pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://urlshort.in/tKfEa
Effective URL:
https://pcloak.blob.core.windows.net/web/665xy792.html
Submission: On March 19 via api (March 19th 2023, 6:46:35 am UTC) from TR — Scanned from NL

Summary HTTP 62 Redirects Behaviour Indicators

Summary

This website contacted 17 IPs in 3 countries across 14 domains to perform 62 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on December 21st 2022. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
17	31.192.212.242 31.192.212.242	42846 (GUZELHOST...) (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S.)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
4	2a02:26f0:780... 2a02:26f0:780::210:ca78	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:d63b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:480... 2a02:26f0:480:e::210:f113	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
62	17

1 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

urlshort.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 31.192.212.242 (Turkey)

ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR)
PTR: 242r7emgq.guzel.net.tr

kampanyabul.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:780::210:ca78 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:d63b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:e::210:f113 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 134	317 KB
17	kampanyabul.org kampanyabul.org	270 KB
6	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 32	41 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 413 p.typekit.net — Cisco Umbrella Rank: 542	83 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	2 KB
3	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 3531 onesignal.com — Cisco Umbrella Rank: 1362	73 KB
2	gstatic.com fonts.gstatic.com	31 KB
2	cloakan.co www.cloakan.co	731 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	49 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	1 KB
1	google.nl adservice.google.nl — Cisco Umbrella Rank: 14570	531 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25	20 KB
1	urlshort.in 1 redirects urlshort.in	648 B
62	14

	Domain	Requested by
17	kampanyabul.org	www.cloakan.co kampanyabul.org
9	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
8	pagead2.googlesyndication.com	kampanyabul.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	use.typekit.net	kampanyabul.org use.typekit.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
2	www.google.com	1 redirects tpc.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	cdn.onesignal.com	kampanyabul.org cdn.onesignal.com
2	www.cloakan.co	pcloak.blob.core.windows.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.nl	pagead2.googlesyndication.com
1	onesignal.com	cdn.onesignal.com
1	p.typekit.net	use.typekit.net
1	www.google-analytics.com	kampanyabul.org
1	urlshort.in	1 redirects
62	18

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2022-12-21` - `2023-12-21`	a year	crt.sh
mail.cloakan.co R3	`2023-03-03` - `2023-06-01`	3 months	crt.sh
kampanyabul.org R3	`2023-01-20` - `2023-04-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh
*.google.nl GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/665xy792.html
Frame ID: F2978A7CA139944C457E9E6726427693
Requests: 6 HTTP requests in this frame

Frame: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Frame ID: A8B3BE6C2F5999769E0D6EEA4B65E2AB
Requests: 34 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/zrt_lookup.html
Frame ID: 9A19FEFC301D4E562ED439C0A73543A6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1067281812402762&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679208391638&bpp=4&bdt=472&idt=170&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&nras=1&correlator=1984921185926&frm=24&ife=1&pv=2&ga_vid=563413392.1679208391&ga_sid=1679208392&ga_hid=2143391056&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=2970789795&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44773809%2C44759926%2C44759875%2C44777876%2C42531705%2C31072952%2C31073102&oid=2&pvsid=264344786513688&tmod=2071359227&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dp1ezc123gc3&fsb=1&dtd=190
Frame ID: C37A85200569B24E043A6A72A3D38D7C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1067281812402762&output=html&h=461&slotname=6853202554&adk=429705950&adf=79617252&pi=t.ma~as.6853202554&w=710&lmt=1679208391&rafmt=11&format=710x461&url=https%3A%2F%2Fkampanyabul.org%2Fcategory%2Fbanka-kampanyalari%2Fvakifbank&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679208391642&bpp=2&bdt=476&idt=195&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1984921185926&frm=22&ife=1&pv=1&ga_vid=563413392.1679208391&ga_sid=1679208392&ga_hid=2143391056&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=2970789795&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44773809%2C44759926%2C44759875%2C44777876%2C42531705%2C31072952%2C31073102&oid=2&pvsid=264344786513688&tmod=2071359227&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.nntqk178sjq3&fsb=1&xpc=7mhRpJrU8V&p=https%3A//kampanyabul.org&dtd=205
Frame ID: C39DD6224B1896CF1F0B885CC0A6BCF9
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 70F07841025EA0FAA56D7481EA002E45
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/PQ7F-3j7IW7HtCEpcT_WSI9tX5puXOVPYtzmzEMsE24.js
Frame ID: 35C881BF0D961A8F60F2AA7BEFF95398
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 889DE2CF8F96FE55F4ABF8E6A5405124
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1D9B266672A8F2A2C43F984AD2971268
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://urlshort.in/tKfEa HTTP 301
https://pcloak.blob.core.windows.net/web/665xy792.html Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

