgtgvvO4amoGLzkY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXzQrkKyWvPET2WLyLWWlEahtYX7KQMgl5r76e1UwP5wOFDEP0aCM5fYniZFVlneW4ET-vYQEfV7gpsWp5d98e3mNkJFjVmV60T9XM4irQ5UWtdMZ91O9SiMPSbGjzAx9oCtvhlBSpiUQKi0MFUdKWxayRZm79XsMQMBNS4iOjqhQkTc8s
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 16 Apr 2022 03:55:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 16 Apr 2022 03:55:06 GMT

Redirect headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPw-nsERgtgvvO4amoGLzkY&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6F60
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAaZvqA0-hdAiswV6z-y4WM&google_cver=1

43 B
1020 B

13ms
13ms

Image
image/gif

185.33.221.119
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAaZvqA0-hdAiswV6z-y4WM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXzQrkKyWvPET2WLyLWWlEahtYX7KQMgl5r76e1UwP5wOFDEP0aCM5fYniZFVlneW4ET-vYQEfV7gpsWp5d98e3mNkJFjVmV60T9XM4irQ5UWtdMZ91O9SiMPSbGjzAx9oCtvhlBSpiUQKi0MFUdKWxayRZm79XsMQMBNS4iOjqhQkTc8s

Protocol

HTTP/1.1

Server

185.33.221.119 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

917.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 16 Apr 2022 03:55:06 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 917.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 5e1818a5-d423-4944-8de1-48d9177c2c63
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAaZvqA0-hdAiswV6z-y4WM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6F60
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE0NzE0MTY5NDQxMDM2NTIxMw%3D%3D

170 B
243 B

40ms
40ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE0NzE0MTY5NDQxMDM2NTIxMw%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 16 Apr 2022 03:55:06 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 917.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d8a6ae9e-d2f3-417e-b38d-51c33e76378d
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE0NzE0MTY5NDQxMDM2NTIxMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8A6C 13 KB
5 KB 87ms
39ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://m.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 37604
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 17:28:22 GMT
expires: Sat, 15 Apr 2023 17:28:22 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E4BC 783 B
535 B 50ms
50ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d60b2b3631b26d74a126d47050aadc26812289d08ca071af11772f2f284e2520