62
Requests

100 %
HTTPS

82 %
IPv6

14
Domains

18
Subdomains

17
IPs

3
Countries

890 kB
Transfer

2055 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://urlshort.in/tKfEa HTTP 301
https://pcloak.blob.core.windows.net/web/665xy792.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

62 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request 665xy792.html Show response
pcloak.blob.core.windows.net/web/
Redirect Chain

https://urlshort.in/tKfEa
https://pcloak.blob.core.windows.net/web/665xy792.html

1 KB
2 KB

444ms
101ms

Document
text/html

20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/665xy792.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 6e6c980407fb5310cd8c1dd31f113abd897475f65e55110de4b6f24913636d5b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Content-Length: 1338
Content-MD5: Fh+3IfcZxe5ofzJYo8W/JQ==
Content-Type: text/html
Date: Sun, 19 Mar 2023 06:46:29 GMT
ETag: 0x8DAD61ACB104AB8
Last-Modified: Sun, 04 Dec 2022 17:12:59 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: aac22b20-a01e-0008-242e-5a5802000000
x-ms-version: 2009-09-19

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7aa3c22c895e37fb-FRA
content-type: text/html; charset=UTF-8
date: Sun, 19 Mar 2023 06:46:28 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://pcloak.blob.core.windows.net/web/665xy792.html
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0JIbl6%2FGD3cEJdMdaPi5d3fusxIrB5zTiB6iKwsEOLthLgXDMbPuZQ4kpBD4wQEAUYif3EDrJPXBsGoVkP5qGwmvpcxk6k3%2FOhSxTr%2B2pUJ0fBAhzEtfPIjZsTwBDVUhKNhqhcU9ewlk%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 96ms
96ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/665xy792.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/665xy792.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-request-id: aac22b65-a01e-0008-5f2e-5a5802000000
Date: Sun, 19 Mar 2023 06:46:29 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 292ms
97ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/665xy792.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/665xy792.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 19 Mar 2023 06:46:29 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: aac22bbf-a01e-0008-2f2e-5a5802000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 194ms
98ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/665xy792.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/665xy792.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 19 Mar 2023 06:46:29 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: aac22b97-a01e-0008-0d2e-5a5802000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 55 B
321 B 343ms
113ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=665xy792
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/665xy792.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:28 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 45

GET
H2 200 nv.php Show response
www.cloakan.co/ 274 B
410 B 252ms
115ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=665xy792-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: fecb593b9e5f5abc0a077b4bb2d49b408e82cb63fa27fccb4d50996f586c189b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 136

GET
H2 200 vakifbank Show response
kampanyabul.org/category/banka-kampanyalari/ Frame A8B3 107 KB
25 KB 941ms
71ms Document
text/html 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to

Full URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=665xy792-m
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed / PHP/7.4.33
Resource Hash: b805ca2f85bb31be5f1784eaabd036b7f28db92c97f909ec197f6dc5885f8c48

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 25482
content-type: text/html; charset=UTF-8
date: Sun, 19 Mar 2023 06:46:29 GMT
etag: "39425-1678964426;br"
link: <https://kampanyabul.org/wp-json/>; rel="https://api.w.org/" <https://kampanyabul.org/wp-json/wp/v2/categories/604>; rel="alternate"; type="application/json"
server: LiteSpeed
vary: Accept-Encoding
x-litespeed-cache: hit
x-powered-by: PHP/7.4.33

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame A8B3 49 KB
20 KB 73ms
20ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 19 Mar 2023 06:23:33 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 1378
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Sun, 19 Mar 2023 08:23:33 GMT

GET
H2 200 wp-emoji-release.min.js Show response
kampanyabul.org/wp-includes/js/ Frame A8B3 18 KB
5 KB 145ms
142ms Script
application/javascript 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to

Full URL: https://kampanyabul.org/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
content-encoding: br
last-modified: Sun, 19 Jun 2022 07:39:01 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4619
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H2 200 style.css
kampanyabul.org/wp-content/themes/safir/ Frame A8B3 87 KB
16 KB 72ms
71ms Stylesheet
text/css 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to

Full URL: https://kampanyabul.org/wp-content/themes/safir/style.css?ver=1668167994
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: c00423f1e160b5c86739849af3519a6cafdb08a0a984804e031bcc1e5446cf40

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
content-encoding: br
last-modified: Fri, 11 Nov 2022 11:59:54 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 15967
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H2 200 wra8zcc.css
use.typekit.net/ Frame A8B3 4 KB
1004 B 103ms
22ms Stylesheet
text/css 2a02:26f0:780::210:ca78
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/wra8zcc.css?ver=6.1.1

Requested by

Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:ca78 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

2c0fce411f7f904258f0fd6f7745b073166f0d0a07d200c65d52b8a50dc142bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Sun, 19 Mar 2023 06:46:31 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 772

GET
H2 200 jquery.min.js Show response
kampanyabul.org/wp-includes/js/jquery/ Frame A8B3 88 KB
30 KB 73ms
72ms Script
application/javascript 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to

Full URL: https://kampanyabul.org/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
content-encoding: br
last-modified: Fri, 04 Nov 2022 05:52:48 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 30324
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H2 200 jquery-migrate.min.js Show response
kampanyabul.org/wp-includes/js/jquery/ Frame A8B3 11 KB
4 KB 142ms
141ms Script
application/javascript 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to

Full URL: https://kampanyabul.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
content-encoding: br
last-modified: Sun, 27 Dec 2020 23:16:13 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3995
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H3 200 logo1.png
kampanyabul.org/wp-content/uploads/2015/09/ Frame A8B3 4 KB
4 KB 74ms
73ms Image
image/png 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kampanyabul.org/wp-content/uploads/2015/09/logo1.png
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: 1ae51927ddc331d0bd4537c65c396054a921a1bd7b829b39d2382ba63016c78c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Mon, 04 Mar 2019 20:50:54 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4232
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A8B3 142 KB
48 KB 122ms
49ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1067281812402762

Requested by

Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe4119f53c9a4bac2bfeb035bc4478a2094d3748ff36e2546bf08df6a5b3dac7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kampanyabul.org/
Origin: https://kampanyabul.org
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48562
x-xss-protection: 0
server: cafe
etag: 5475995409914371458
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 19 Mar 2023 06:46:31 GMT

GET
H2 200 owl.carousel.min.js Show response
kampanyabul.org/wp-content/themes/safir/lib/owl-carousel/ Frame A8B3 42 KB
10 KB 72ms
72ms Script
application/javascript 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to

Full URL: https://kampanyabul.org/wp-content/themes/safir/lib/owl-carousel/owl.carousel.min.js?ver=1668167995
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: a96f664a52bdca0f3d7d49db75fd32683437f92b0153c16c53426f97e6adeb65

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
content-encoding: br
last-modified: Fri, 11 Nov 2022 11:59:55 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 10657
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H3 200 scripts.js Show response
kampanyabul.org/wp-content/themes/safir/scripts/ Frame A8B3 22 KB
6 KB 74ms
73ms Script
application/javascript 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to

Full URL: https://kampanyabul.org/wp-content/themes/safir/scripts/scripts.js?ver=1668167994
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: d344cefb8e13a5bd880e7bf234a527b50796e3206726d636f8fe3f91ed66fc60

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
content-encoding: br
last-modified: Fri, 11 Nov 2022 11:59:54 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 5824
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ Frame A8B3 9 KB
3 KB 91ms
35ms Script
application/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=6.1.1

Requested by

Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

459dc02737a8127153538d8b7811fbaff4e4e0ce003936a61f2d06b3975b10e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 2557
etag: W/"8256f101039245592bc7dcc5496ed987"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 7aa3c23f1f539064-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Mar 2023 06:46:31 GMT

GET
H2 200 p.css
p.typekit.net/ Frame A8B3 5 B
181 B 101ms
20ms Stylesheet
text/css 2a02:26f0:480:e::210:f113
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=wra8zcc&ht=tk&f=15498.15505.15506.15508.15510&a=36299304&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/wra8zcc.css?ver=6.1.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:e::210:f113 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 l
use.typekit.net/af/00cc08/00000000000000007735a0a6/30/ Frame A8B3 27 KB
27 KB 88ms
26ms Font
application/font-woff2 2a02:26f0:780::210:ca78
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/00cc08/00000000000000007735a0a6/30/l?primer=19e22326407baa22e24dbf97694ecfebb3b5e74ea485d31fd395694769e48f8c&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/wra8zcc.css?ver=6.1.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::210:ca78 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1446edd6e4799bee1798ce5db599e02655c5b63fa267b585d4fcb1d8df1cfdcd

Request headers

Referer: https://use.typekit.net/wra8zcc.css?ver=6.1.1
Origin: https://kampanyabul.org
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
server: nginx
etag: "40cc410963fc0c5aae50786dc6503a76800f8936"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 27604

GET
H3 200 sprite.png
kampanyabul.org/wp-content/themes/safir/images/ Frame A8B3 5 KB
5 KB 72ms
72ms Image
image/png 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kampanyabul.org/wp-content/themes/safir/images/sprite.png
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/wp-content/themes/safir/style.css?ver=1668167994
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: 73b7902f35ace7f3e318b2d7d155fc3336a88857c89f673f5298db699e3f09b2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/wp-content/themes/safir/style.css?ver=1668167994
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Fri, 11 Nov 2022 11:59:54 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4843
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
DATA 200
OK truncated
/ Frame A8B3 73 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34332706e5b51ee18bc1efb39cbbfe6f93b76d6a5c4000f266c9c3c77e5190a8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 safir-web-portal.woff
kampanyabul.org/wp-content/themes/safir/fonts/ Frame A8B3 7 KB
7 KB 73ms
73ms Font
font/woff 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to