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ycFXzZa5Q8k4sGeCD/u+AA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://m.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-ycFXzZa5Q8k4sGeCD/u+AA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 16 Apr 2022 03:55:06 GMT
expires: Sat, 16 Apr 2022 03:55:06 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E4BC 0
0 79ms
78ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022041201&jk=4122921727724021&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 6F2D 169 KB
59 KB 124ms
37ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
Origin: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 11:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58085
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Apr 2022 11:47:01 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame 6F2D 8 KB
3 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dhu7l5cl7mUjvyQ-ZB_q9LCvbZwNU9CnHCq4YFElb18-pphGiDbh4hYI4T4F_zNaH68SPUsNGi99qfz5sjE88etEncIFtpJD6vgMjnLmkmwK37sKHZNUy-cFEnJLrYUpQMoVQxEduWCU2ZxqZDgX7D_l6Gcw&dbm_d=AKAmf-B5tcsiaStaBx2THa18RNyVF7Ytw6MtldJzC13JsTIN0eoLFjewyDXcBMxFv6-gI1donYNwozhRvYXLlaeA3ToC88lNVdHgjcth5e30LERhbWFWkHNxnGtl2XGrelxOrlJTZtUE26lwDf0GdTOkwLuBc2QsfWPUvdrbG0PLek1Q4QexI_XmJCLFNxI2hIzzBQHidEUp2y_-Q5AdZWrPHthfgi08_i1QyMea5a_eHPaWUOvju6QqFwt4Rha-i33-wpzcSbJKW2dssMAmGhTn0WkldgJEHikV9y9qOpGZQmobqpcPHkEf9etoiQ9B5Ki69RshFLnJxX2hiDRW7Z0bTRkKWTX81rVxoPLGBQYyOx0doA6kN55ziwtml99NbjVEqFjzl5jiTn9SiavJxR_6Zq3JizJQMqgq_pnp45AaPUDRogsssdiTNPuFicLZAXFSqCMq8DtgIDDP5nx602p8eV296DslvvEPRPaKxx4NDIbQQUTjMMT5-pemzeul4OZW_eUveiskqNfxP29U1-LcrdkifDqmQy2UBC6qvOHtlEgp-s1X3a17uNJTwE1oKVNDQnx0bGP73hZUhgJ-bp0IJ36b-mjs2CHNAbYfC_T05FAlfgx0ve0KBkG_cGc6gXpNB6mAi_GaUulZS1_TQsEHotm7U7oarYG9g0ZQKxHBsLnsk7AmO0b-Pu2iypRRrIRJuCylh1ZLyCpAe1g5-YdYKhXiSvMJJlzfh0UE8wNDiyncdpf55Epiok6yqwuVh1VVhRt-D2u85nYPf5yD7p9a6aAG8U6mvXEnQL0GgYuo9mDO2xIVUDWHVDJRBZ8zAe5fRG5e2xC59dXiG0nc_NPIW5o8rO4JJGwtgYrwDP9PfLgaUAJS8_qARqBt65IPrOZsn6OB2OXZqd8yDXJfU9ETZY71EwYOQN7p7uw-yxKCsneSG2-f-g0_wOn4817oKBMbDh1VrDEN-1kS5SUINhXuX-5ZC0yiA2O0p5H5S83jwsTfJceBY0H4Wq3PAX82NZcZ9-YjHuR5xUusbVlK_DJZDsmn0RcPP3Smbus7VFZkjCkbpNq5aYZ932iamgV38YNxkZrajwZAn2Xmw-78pZsN_87lNg8astVbOBaSGy-AfARL09JzDUJJ8DBMj9Qo1TRKMSAJDh0Tca04DG_LScg4zKkQ1HyBJYvq1qZ4k0vnXXiN6iRDKCTgNTW9kNswzj6x2KiBWLoKsLzVbSM35tsmaIgIpzxEmRRcgvcUm1gWVKymSnXeqsKG-7Z8nDnnKFOlhPMwOBp93Z5g5hN0TYcltFLKiegyYpImiLfGRIcJPQb3dQEMUBK-zzbzamLMCnqk7o_wpNYqONIO4V3ajxTVVVTizMfoPg29PCxjxq0cp71_Ef2XL3v7YDTy30_1bbC8s04YhcTxMzYqCZGOtGatN02r5105-B4w4yv419_hgEpvlnegPehFKQY1CaqspyUTQBg3cTlI9QzuLBn3PTufHNuKDxeN9PI0HQPGFqf6fQ1igbmS-GSPgCNCJ01FbqPokAXIS2yrigDdY_cqmM8MGqjZzE7X7E34NCSTc2C3D2V2UwRHi_4eT18gXz02IW496GowzmGYs8Bwt2O2gczGilV-c9kd9qSUpZR1NQlLxUkg5P3aagAX3hARh4swRQ7AVWtiqg4qn-34K3A0VRvqGPqi8-Dd64aSA62GJhojd9Q8mCEZSmlLiLqlxpr3CTDuPYlKjxfud2LBHladkvUXPCMXdhYBmkxxRr4hSF0fEfvZahuE8UJ_k2aiW9qF4na0Gkd_vYG_RI7Sptl7Nx8ITDr5MPfQMymxp_kVN7ySTz-nosZkgXRyQvsM5qXTdpnJdqBZy2Up4-VI8bPL8rT1CIGNRZ0RTRynVOO0hhlbVMZHnv6TueSoCMfcf-kPG9gdu_6aHkc9P9vUbe_8hkReg_qzur4RVBBrd4AEsfvzvOnH6BDlqiT2QHk9GK8mdtvW-jF8wv0erX2W5s1WkUgUI9uWr22nU4dJRJWRqF3lv1BYOd3OoDfN-4aKKgYAX-_QQ5aITux6YefKH6Ne6L3DUt87wsN8RWLPrKi6ittjvV8oCSLX7EAmhVT7JSSMrpT-SvB6ymPfrvXaiSrKWAMUk3KZRJv5NGU4SbF8CIFWEt0bAxD4IkqGnnLfX1Mfq6t-_crWM-hxaYQk4PrLHbnfDkJCnLzXW-IsFq_gdbLCjNcUadFdMiBjxa1G9Fx-Q0GyMVwJttoaBe6xdlbEto9d3T3SBf1SfJxo_1dGMTbU2bJ_0H1jVUEx2puwQABOf0EzPKnPCrlDSKTHkFBBpPsIW68C9RA7vhWQZs4eZ3Lwu76Vg3sEGXLor50KKTYpeb2xTS023a8tFtQONa6CA_XKZKiCUnrrb2QJlw-C8s6ETYzbj4OxPXcJ36OlReGEHZRt5ruP3vu2lJacdNyDEPBKTFsMkyR8AtQ92gXdqq_BtuBCYjvTDVUq4TnDVrQSe9GjkKjg4cLgUxIRxUcN423iEjTENNDQE3uXgno3bw9PBEnGm8m0BhT1oyGO6HFJjvAqD4YB0actQETJwnFEM7Q3aVnyYHm51P-VQua0a8d8Cd8UM19MUlK-BFaWcdj_4Oqp--NdZfINei5up4zUg7TN-mIYbzf5hBRcZPG5tnmGp0btO07WV1rTWGG0htilOg8qumWDYv8gnZmaU7o9eqV3kEQwo-dY_MaPEa1WLxpqwC8EnwEpUX2LeOUgtkxms2yLgwOFvyRgf9phkM2kcks16cjU_rgvYNXBs7CuY4jOi8I0yX9p8JPSiQuq23MEXCWjoqTkgvnPnOdLnx9KKkfHQpQFYBxkcAFhbB4qcAupL72BvavQXtM4W2FjxYKKokZxA5YypoKzgnazELIPA4zWKpfNkp2QGTVpL-Z7SzdZmiZjYdTh7sWLRMaGbdejCwdm_im7uiCRKVEUBZjUG1HfEfH5iWu_AVN75mlLzEUQybdiMHqPH6D52z-bk_NQH0PMCYl-ZJfYTcASjaB4afA3I6tBn5L57nUDmZjYSy2ok7Ehp-43rJtCNMG10fqw-JyIKFS0I-Ny5ewyHRya-DXq8_uC2R1kPZGe44-sVgPmc5zsVB4lvpMBlAZxXzNW-ade7UmHEbmdx08JtUHC50fwt22onqq9V5MqzC140WzSN4zm5QV8rudKCqULTtZzCoIInhfee5ObCdGuo0r-hwm9lQppxqDQ0P1tIqBiowh7nmSjsBjZp1LnihZNYVONgl61lFL8iiG7OUPIYaiM2JIlPwIbtR2bRw1U999Qjm5MyxXQDOBRePH286gSTR24HAYymgDrHIFJs67h2ufyhLE-XF6Bmnrb7zwXev-i_gBh4CfGKl6TXtY&cid=CAQSLQCNIrLM7EM2JZ8YS4lHTRj_6Z8-z4hdiv0J9SNo_4o8uqKAIzsh_Ng6sGjBTxgB&rfl=1%2Chttps%253A%252F%252Fm.ensonhaber.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 323
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Apr 2022 03:49:43 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 6F2D 25 KB
10 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:48:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9777
x-xss-protection: 0
server: cafe
etag: 12512753850102923420
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Apr 2022 03:48:21 GMT

GET
H3 200 l2o4cWLNalU19nN7vA12WZhb1qS4KDqIWPmZT-glBuk.js Show response
pagead2.googlesyndication.com/bg/ Frame 8A6C 35 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/l2o4cWLNalU19nN7vA12WZhb1qS4KDqIWPmZT-glBuk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

976a387162cd6a5535f6737bbc0d7659985bd6a4b8283a8858f9994fe82506e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 01:45:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 266988
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13574
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Apr 2023 01:45:18 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6F2D 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 17:28:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37597
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 17:28:29 GMT

GET
DATA 200
OK truncated
/ Frame 6F2D 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e59e97cce9d3d7b7fc37607e1f6c877449570f8f5528484e60dfa6fc37855ea5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9536 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 37597
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 17:28:29 GMT
expires: Sat, 15 Apr 2023 17:28:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8A6C 0
9 B 39ms
39ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?7gNBWw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 l2o4cWLNalU19nN7vA12WZhb1qS4KDqIWPmZT-glBuk.js Show response
pagead2.googlesyndication.com/bg/ Frame 9536 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/l2o4cWLNalU19nN7vA12WZhb1qS4KDqIWPmZT-glBuk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