Full URL: https://kampanyabul.org/wp-content/themes/safir/fonts/safir-web-portal.woff
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/wp-content/themes/safir/style.css?ver=1668167994
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: c6518ca30318d2ac923908a7f54bb5ff250cdb665daaa7c13003f22b684b2bcf

Request headers

Referer: https://kampanyabul.org/wp-content/themes/safir/style.css?ver=1668167994
Origin: https://kampanyabul.org
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Fri, 11 Nov 2022 11:59:55 GMT
server: LiteSpeed
content-type: font/woff
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 7544
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H2 200 l
use.typekit.net/af/7f1b26/00000000000000007735a0ac/30/ Frame A8B3 27 KB
27 KB 96ms
41ms Font
application/font-woff2 2a02:26f0:780::210:ca78
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/7f1b26/00000000000000007735a0ac/30/l?primer=19e22326407baa22e24dbf97694ecfebb3b5e74ea485d31fd395694769e48f8c&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/wra8zcc.css?ver=6.1.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::210:ca78 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 8e36707e7bd75d1be703f0c1708be48fef9590151e9d1378e6e9f943d58f39d9

Request headers

Referer: https://use.typekit.net/wra8zcc.css?ver=6.1.1
Origin: https://kampanyabul.org
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
server: nginx
etag: "a99eda0eb43e12e8eb41dfa6328d52274529481c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 27296

GET
H2 200 l
use.typekit.net/af/9d5bd3/00000000000000007735a09f/30/ Frame A8B3 27 KB
27 KB 80ms
25ms Font
application/font-woff2 2a02:26f0:780::210:ca78
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/9d5bd3/00000000000000007735a09f/30/l?primer=19e22326407baa22e24dbf97694ecfebb3b5e74ea485d31fd395694769e48f8c&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/wra8zcc.css?ver=6.1.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::210:ca78 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 08892cb73524e13c2afb71cf5f6c81562e2e6bcb5ccdb2c52458abb3f2828425

Request headers

Referer: https://use.typekit.net/wra8zcc.css?ver=6.1.1
Origin: https://kampanyabul.org
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
server: nginx
etag: "5e48ac796b03001fd04f69bac42b6bf9177135a6"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 27660

GET
H3 200 vakifbank.jpg
kampanyabul.org/wp-content/uploads/2015/11/ Frame A8B3 15 KB
15 KB 117ms
116ms Image
image/jpeg 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kampanyabul.org/wp-content/uploads/2015/11/vakifbank.jpg
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: 8cddcd7afd0ada980ad3dd078c1fbcdfc46eebd6bdf93f661c21909c609926a3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Fri, 08 Mar 2019 09:16:10 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 15713
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H3 200 vakif-mobil-odeme-2022.jpg
kampanyabul.org/wp-content/uploads/2022/01/ Frame A8B3 25 KB
25 KB 80ms
78ms Image
image/jpeg 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kampanyabul.org/wp-content/uploads/2022/01/vakif-mobil-odeme-2022.jpg
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: 89a3cb451976b2a95904aaef3961051e319d0ea13785f510dd4bcbb7105f8513

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Sun, 02 Jan 2022 17:35:14 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 25792
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H3 200 vakif-mobil-odeme.jpg
kampanyabul.org/wp-content/uploads/2021/12/ Frame A8B3 26 KB
26 KB 171ms
170ms Image
image/jpeg 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kampanyabul.org/wp-content/uploads/2021/12/vakif-mobil-odeme.jpg
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: 450c7014170dee74e2feda8a08e2d2a3459e7976904abaad528ecee50e90d34c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Wed, 01 Dec 2021 11:48:06 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 26593
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H3 200 vakifbank-mobil-odeme.jpg
kampanyabul.org/wp-content/uploads/2021/10/ Frame A8B3 26 KB
26 KB 130ms
129ms Image
image/jpeg 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kampanyabul.org/wp-content/uploads/2021/10/vakifbank-mobil-odeme.jpg
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: bb43993c41fd5c3f985706affc0c5be45ea153c4450b9952450acac34310451b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Fri, 01 Oct 2021 14:56:36 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 26340
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H3 200 vakifbank-mobil-odeme.jpg
kampanyabul.org/wp-content/uploads/2021/09/ Frame A8B3 26 KB
26 KB 155ms
154ms Image
image/jpeg 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kampanyabul.org/wp-content/uploads/2021/09/vakifbank-mobil-odeme.jpg
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: 024f8193aa71e144051755eb9991bff882dcdeb43037e6eb15b2d7248ca1d2d5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Mon, 06 Sep 2021 07:06:15 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 26324
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H3 200 bankomat-eticaret.jpg
kampanyabul.org/wp-content/uploads/2021/08/ Frame A8B3 18 KB
18 KB 172ms
171ms Image
image/jpeg 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kampanyabul.org/wp-content/uploads/2021/08/bankomat-eticaret.jpg
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: 39a0823bad670a023b382a214644a124daf5ab80356accbbd8adf21624a77aad