976a387162cd6a5535f6737bbc0d7659985bd6a4b8283a8858f9994fe82506e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 01:45:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 266988
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13574
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Apr 2023 01:45:18 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6657181183598343709/ Frame E234 36 KB
6 KB 94ms
48ms Document
text/html 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6441798447ba251e1090a35dcee01ee8b3e9446325a4c058fabda6090a90a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Apr 2022 03:55:06 GMT
expires: Sun, 16 Apr 2023 03:55:06 GMT
last-modified: Wed, 05 May 2021 19:27:44 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6F2D 0
622 B 148ms
78ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssXOG1hvBss8sFXy2k3l3_qxY_0Lm14YLlKYE84TOZCri1g-0ZcfCMHNY8G49LGYD_hrQ7ndMbypx771-_tNO0kPQRdmeRmOXvTQaaAN-JstcWUNVkqrFQdubz5ILxwi59j14fwrzjN8xym1iHTq1SkmhEnu3KTkeW3dDkH3dW0W9Dua6r-B_m8r4FW6ZTtA_73SzvYaVZnvOqezxdPnlLf0fm223uTLeNhePvFGWNKjzjOxwuYkZ_QKl3vF-Dwmu6pLcShnP9nnD1-M8aNzxaJZTev_fLeq_miIZ3HZhJB0qzpNH28OXUIKDn0eBL1UKo5j7tvgJq3BrAmwOH9T5EjcMHkbLL3NctFNwsr5ppD4fdEOtWfKEKLzMyLKL-x0qEt3jBZgD0okyqMGK7XwNDQJktXCRZRitUFSDjiKVuddlr7l4H3Ipntsqg2x-hKMGN7qcBrHYr-HiwlmmlicBJGzoy6o7ELrcnGgZxztiJaUnBReqCmZkbZcpEO_jxddeSlMS7LfljyiUdZ_8JZezLpmMTNbcfcUJQTKP7aDwbex26IpWTNPrAQETYIps5J9wfucBabnd_pxw65sSyVoCAp4eNF9tLjSYuonbOg7UQCnUR2mksCbgz_RjfIfrxuJnteXy_Zr0WQOgRf_vynE62vqtKy10G0yW7ntTQKuGYLXzxdrUpnY4J4O62rk-uG2s7cerKfNhoeFZvO56hRFqqHNXo-py9ei2Milmp-yg_v7VIlhQFPHzz-c2ALs9Unifvl9j7AOG7-uvrVykejUBn6DyUxV3pl3AeUFP25buhvkyzaxccSh8ooymuzc2h6kQYJxuyfcDwORpBzluk_hEOX9qeyFPhrKTXladXJbWQMoVexZrzgnIwHkanjfh0aY7Ya9gXpZI3KLgNcCeriRtYyDucVsa2ccwJeehbAgDsr_PHLZA58aHDZUtJwEnNhCdnhB3Kf241y7yskzfzl03LBV0ym88oG6KYCY6NuV7pqlvG7l-cISQEPEZ8Kg8MzsvbyHIjym-a0FzkP_tHl1eaRQUMui7w18wj-COcVossrci8GzeYLW0mNBH6ApwAip_4sHr_4vGlZ1pGagUCoSMSvSs75zym8hpNWih5ECPTUzI7OMwdQ9Mfi7D9nKUL4eZFi-4UKOIvk1_ZjMEWuFsZvdpNjfEr_1JuXkyB5j-CGvg2to6Q&sai=AMfl-YQ33oFopmvD1yq4mc9DiFk9i5pqwDbw47kwEtx07ja5L7YhbWC40kx8Z8v1QuoK7wR0bpnt4U6ZWo8b64NWPxLNgaM261ZyxuaGo6ivDwHSRBYUUHPS9Bi71-UwZs0ejE5vFpMpgIJOzPAl33s5TQb9RcCqJefaT0aEfaaaSIIZ22viSoLv8UbZHlmgnwb6SdJonxOJM2sH2EAbrrYX48tZtuthlL8ljhWoFcQN&sig=Cg0ArKJSzE3McD4F3WiEEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=205&cbvp=1&cstd=199&cisv=r20220413.22654&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Sat, 16 Apr 2022 03:55:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

firstevent
skydeutschland.demdex.net/ Frame 6F2D
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=1886800136&gdpr=&gdpr_con...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=1886800136&gdpr=&gdp...

42 B
967 B

41ms
40ms

Image
image/gif

54.171.18.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=1886800136&gdpr=&gdpr_consent=

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Server

54.171.18.52 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-18-52.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v031-01966ef16.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: l3OF1MCsRUI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v031-0f9e9016f.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: zEK1GTe6Rg0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=1886800136&gdpr=&gdpr_consent=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 6F2D 43 B
1 KB 65ms
17ms Image
image/gif 213.202.235.8
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=27619584&extPm=415076051&extCr=16725763156&gdpr=&gdpr_consent=&rnd=1886800136

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

213.202.235.8 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Sa, 16 Apr 2022 03:55:06 GMT
Server: Microsoft-IIS/8.5
Date: Sat, 16 Apr 2022 03:55:05 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 923
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 95 KB
31 KB 48ms
16ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: icdn.ensonhaber.com
URL: https://icdn.ensonhaber.com/test/native/prebid4.6.0_cr_tt_adf_rtb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8fb8fc201a6f570ebfce0b3504f6da40f0976cd36c20e2983b6e5b172ebf56a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:06 GMT
content-encoding: gzip
last-modified: Tue, 05 Apr 2022 12:58:03 GMT
server: nginx
etag: W/"624c3cdb-17cf9"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 17 Apr 2022 03:55:06 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9536 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bpk5zGT5aYva3PJeD3wPVpYvIBgAAAAA4AeAEAg&bg=!RkWlRQHNAAZvJBiFTyQ7ACkAdvg8WottSTi7KNZl-9tcBE_deuxqmYSfpz-86zYOIyVnJWB9cHuVgAIAAAA_UgAAAAJoAQeZAvKx4lQvP_XTGigkruqlXBh-6csYUpW6ncj_STUpqerT5nqEchMUFCag8xf0PifPKItmugMWLj6mKZBrQBxT2vkoedKW-BHE9k9Qpfq47VJkiPLTykUpE8wc3LFKmwdN5l_xTBLRt2nNKjShFQP2r1AKkknHdZIZnm4_WoOaA6sEvWiFo1VP639SaKaqnr92sMqFbbM1X2RU4kr91ja4fy4zDlBBmfvVwNT1QzJq8PjRY8k4uDnvcSCBeqUkwnnbdXNarCQ4aaXyF_RY306DgjNnJb3aGoC9dNv20BGkonHR1v02V8D2ytfGbrgjNzLumzbxr_i8V3syXn2rkbrmcBSqhM-dOAql15qA1t20Xlf7h-gGB3iew01eojdx82VUJMylddrV8k-eFBzwrA0pzH3AMRiQ_Ne3-dX0WSbRNoVdNBTlfBKShsSrqO4nYg16S4vz4noIBEZbDhPk8acl_s0Xykwx8CRQcQuayBgzIidMZfAzK7olWzyIHhfxnhYU7SdsGfdL8tESMpYlr-Dj4Bk_k26G_Fi8RYH5KnC41VWeBqIf2ZJunHv5va6WozVO-YMa59VemlZOr8ewXTHwZPKnxcVvJiqAYrKirTR6Id7bnuoX-ird6YPV3mUKyFG7oMK_rZ4yrtnhcRy5p_4ts5xZsLAnG2779pxXriCRyPQ1eY8zVPI4-khP2aHW3hteEY5cZdmYT51XxaaKgAUplMz-T5881ai49f18vdKr0-Ad-VA2OcwHTeOxgm35fMYko_5iyi6HG5ZxErrzzsCO79GNTCnUN_EbpFJ7_1n9UZ7PRjv8HviurvTbbpvbgDpUgxpa5C8mmaoGrOavGRa9X5uXaIZvYn68mg-MnQFPd-Ab-MvT7kmI7vScboPhl6zM-2OFKpO-QBPQBf5gWQrWI0sZBSFPs97ZJRRNhJ7tIWDfZu4eoUur9GDk6P_V5-RIKW8L_4WxAE5x_aOFE8ig2brDjHOwsiAzoM4unSUZgUsAcqcS

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/6657181183598343709/ Frame E234 6 KB
2 KB 39ms
39ms Stylesheet
text/css 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6657181183598343709/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2392bb69de9eb1e9efad1da54204d43b70c52e5b6004b053d1e645fac906ac3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 21:52:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280972
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1741
x-xss-protection: 0
last-modified: Wed, 05 May 2021 19:27:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 12 Apr 2023 21:52:14 GMT

GET
H3 200 Enabler_01_244.js Show response
s0.2mdn.net/879366/ Frame E234 109 KB
37 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_244.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 11:47:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58083
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38072
x-xss-protection: 0
last-modified: Tue, 07 Jul 2020 18:35:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Apr 2022 11:47:03 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/ Frame E234 59 KB
22 KB 53ms
22ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 190447
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21678
timing-allow-origin: *
last-modified: Tue, 21 Jul 2020 23:12:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f177643-eca3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uUkekgOsYaLJbCP3xfHecvaQNsueN%2FR4Bzh0YmkQD4DmP1%2BLQje1fr%2BIYqwHdVBYEIxiTgPqKUv%2BEOXRB3JESOU17uE1CQnnfLp6sVTZeH5K0O3M%2Bm%2BDho3%2FROiHvNdLyVytwaZFSN8Q78n0byQMWrBq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6fc9fbc55e42918e-FRA
expires: Thu, 06 Apr 2023 03:55:06 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame FCE2 13 KB
5 KB 49ms
17ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=m.ensonhaber.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2d97ecc3fc54beb500cfdfaab6e611f49e22c5dbaf368ede1c612e50bfd5099f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://m.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 5136
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 16 Apr 2022 03:55:05 GMT
server-processing-duration-in-ticks: 2373
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 95 KB
31 KB 48ms
17ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8fb8fc201a6f570ebfce0b3504f6da40f0976cd36c20e2983b6e5b172ebf56a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:06 GMT
content-encoding: gzip
last-modified: Tue, 05 Apr 2022 12:58:03 GMT
server: nginx
etag: W/"624c3cdb-17cf9"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 17 Apr 2022 03:55:06 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6F2D 0
26 B 102ms
65ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssXOG1hvBss8sFXy2k3l3_qxY_0Lm14YLlKYE84TOZCri1g-0ZcfCMHNY8G49LGYD_hrQ7ndMbypx771-_tNO0kPQRdmeRmOXvTQaaAN-JstcWUNVkqrFQdubz5ILxwi59j14fwrzjN8xym1iHTq1SkmhEnu3KTkeW3dDkH3dW0W9Dua6r-B_m8r4FW6ZTtA_73SzvYaVZnvOqezxdPnlLf0fm223uTLeNhePvFGWNKjzjOxwuYkZ_QKl3vF-Dwmu6pLcShnP9nnD1-M8aNzxaJZTev_fLeq_miIZ3HZhJB0qzpNH28OXUIKDn0eBL1UKo5j7tvgJq3BrAmwOH9T5EjcMHkbLL3NctFNwsr5ppD4fdEOtWfKEKLzMyLKL-x0qEt3jBZgD0okyqMGK7XwNDQJktXCRZRitUFSDjiKVuddlr7l4H3Ipntsqg2x-hKMGN7qcBrHYr-HiwlmmlicBJGzoy6o7ELrcnGgZxztiJaUnBReqCmZkbZcpEO_jxddeSlMS7LfljyiUdZ_8JZezLpmMTNbcfcUJQTKP7aDwbex26IpWTNPrAQETYIps5J9wfucBabnd_pxw65sSyVoCAp4eNF9tLjSYuonbOg7UQCnUR2mksCbgz_RjfIfrxuJnteXy_Zr0WQOgRf_vynE62vqtKy10G0yW7ntTQKuGYLXzxdrUpnY4J4O62rk-uG2s7cerKfNhoeFZvO56hRFqqHNXo-py9ei2Milmp-yg_v7VIlhQFPHzz-c2ALs9Unifvl9j7AOG7-uvrVykejUBn6DyUxV3pl3AeUFP25buhvkyzaxccSh8ooymuzc2h6kQYJxuyfcDwORpBzluk_hEOX9qeyFPhrKTXladXJbWQMoVexZrzgnIwHkanjfh0aY7Ya9gXpZI3KLgNcCeriRtYyDucVsa2ccwJeehbAgDsr_PHLZA58aHDZUtJwEnNhCdnhB3Kf241y7yskzfzl03LBV0ym88oG6KYCY6NuV7pqlvG7l-cISQEPEZ8Kg8MzsvbyHIjym-a0FzkP_tHl1eaRQUMui7w18wj-COcVossrci8GzeYLW0mNBH6ApwAip_4sHr_4vGlZ1pGagUCoSMSvSs75zym8hpNWih5ECPTUzI7OMwdQ9Mfi7D9nKUL4eZFi-4UKOIvk1_ZjMEWuFsZvdpNjfEr_1JuXkyB5j-CGvg2to6Q&sai=AMfl-YQ33oFopmvD1yq4mc9DiFk9i5pqwDbw47kwEtx07ja5L7YhbWC40kx8Z8v1QuoK7wR0bpnt4U6ZWo8b64NWPxLNgaM261ZyxuaGo6ivDwHSRBYUUHPS9Bi71-UwZs0ejE5vFpMpgIJOzPAl33s5TQb9RcCqJefaT0aEfaaaSIIZ22viSoLv8UbZHlmgnwb6SdJonxOJM2sH2EAbrrYX48tZtuthlL8ljhWoFcQN&sig=Cg0ArKJSzE3McD4F3WiEEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=394&vt=11&dtpt=189&dett=3&cstd=199&cisv=r20220413.22654&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: m.ensonhaber.com
URL: https://m.ensonhaber.com/medya/gonul-daginin-asumani-sere-serpe-kanepeye-uzandi-kirmizi-kombini-mest-etti-yaktin-ortaligi-guzellik

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E234 7 KB
5 KB 97ms
50ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_244&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfaff8084ec590f12b316a5423ffe5ce313fa61b73c79435c3e254ecf0073276