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Mon, 02 Aug 2021 16:35:16 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 18447
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H3 200 bankomat-1500.jpg
kampanyabul.org/wp-content/uploads/2021/07/ Frame A8B3 21 KB
21 KB 174ms
173ms Image
image/jpeg 31.192.212.242
GUZELHOSTING GNET...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kampanyabul.org/wp-content/uploads/2021/07/bankomat-1500.jpg
Requested by: Host: kampanyabul.org
URL: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 31.192.212.242 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR),
Reverse DNS: 242r7emgq.guzel.net.tr
Software: LiteSpeed /
Resource Hash: b346aa78f878c7d62cfa56e4581a669603493c8a687f5626a47c32103d60bddd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/category/banka-kampanyalari/vakifbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:29 GMT
last-modified: Fri, 16 Jul 2021 21:09:25 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 21876
expires: Sun, 26 Mar 2023 06:46:29 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ Frame A8B3 284 KB
68 KB 35ms
34ms Script
application/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151600

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=6.1.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19a2e703c09b3d066e18f4426c332665bf08ec02456bcccdb20d2fffe4645ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 2558
etag: W/"3d37cd0d64713e75df2c67fb7c907496"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 7aa3c23fbfdd9064-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 22 Mar 2023 06:46:31 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303140101/ Frame A8B3 350 KB
117 KB 110ms
60ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1067281812402762&plah=kampanyabul.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1067281812402762

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d746d194c26295355c9667ba959828a1be1729cb72fed1d2b0699433d9b24ad1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119666
x-xss-protection: 0
server: cafe
etag: 13422296905243187764
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 19 Mar 2023 06:46:31 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/ Frame 9A19 10 KB
5 KB 73ms
20ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1067281812402762

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kampanyabul.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 42705
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 18:54:46 GMT
etag: 2378337311435320485
expires: Sat, 01 Apr 2023 18:54:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 web Show response
onesignal.com/api/v1/sync/8c344135-64d1-4bf1-b651-274b5d3046a8/ Frame A8B3 4 KB
2 KB 80ms
66ms Script
text/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/8c344135-64d1-4bf1-b651-274b5d3046a8/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3c661ed61d37345fcf3140b0bdf7ff63318a6d11153a1e8a63e3762522edf72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: EXPIRED
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 4ec6162e-ab37-4e4e-9000-95ea2d4a9152
x-runtime: 0.021667
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"e3c661ed61d37345fcf3140b0bdf7ff6"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 7aa3c240485c9064-FRA
access-control-allow-headers: SDK-Version
expires: Sun, 19 Mar 2023 07:46:31 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ Frame A8B3 107 B
531 B 112ms
35ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=kampanyabul.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1067281812402762&plah=kampanyabul.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame A8B3 107 B
456 B 83ms
29ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kampanyabul.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C37A 603 B
218 B 73ms
70ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1067281812402762&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679208391638&bpp=4&bdt=472&idt=170&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&nras=1&correlator=1984921185926&frm=24&ife=1&pv=2&ga_vid=563413392.1679208391&ga_sid=1679208392&ga_hid=2143391056&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=2970789795&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44773809%2C44759926%2C44759875%2C44777876%2C42531705%2C31072952%2C31073102&oid=2&pvsid=264344786513688&tmod=2071359227&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dp1ezc123gc3&fsb=1&dtd=190

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kampanyabul.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 06:46:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C39D 106 KB
36 KB 409ms
408ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1067281812402762&output=html&h=461&slotname=6853202554&adk=429705950&adf=79617252&pi=t.ma~as.6853202554&w=710&lmt=1679208391&rafmt=11&format=710x461&url=https%3A%2F%2Fkampanyabul.org%2Fcategory%2Fbanka-kampanyalari%2Fvakifbank&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679208391642&bpp=2&bdt=476&idt=195&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1984921185926&frm=22&ife=1&pv=1&ga_vid=563413392.1679208391&ga_sid=1679208392&ga_hid=2143391056&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=2970789795&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44773809%2C44759926%2C44759875%2C44777876%2C42531705%2C31072952%2C31073102&oid=2&pvsid=264344786513688&tmod=2071359227&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.nntqk178sjq3&fsb=1&xpc=7mhRpJrU8V&p=https%3A//kampanyabul.org&dtd=205