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5440
x-xss-protection: 0

GET
H3 200 skyLogo_300x250_2020.png_1621952972643_skyLogo_300x250_2020.png
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame E234 9 KB
9 KB 41ms
40ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/skyLogo_300x250_2020.png_1621952972643_skyLogo_300x250_2020.png

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2544f04aed16a754b4c8198ae0cf980587519e858da56360dac423739b4bc504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 16:37:58 GMT
x-content-type-options: nosniff
age: 299828
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9410
x-xss-protection: 0
last-modified: Tue, 25 May 2021 14:29:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Apr 2023 16:37:58 GMT

GET
H3 200 blank.png_1621952972643_blank.png
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame E234 95 B
120 B 86ms
85ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/blank.png_1621952972643_blank.png

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 23:27:00 GMT
x-content-type-options: nosniff
age: 275286
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95
x-xss-protection: 0
last-modified: Tue, 25 May 2021 14:29:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Apr 2023 23:27:00 GMT

GET
H3 200 DCO_Residential_300x250_ParisPolice_1.jpg_1633702865171_DCO_Residential_300x250_ParisPolice_1.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame E234 42 KB
42 KB 76ms
75ms Image
image/jpeg 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/DCO_Residential_300x250_ParisPolice_1.jpg_1633702865171_DCO_Residential_300x250_ParisPolice_1.jpg

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dccd8dd609ac5e166a60fee10fc44c512c4d273be49eb3729ccbd1470133c83f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 16:21:14 GMT
x-content-type-options: nosniff
age: 214432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43244
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 14:21:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Apr 2023 16:21:14 GMT

GET
H3 200 DCO_Residential_300x250_ParisPolice_2.jpg_1633702865171_DCO_Residential_300x250_ParisPolice_2.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame E234 13 KB
13 KB 85ms
85ms Image
image/jpeg 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/DCO_Residential_300x250_ParisPolice_2.jpg_1633702865171_DCO_Residential_300x250_ParisPolice_2.jpg

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

987a5ac77932937d66d0576caadbd70a3e45c96b127d290a146fa0b2ffe16816

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 06:43:14 GMT
x-content-type-options: nosniff
age: 76312
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12801
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 14:21:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 06:43:14 GMT

GET
H3 200 DCO_Residential_300x250_ENT_3.jpg_1636446921292_DCO_Residential_300x250_ENT_3.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame E234 12 KB
13 KB 91ms
90ms Image
image/jpeg 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/DCO_Residential_300x250_ENT_3.jpg_1636446921292_DCO_Residential_300x250_ENT_3.jpg

Requested by

Host: ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
URL: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

641bca88422740f13999ce1981479716803ea7bbef797071bc213b349160503c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=PgrprhCHx3&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 04:09:55 GMT
x-content-type-options: nosniff
age: 344711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12794
x-xss-protection: 0
last-modified: Tue, 09 Nov 2021 08:35:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Apr 2023 04:09:55 GMT

GET
H3 200 sky_regular.woff
s0.2mdn.net/creatives/assets/3668815/ Frame E234 33 KB
33 KB 39ms
39ms Font
font/woff 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3668815/sky_regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6657181183598343709/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f738547bbcdbef189de47347ad84fc0bb0c15164980f51a0214706fa5c94a73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6657181183598343709/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:48:58 GMT
x-content-type-options: nosniff
age: 368
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33980
x-xss-protection: 0
last-modified: Thu, 20 Feb 2020 12:38:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Apr 2022 04:03:58 GMT

GET
H3 200 sky_medium.woff
s0.2mdn.net/creatives/assets/3668815/ Frame E234 27 KB
27 KB 48ms
48ms Font
font/woff 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3668815/sky_medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6657181183598343709/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4373878b9f750698b6a199ebc0eb0e550df208c5a1f9f778a346e271a2b4d733

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6657181183598343709/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:44:12 GMT
x-content-type-options: nosniff
age: 654
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27952
x-xss-protection: 0
last-modified: Thu, 20 Feb 2020 12:38:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Apr 2022 03:59:12 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame FCE2
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=ensonhaber.com&sn=ChromeSyncframe&so=0&topUrl=m.ensonhaber.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=x1HYSHxsKzN3c1ljeVBaZ3hOZEI1UytJa3lTSW92anhuenhpZGpqWUhHdUN0RWg3YlA2OUhqYUZDZ25NOFNRR1BZVDRwdElSMzFQQVlFbXZicFZuL2VpT0VJK2x2VExpeTdwNHhjU0RjYmJMK1ZkelpEMERubm9nYzNyZ2...

438 B
632 B

57ms
17ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=x1HYSHxsKzN3c1ljeVBaZ3hOZEI1UytJa3lTSW92anhuenhpZGpqWUhHdUN0RWg3YlA2OUhqYUZDZ25NOFNRR1BZVDRwdElSMzFQQVlFbXZicFZuL2VpT0VJK2x2VExpeTdwNHhjU0RjYmJMK1ZkelpEMERubm9nYzNyZ2hwQllISGVvdEUwcm15RjJFdE9vM2l1bWlSNkQ0R2JYUk5tcjR5RUVpblk2SFhiTGtSaE90bkd6WUQ4TGhvTjVaZE1KYW1HTTE2VzZZTi9XTGFDUWRUNEI1SGRFMWw2bGE4Sms2UGJyaE92QndEWUNDSGFNYlBhQUo5S3JRSFNzbzRjRjlNRzBDL2ZEUXRONzV3WlJ6eU1jMmdDSFI0Zz09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

64cd3d395cc3ec1c60c61093232044e4bad7fefe29f954f15c8a699f66a54edc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:06 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4902
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:05 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=x1HYSHxsKzN3c1ljeVBaZ3hOZEI1UytJa3lTSW92anhuenhpZGpqWUhHdUN0RWg3YlA2OUhqYUZDZ25NOFNRR1BZVDRwdElSMzFQQVlFbXZicFZuL2VpT0VJK2x2VExpeTdwNHhjU0RjYmJMK1ZkelpEMERubm9nYzNyZ2hwQllISGVvdEUwcm15RjJFdE9vM2l1bWlSNkQ0R2JYUk5tcjR5RUVpblk2SFhiTGtSaE90bkd6WUQ4TGhvTjVaZE1KYW1HTTE2VzZZTi9XTGFDUWRUNEI1SGRFMWw2bGE4Sms2UGJyaE92QndEWUNDSGFNYlBhQUo5S3JRSFNzbzRjRjlNRzBDL2ZEUXRONzV3WlJ6eU1jMmdDSFI0Zz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1845
content-length: 541
expires: 0

GET
H2

200

user
ads3.admatic.com.tr/ Frame 8FBB
Redirect Chain

https://x.bidswitch.net/sync?ssp=admatic
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=admatic
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=admatic
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=389f8b2a-2477-4e5e-9333-87a8b9cb7b45&ssp=admatic
https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=
https://ads3.admatic.com.tr/user?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=

35 B
166 B

47ms
46ms

Image
image/gif

188.132.147.235
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads3.admatic.com.tr/user?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=
Protocol: H2
Server: 188.132.147.235 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: static-235-147-132-188.sadecehosting.net
Software: AdMatic / AdMatic
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.admatic.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:06 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
server: AdMatic
x-powered-by: AdMatic
etag: mxggRQZVMWfpIKWW8Ts1sRIT2DzGw8LYA_PbqLBOLR2LE5QScntECrYOjUBydrTTiv7g7PnnE4aOrOqMG0Bgiw
content-type: image/gif
cache-control: no-cache
timing-allow-origin: *
content-length: 35

Redirect headers

timing-allow-origin: *
date: Sat, 16 Apr 2022 03:55:05 GMT
location: https://ads3.admatic.com.tr/user?bsw_uuid=2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7&dsp_uuid=&dsp_id=
x-powered-by: AdMatic
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://cdn.admatic.com.tr
cache-control: no-cache
access-control-allow-credentials: true
content-type: text/html; charset=utf-8
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length: 221

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E234 17 KB
6 KB 1547ms
1546ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 03:55:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Apr 2022 03:55:08 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 82ms
81ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022041201&jk=4122921727724021&bg=!R0SlRADNAAZvJBiFTyQ7ACkAdvg8Wk2aTv5gtnidkt4LaP4PaBX9b-632jQbAe5nLo8218UkATHBhAIAAABUUgAAAAJoAQcKAHkzAWArQceJGnEE-nQTYN6KQHOaudxcfnUd-L8johtahrrZxTH8M5287o2_dDaKPBfAxUvtUBUuCVTzrHQKJVsMggcNqBjLj9hvAzghBOifOdPMcFlgGO7ZWbx5UPO62i9Zz7LYqpN1vIgz2iMXhrnYCOLD8r1kwsnHmQKe27BP1UUU8JkSNSlzczefxA-j1442XIHDhHbFoh6WW_2UFs7ZmxxfLgOURItFASuAbJ6jbY3rV8jgKMY-xxkUfe9RJ2bc3qfEeI31zN_p1b-TCTxvYP6wVKCi9FqovD7x5C04zIZfQQI7L8tulJqMliJRVriS1qXPvHipy_uVZa5xk2ULd-RMD-JbR_8UfaP7sNcUk-HQGJn8mxbdW2XkkVcpFbYyH_9j69FaFznTTENJUenEPXH90ZtDsWKSwG88Ln2U-BY59OVEhlOrKQKHXSebvk0R8FNR36Pn9MmgPb7ML8vp9l6e64X1RLsmN7-gyhIOL-7y8L7Idpfpd18qTruAeHk7ZkaGwDMxs52vgE1_Tqr0vqCroDCc3KFGYZDSfWOQSR4tdMX79p4YpPcxvV48H_kEzqwB5s71gPGOV7xztStFPuVnk95rCStB6lF67N8jqDJ5RDNVywG6KXWYpVV90Si4bx_N9TSnxcY0FVHet7WF5StN__Sjm3_EH8vcwDFUujsP5zDvDbfLzZYkfe-H40I9A-2gVGYv5acpc57mIINKw5-HO4h4Ogiieh1sWHU6gjE-IJOC9QAnW37k5PhqbANXTVudyGYrO_805kn-zlDkmnVuOkH62-fU8UQwkKol0dWsQbUpoO9-qzmtGxzkH1NxNlgwocNWkSiKMwwvei2VT2oBQi70l0nfJInY7o7teAWgtK97YhLTEmgfxj7izGEa9LwXWJUlxtnr062ZQW_DC_c3RJ9Y8OOikH0fxG7cTCtsPQEZqenb2K03_WH3tTNkMUEfiv7jydHh_rMRM_UfTSjwRoYcp-_jTf0eYmJsxpmHRzCGiHN9p_Pumb_yYJmVNQc3pTFClx9KOgIqh8DXASN8qYjFroMwag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6F2D 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstkSbKFaco3CgfvGrXUNt7MKIRbILhvXH9cBzFaYlYaOIA-e9W3Ja484WtWM-bS41qgT8V5ALRKnKVDqAEw4wsUevTgtqDK9wFgBmiPXcPN4NLt4fRmPg&sai=AMfl-YSH7vTGa1aXODLzFdKNM0ljxeGAPMKsMkCdbq7YppOG_zPLUJAbaB_JrEaODmq_w5fwaj6SSgRXMtwiCpXGSMbJ3yLElPHcYuzgYx4L&sig=Cg0ArKJSzMgAhTBaieHWEAE&cid=CAQSLQCNIrLM7EM2JZ8YS4lHTRj_6Z8-z4hdiv0J9SNo_4o8uqKAIzsh_Ng6sGjBTxgB&id=lidar2&mcvt=1000&p=689,650,939,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1664534805&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650081305783&rpt=384&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Apr 2022 03:55:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 l2o4cWLNalU19nN7vA12WZhb1qS4KDqIWPmZT-glBuk.js Show response
pagead2.googlesyndication.com/bg/ Frame 36F3 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/l2o4cWLNalU19nN7vA12WZhb1qS4KDqIWPmZT-glBuk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

976a387162cd6a5535f6737bbc0d7659985bd6a4b8283a8858f9994fe82506e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 01:45:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 266990
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13574
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Apr 2023 01:45:18 GMT