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b28a74a084bd572b20868768decfd91f5919f76464e093dce348e3acd38f6d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kampanyabul.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 36345
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 06:46:32 GMT
expires: Sun, 19 Mar 2023 06:46:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame C39D 8 KB
4 KB 539ms
448ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/error_handler.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1067281812402762&output=html&h=461&slotname=6853202554&adk=429705950&adf=79617252&pi=t.ma~as.6853202554&w=710&lmt=1679208391&rafmt=11&format=710x461&url=https%3A%2F%2Fkampanyabul.org%2Fcategory%2Fbanka-kampanyalari%2Fvakifbank&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679208391642&bpp=2&bdt=476&idt=195&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1984921185926&frm=22&ife=1&pv=1&ga_vid=563413392.1679208391&ga_sid=1679208392&ga_hid=2143391056&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=2970789795&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44773809%2C44759926%2C44759875%2C44777876%2C42531705%2C31072952%2C31073102&oid=2&pvsid=264344786513688&tmod=2071359227&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.nntqk178sjq3&fsb=1&xpc=7mhRpJrU8V&p=https%3A//kampanyabul.org&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:13:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16373
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3465
x-xss-protection: 0
server: cafe
etag: 6788195977828770272
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 02 Apr 2023 02:13:39 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C39D 6 KB
1 KB 131ms
53ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,700&lang=en

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 06:46:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 05:44:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 06:46:32 GMT

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame C39D 36 KB
14 KB 539ms
450ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/m_js_controller_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7769cc22bb77a68446908cddbb26700d20bb85afdaa36b2c426c7e50cb4ffb1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:15:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45046
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14334
x-xss-protection: 0
server: cafe
etag: 5297926946848428567
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:15:46 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C39D 158 KB
49 KB 132ms
55ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 06:46:32 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/583586878475477141/ Frame C39D 65 KB
65 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/583586878475477141/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dadc9aa58077856f25b786604ea4218bb49cec86062a9fc28564d25233da1bc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 05:32:17 GMT
x-content-type-options: nosniff
age: 263655
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66166
x-xss-protection: 0
last-modified: Fri, 20 Jan 2023 18:33:57 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 15 Mar 2024 05:32:17 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame C39D 22 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:08:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:08:28 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame C39D 3 KB
1 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:43:10 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame C39D 20 KB
9 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45553
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:07:19 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C39D 0
0 68ms
67ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CC30Dx68WZPDANoe0ywXykb1Ypq2gpG-A_ZiWpRHR-4ePlA4QASDRlOcXYJEEoAH_24rIA8gBBqgDAcgDywSqBJICT9BcLJ3FUyI0pOgz6bqld-5dFvZe2AknAJ4zkwNa6pbjVi6ef8yGIm_p9Uu95S8a_HEfYyBLj-4rIBkVwYiIw4IaDT2bINskgmRZeFsEj5qdgqejJchWegCjMDhN-SK4osW7i45iaYde5m2Ko12VrvAiWfzXJ4NuPfXIf5XiaSWmPCMxZSfeNHgWoqqgr5xWGr-P_t--dNNTdEa-afHPmx66gld4F6E3jmgxqHfOXRIDk8HyR7mpD0GJdXT0QZDprWJT69tO3DCzqA_3NXLWrRiAkOGF8DmdLa_7xDYf4Jov79JmmPMfM29CQURvd5hU7_4DC3fDSLateXU50tGhKJwGg_w8vo27B6AslEMl-pqTkMAE_c_K3JEEkgUECAQYAZIFBAgFGASgBjeAB5aGraICqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwMQq1bSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi0xMDY3MjgxODEyNDAyNzYyGAA&sigh=qRnC_hxgV9U&uach_m=[UACH]&cid=CAQSGwDUE5ymzMVTpYIs3BA_aDmvtUtV68hw3DdlFxgB&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1067281812402762&output=html&h=461&slotname=6853202554&adk=429705950&adf=79617252&pi=t.ma~as.6853202554&w=710&lmt=1679208391&rafmt=11&format=710x461&url=https%3A%2F%2Fkampanyabul.org%2Fcategory%2Fbanka-kampanyalari%2Fvakifbank&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679208391642&bpp=2&bdt=476&idt=195&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1984921185926&frm=22&ife=1&pv=1&ga_vid=563413392.1679208391&ga_sid=1679208392&ga_hid=2143391056&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=2970789795&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44773809%2C44759926%2C44759875%2C44777876%2C42531705%2C31072952%2C31073102&oid=2&pvsid=264344786513688&tmod=2071359227&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.nntqk178sjq3&fsb=1&xpc=7mhRpJrU8V&p=https%3A//kampanyabul.org&dtd=205
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Mar 2023 06:46:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 19 Mar 2023 06:46:32 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C39D 15 KB
16 KB 75ms
21ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 09:37:51 GMT
x-content-type-options: nosniff
age: 162521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Mar 2024 09:37:51 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C39D 15 KB
15 KB 80ms
26ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,700&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 21:07:17 GMT
x-content-type-options: nosniff
age: 121155
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Mar 2024 21:07:17 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 70F0 143 B
166 B 21ms
20ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1067281812402762&output=html&h=461&slotname=6853202554&adk=429705950&adf=79617252&pi=t.ma~as.6853202554&w=710&lmt=1679208391&rafmt=11&format=710x461&url=https%3A%2F%2Fkampanyabul.org%2Fcategory%2Fbanka-kampanyalari%2Fvakifbank&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679208391642&bpp=2&bdt=476&idt=195&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1984921185926&frm=22&ife=1&pv=1&ga_vid=563413392.1679208391&ga_sid=1679208392&ga_hid=2143391056&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=2970789795&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44773809%2C44759926%2C44759875%2C44777876%2C42531705%2C31072952%2C31073102&oid=2&pvsid=264344786513688&tmod=2071359227&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.nntqk178sjq3&fsb=1&xpc=7mhRpJrU8V&p=https%3A//kampanyabul.org&dtd=205
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 1280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 06:25:12 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C39D 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7fad3744828f016da23f7c763c9b71477e2aa18aba5e9aed3e699dc0262232f3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 70F0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

34ms
33ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 06:46:33 GMT
expires: Sun, 19 Mar 2023 06:46:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 06:46:33 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A8B3 15 KB
11 KB 35ms
34ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230315&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

334c6cfdcd0d58cf5245f28768c0e8486f89e9785d1d178cc9d9f2d38d416c3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11344
x-xss-protection: 0

GET
H3 200 PQ7F-3j7IW7HtCEpcT_WSI9tX5puXOVPYtzmzEMsE24.js Show response
pagead2.googlesyndication.com/bg/ Frame 35C8 36 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PQ7F-3j7IW7HtCEpcT_WSI9tX5puXOVPYtzmzEMsE24.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d0ec5fb78fb216ec7b42129713fd6488f6d5f9a6e5ce54f62dce6cc432c136e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 01:58:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17293
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14034
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Mar 2024 01:58:20 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A8B3 17 KB
6 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 19 Mar 2023 06:46:33 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 889D 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kampanyabul.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 54184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 15:43:29 GMT
expires: Sun, 17 Mar 2024 15:43:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1D9B 783 B
974 B 30ms
30ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

be29b15365c4d3bf68d421758ad0676949f889999be4049a74a3f70e79e723a5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--jp2Ii5v_8mF7pPXBz30BA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kampanyabul.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce--jp2Ii5v_8mF7pPXBz30BA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 06:46:33 GMT
expires: Sun, 19 Mar 2023 06:46:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 PQ7F-3j7IW7HtCEpcT_WSI9tX5puXOVPYtzmzEMsE24.js Show response
pagead2.googlesyndication.com/bg/ Frame 889D 36 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PQ7F-3j7IW7HtCEpcT_WSI9tX5puXOVPYtzmzEMsE24.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d0ec5fb78fb216ec7b42129713fd6488f6d5f9a6e5ce54f62dce6cc432c136e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 01:58:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17293
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14034
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Mar 2024 01:58:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1D9B 0
0 55ms
54ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230315&jk=264344786513688&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 889D 0
10 B 21ms
20ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?IpcD1A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 06:46:33 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A8B3 0
0 57ms
57ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230315&jk=264344786513688&bg=!vb6lvurNAAZEjmHWZI47ADkAdvg8WincozVm-wvOn8zHH6_gZI2hSxTYacqeIjEPJMrLQnsS7vf4Oy-XUtD6pZtgGc0LdQ1-LcMCAAAAQVIAAAACaAEHCgApqObA2u6rjBvL7voYGRklp_wk-IOsnD6x8bX2q1cZXom-7azN9Gxx4xSZAtIqzAt3PWVVkvjPdLmV_BBkKbU9SMOZQMxe3IV3gIFAp_Bk-lRZgbuzP444o7nvU-XpuprNkOG5NTIZ1ZQZcMQKEH8dNvuVLvkjmhDzKzE7Ox79gzaT607bD7hxbz5LDkavDG9dDjkm7jo0kOTwiOX9W9n3eZ0ssRv7TYDr4GjzLQkLC9UGL-1axOqKxgnNFhIFMyJoxvZOAtpDfTBz5_9smH8kRWpoLmZklZt758rlovYrkd_c_Dz0Cpk1jG9imZuKQ4r14sR_-O09INaa7qMSFZ-w-BDJqxRcxa6LHOIChTCmQaBsXTR_5xhbRzrtHE1SOmQn6mI_BCRwK5FxTLDBCTkzwncx-IPHw-gl7uVB0Sa5RXBnZ3EvcgxCJhWjRrBkj1YbrcJQvrParrzJTpijwujoPmEg0Y64ggFfYRToB-NOT_Tv5hYqk8Rtl7Rd2kaJRDwnPRuS2NWQwmoJIs1YiPpiNBZgTJGWdxSdXwOab9P50onft08SBncb_VKvYxqFC8ZVuTx91Iv8OmqBfQBJPzuCNmk0ajfjrbHW7sGcoVkvAx9eg8hi4I6OKctSCfR7UDWMyWQRhoRY7nrC-G_hi-WILy4Ehpfq1quWElToghczBkJiX0N49as8toLs8PhmW6BZBYmmJkkn8a86i7gYepOGcK-exwtsDRlO9veHKuVGdiq2tydkWwtyhFJVpFV7Ui_Z0Xq7VvD2GxwIsw9GFsDFtOAfjcV0Fzwb5TdlH6LRUminLeH-sqund-rXeU59B5tDmqkvPMkFoSBq9o_36ZsaVLkikgoLVsGOXJ2S9eLGLE1BZ00HktRLXxuMLWRKsDICm97Y7-w2M_eKxAHIoc08hlny3eSa8Lc515ayNImUSuLkrdYoE6XvL6worjtw2NkZzEwuQaqpVWBtTE612RrjQVZtvtP-wuGBY7DLiCo26DdrVuVeFQEJ4449MfLN7Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://kampanyabul.