Verdicts & Comments Add Verdict or Comment

100 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ensonhaber.com/	1970-01-20 02:21:23	Name: __asc Value: c1e2cf4e1803082923acdd8dae9
.ensonhaber.com/	1970-01-20 11:08:23	Name: __auc Value: c1e2cf4e1803082923acdd8dae9
.bidswitch.net/	1970-01-20 11:06:57	Name: tuuid Value: 2ad89aaf-ca60-4915-9cd6-d68e62dc9fe7
.bidswitch.net/	1970-01-20 11:06:57	Name: c Value: 1650081305
.bidswitch.net/	1970-01-20 11:06:57	Name: tuuid_lu Value: 1650081305
.ensonhaber.com/	1970-01-20 19:52:33	Name: _ga Value: GA1.2.553546818.1650081305
.ensonhaber.com/	1970-01-20 02:22:47	Name: _gid Value: GA1.2.1280510724.1650081305
.ensonhaber.com/	1970-01-20 02:21:21	Name: _gat_gtag_UA_87983201_1 Value: 1
.creative-serving.com/	1970-01-20 11:42:57	Name: tuuid Value: a6360fd9-0b64-4395-a1e8-d720f6f02f12
.creative-serving.com/	1970-01-20 11:42:57	Name: c Value: 1650081305
.creative-serving.com/	1970-01-20 11:42:57	Name: tuuid_lu Value: 1650081305
.ads4.admatic.com.tr/	1969-12-31 23:59:59	Name: ARRAffinity Value: 63f3e4fec5e4d982b9f6241478f6dc3d25eb506b9e7a317df6aa520374ebff30
.ads3.admatic.com.tr/	1969-12-31 23:59:59	Name: ARRAffinity Value: a3afa4c7d8a1717c24f9e5c055497ba8e77c70734474352b729f4d8ad64748ce
.admatic.com.tr/	1970-01-20 11:06:57	Name: __adm_ui Value: gcST93H2zF-HMgfBMSLuS40177GaOEJX-vsQ3S5d6kcM7pI7hS__F62YeKj9AMe9oAFhiVwPPqv7SoSwdrx7cw
.ensonhaber.com/	1970-01-20 11:06:57	Name: __adm_ui Value: gcST93H2zF-HMgfBMSLuS40177GaOEJX-vsQ3S5d6kcM7pI7hS__F62YeKj9AMe9oAFhiVwPPqv7SoSwdrx7cw
.ensonhaber.com/	1970-01-20 11:42:57	Name: __gads Value: ID=62a8cb68fee01da8:T=1650081305:S=ALNI_MaK3mt7iLMWz-UYSzHELQySYQXe-A
.casalemedia.com/	1970-01-20 11:06:57	Name: CMID Value: Ylo.GnJljP4LEwtB.hQw7AAA
.casalemedia.com/	1970-01-20 04:30:57	Name: CMPS Value: 3268
.doubleclick.net/	1970-01-20 11:42:57	Name: IDE Value: AHWqTUlSSDm2SepyK2yB3sBUX9XZsAUnW8CEg4aruQXHUx-1AEsdfGZp8Di7MuC3fcU
.adnxs.com/	1970-01-20 04:30:57	Name: uuid2 Value: 3147141694410365213
.casalemedia.com/	1970-01-20 04:30:57	Name: CMPRO Value: 1186
.casalemedia.com/	1970-01-20 02:22:47	Name: CMST Value: Ylo+GmJaPhoA
.adnxs.com/	1970-01-20 04:30:57	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVLf5Sq?!]tbPl1M>e)ZlrFUfJ+tGXxoPDX9PYSi?TQMY:@L)mf#HTbv:^ND831-vv3If)y3KL9D3I?+ZEjwyz
.casalemedia.com/	1970-01-20 11:06:57	Name: CMRUM3 Value: 2d625a3e1a2760CAESEEFWtumiZiNz93sJqHLv8ME
m.exactag.com/	1970-01-20 04:30:57	Name: exactag_new_gk Value: beda0087e1aa40b394ddf2ef731c98e9%7c15.06.2022+03%3a55%3a05
m.exactag.com/	1970-01-20 06:40:33	Name: exactag_new_uk Value: 6e1d1c7a8f80451c831822f49e6378c9%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: cc9512a94fad4f39ac1e499a
.console.adtarget.com.tr/	1970-01-20 03:50:38	Name: vmuid Value: 7784ed69058593ac
.console.adtarget.com.tr/	1970-01-20 03:50:38	Name: a314221 Value: gcST93H2zF-HMgfBMSLuS40177GaOEJX-vsQ3S5d6kcM7pI7hS__F62YeKj9AMe9oAFhiVwPPqv7SoSwdrx7cw
.demdex.net/	1970-01-20 06:40:33	Name: demdex Value: 53596035297356187792044254910478568509
.skydeutschland.demdex.net/	1970-01-20 06:40:33	Name: skydeutschland Value: 53596035297356187792044254910478568509
.criteo.com/	1970-01-20 11:42:57	Name: uid Value: 6926942f-28fb-420f-b2c8-4a2ea2e0b00a
.ensonhaber.com/	1970-01-20 11:42:57	Name: cto_bundle Value: xPou0F9RN1BTdCUyRkNJbEhFM0o5JTJCRFpndng5eWJOSXNtaEdTQW1hMkdxWkdQJTJCRUltVEpGSXg4UkNYJTJCamtheDVrWTZlT2x4SG1LNUMyUSUyQnJnb0tVM1FxeFl6JTJCME4wQU1aazllTm80VmRhS0tSMmw3bnRkVDZ4Y0EyZkNGTnR3TGhnVnRSNkNOTk9LbDhpcERLVDVrdlpmQ0xQNWclM0QlM0Q
.scoota.co/	1970-01-20 19:52:33	Name: tuuid Value: 389f8b2a-2477-4e5e-9333-87a8b9cb7b45
.scoota.co/	1970-01-20 19:52:33	Name: c Value: 1650081306
.scoota.co/	1970-01-20 19:52:33	Name: tuuid_lu Value: 1650081306

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admatic.mgr.consensu.org
ads.creative-serving.com
ads3.admatic.com.tr
ads4.admatic.com.tr
adservice.google.com
adservice.google.de
api-stg.ensonhaber.com
bidder.criteo.com
ca8426461ae2b418f53fd9b40602e332.safeframe.googlesyndication.com
cdn.admatic.com.tr
cdn.id5-sync.com
cdn2.admatic.com.tr
cdnjs.cloudflare.com
certify-js.alexametrics.com
certify.alexametrics.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
fonts.googleapis.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
icdn.ensonhaber.com
id5-sync.com
m.ensonhaber.com
m.exactag.com
mug.criteo.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
r.scoota.co
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
s0.2mdn.net
securepubads.g.doubleclick.net
skydeutschland.demdex.net
static.adsafeprotected.com
static.cloudflareinsights.com
static.criteo.net
stats.g.doubleclick.net
sync.console.adtarget.com.tr
tpc.googlesyndication.com
www.ensonhaber.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
142.250.185.162
142.250.185.66
142.250.186.66
178.250.0.165
178.250.2.146
185.33.221.119
188.132.147.235
188.132.147.236
193.33.29.8
213.202.235.8
23.35.236.247
2600:9000:214f:6800:8:48e:53c0:93a1
2606:4700:10::6816:49e7
2606:4700:10::ac43:442
2606:4700:440e::ac40:9c1a
2606:4700::6811:190e
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:811::200a
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::2006
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2004
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9c
2a02:2638::1c
2a02:2638::3
3.125.247.50
3.126.125.87
34.255.51.86
46.105.202.126
51.89.20.87
52.25.210.71
54.171.18.52
54.77.7.200
62.149.0.72
89.187.169.39
99.86.4.120
99.86.4.6
01adbdcdde3d55ba3376328000c9afa1f5c19b2029b29b72d720a704c5342ec2
05690fb6a6129da06d2e597e73de0d90292ad5916f532645a0fbbc8c38ed6f52
07d5087b985f403c77f82394589566967faf7abf28cdc561759f9655fabcb42d
09f3adc0d0724a762e8d87525f3510ffa0ec0577e316c4e7c8e4f899810b3d37
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f846ea7b44f98a35d908e9e0b43741bad0ad9969cfad2418405b703508ac84e
1240106b570dda5fdb8cf5e703d20b1068194eb2f18795e20fa85fcb96108fdb
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1a2d828fe48b1da0812195702e18e13c1d297d302b1a6487f422b0afd865fc82
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1ed5f2fc1e66035303acba9525aeae50f4b303e9dc137c6e1ced3c240048dddd
207ca22a1c047fb3b4f310037c5172e7422bec1574ffa0a827f0b6432d591c39
2392bb69de9eb1e9efad1da54204d43b70c52e5b6004b053d1e645fac906ac3f
2544f04aed16a754b4c8198ae0cf980587519e858da56360dac423739b4bc504
26efd8b38b93a5e0dc25f2a5eb279a8a9276b84e66bc0410d689cf5c9999db02
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2d97ecc3fc54beb500cfdfaab6e611f49e22c5dbaf368ede1c612e50bfd5099f
2f738547bbcdbef189de47347ad84fc0bb0c15164980f51a0214706fa5c94a73
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
346a2372ce4bfbc63d8413fa315f4fe4272a55fff6fc232f50fbe541fb5c4119
3625c3de2c5ff3ae1d390f25c3626c637dff10b1a651c097b45bceee62062093
3edbc9164485c707a3eca64c82eaa0838bc098ca3a21841685aa66caf0a72135
41829f9cf69f7b56f6b7a464f962cee7cdb73dc9ba3f7ae91808ba6cc37cfc18
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4373878b9f750698b6a199ebc0eb0e550df208c5a1f9f778a346e271a2b4d733
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c172bb39bfa6678554f8b0a2b2b1e8097f2f2c7a0b6d6e9695ce90457ccbd79
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50589621055ce4191a6b1a0a6c6b0d2c76c7586a73bfe58565edbe751c96d937
51b238e76824248990b6afee557335a862af977789109b95fffb871b81cb80f8
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59f64cdfb1dbf90eeed41b90d8925b78f78887dd3d64b79e93c70241391ce8d0
5c1646ab2a0a2cc9c387c8e1a34b515dc9a0ef54c6061a48ee08717705acb93c
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
607621318571f4c48784c196784133fb7ea6db9c1ad3fb28deac95d17d91883f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd
641bca88422740f13999ce1981479716803ea7bbef797071bc213b349160503c
64cd3d395cc3ec1c60c61093232044e4bad7fefe29f954f15c8a699f66a54edc
64f9f3a3e3272fde20321b5ff5eea87d95a58797d957f255725f2be032ea90ab
6808c7f1192e091f9e9b4e15e28fa2a8904117ba54c11e51fc8eb9d179733e1c
69531c551a4db00b2810f3b1c3323b5c7dd8b0869aac0e0596c821702ad941f8
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
78621be4aa2814708ce6f6c7c7b209d997165922ff98857c1e18a94df55b8b82
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a81ff37e5a151a46d0bc1f14b4c9f6a3f5af6bead3610664b58a97facbab0ff
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ac9f8752c678a0d8cf16d73cb9a9d257a79dabc1e526e03067a5008fb505045
8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc
8fb8fc201a6f570ebfce0b3504f6da40f0976cd36c20e2983b6e5b172ebf56a0
976a387162cd6a5535f6737bbc0d7659985bd6a4b8283a8858f9994fe82506e9
987a5ac77932937d66d0576caadbd70a3e45c96b127d290a146fa0b2ffe16816
9c23d25864e05885416098b46152edafa1ef89ad6c8fa14654e92dd0d70df697
9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
ae1662349ff25bf23f2d8c4d4affd74d2531892eac8dabfd7a05d80459c36583
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b138dcab9d0b8f24962dc2171882913b8982b5c18e3e51b1ae7da3d76a95fdf5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bba94951470925772b3600a4881d00ff3571d446e9078ef4e53bb055587c2068
bc82686ad7d60362610cb0d7958d05585ce911948be0392097e20e3d4ed207a0
ceb5fbd97069204b5a063bf53221869aff3df83eb1fb5eeffd77fc635fed5d91
ceba684149cd5d5974e25ea4565a40af7239f8e0af49cc00146ae6317a6bf756
d60b2b3631b26d74a126d47050aadc26812289d08ca071af11772f2f284e2520
dba4d22701369b2c2e7adfa8c39cfea3e5ffbb503d3d510fcc79e34a7aa20ca8
dccd8dd609ac5e166a60fee10fc44c512c4d273be49eb3729ccbd1470133c83f
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfaff8084ec590f12b316a5423ffe5ce313fa61b73c79435c3e254ecf0073276
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e59e97cce9d3d7b7fc37607e1f6c877449570f8f5528484e60dfa6fc37855ea5
e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1
e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503
e8b9dedc5630db6f206165bf8636f8c241b29648fbb33bed5f9dcbe8ef5e55f5
e9c3c5d55b8780688e2c047d655d38d3d16db2662e041462e2b32302b1d9c56d
ecdc8348a360b40b4db59b3b9000ad3361ebe9e6ef1c00648c26b304f90eab45
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0bc21749ac4d20190188bf9a49343edbef134fdd7e4f6303f4844fb22d62934
f6441798447ba251e1090a35dcee01ee8b3e9446325a4c058fabda6090a90a16
f761fbf7c69adc2f4b0c9e272eb85f90f21752316479ccbfb025f531e9dafe3b
fa3e1227abca3c89f70ca6324bdd8c87b2fac3f7f4c69c6033859c4cf4942f8f
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fdf1f493fe942dc93a3c6995b356a9d715ee631ed67f8533d75968738b04a464
feec2c569371060f3d2b0907dc013b54d9c4a0ac2171fabcdd5a4b1d62cf4212

m.ensonhaber.com Open in urlscan Pro 2606:4700:10::6816:49e7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

129 Requests

93 %HTTPS

48 %IPv6

29 Domains

48 Subdomains

41 IPs

9 Countries

1962 kBTransfer

4078 kBSize

36 Cookies

3 Outgoing links

Redirected requests

129 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

m.ensonhaber.com Open in urlscan Pro
2606:4700:10::6816:49e7 Public Scan

Screenshot
Live screenshot

Full Image

129
Requests

93 %
HTTPS

48 %
IPv6

29
Domains

48
Subdomains

41
IPs

9
Countries

1962 kB
Transfer

4078 kB
Size

36
Cookies

129 HTTP transactions
1 data transactions