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C39D 42 B
64 B 59ms
58ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstDzT-h-e1AkgxL0uLH0mHt2x4vPQuQrXNujfdjbeLOpEE7gDKQTnUUy4oLm8fi7wfCJEHpUSn1uZoyEB3PpX-ONkcuRzhgt2K8LyYTyjxReQdMYUmKmo_ABUuQQAuPf5nhIZIkNw&sai=AMfl-YSeu6tj_zitMZSWd5zv3LlX3yPIQC3PVo7fLEDEjQzbdX6-oBE6brn5k_xbJUOYClWmxr6OLAYtaA4R&sig=Cg0ArKJSzE5FDAdplLUKEAE&cid=CAQSGwDUE5ymzMVTpYIs3BA_aDmvtUtV68hw3DdlFxgB&id=lidar2&mcvt=1000&p=0,0,450,710&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230315&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=14&adk=429705950&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679208391849&rpt=1073&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 06:46:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
urlshort.in/	1969-12-31 23:59:59	Name: PHPSESSID Value: v0ufrslkce0g6g0qn7h95u4v75
urlshort.in/	1970-01-20 10:26:49	Name: short_12128 Value: 1
.onesignal.com/	1970-01-20 10:26:50	Name: __cf_bm Value: wbV0dywAdjMu9BUDnfYXP4tRngHQTJYRL9v0ne8lLjA-1679208391-0-AWgYY/flzlKJHHJf8MHvE0RaYlGFsGIzDUpAnJ9HEVE//VN888vINxK5I4yRqw6NMRoe+Yj7Ik5c2OkSEUebKuU=
.doubleclick.net/	1970-01-20 19:48:24	Name: IDE Value: AHWqTUnr3IuMNI2_Vk-jXnww9RMJvYyZrDgLaPIlJKWn_i_k7kCgm0306IhffAnRZMg
.doubleclick.net/	1970-01-20 10:26:51	Name: DSID Value: NO_DATA

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1067281812402762&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679208391638&bpp=4&bdt=472&idt=170&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&nras=1&correlator=1984921185926&frm=24&ife=1&pv=2&ga_vid=563413392.1679208391&ga_sid=1679208392&ga_hid=2143391056&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=2970789795&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44773809%2C44759926%2C44759875%2C44777876%2C42531705%2C31072952%2C31073102&oid=2&pvsid=264344786513688&tmod=2071359227&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dp1ezc123gc3&fsb=1&dtd=190 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.nl
cdn.onesignal.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
kampanyabul.org
onesignal.com
p.typekit.net
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
tpc.googlesyndication.com
urlshort.in
use.typekit.net
www.cloakan.co
www.google-analytics.com
www.google.com
www.googletagservices.com
20.60.220.36
2606:4700::6812:d63b
2a00:1450:4001:801::2003
2a00:1450:4001:806::2002
2a00:1450:4001:806::2004
2a00:1450:4001:80b::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::200e
2a00:1450:4001:811::2001
2a00:1450:4001:811::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2002
2a02:26f0:480:e::210:f113
2a02:26f0:780::210:ca78
2a06:98c1:3121::3
31.192.212.242
77.245.159.14
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
024f8193aa71e144051755eb9991bff882dcdeb43037e6eb15b2d7248ca1d2d5
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
08892cb73524e13c2afb71cf5f6c81562e2e6bcb5ccdb2c52458abb3f2828425
1446edd6e4799bee1798ce5db599e02655c5b63fa267b585d4fcb1d8df1cfdcd
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19a2e703c09b3d066e18f4426c332665bf08ec02456bcccdb20d2fffe4645ab9
1ae51927ddc331d0bd4537c65c396054a921a1bd7b829b39d2382ba63016c78c
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116
2c0fce411f7f904258f0fd6f7745b073166f0d0a07d200c65d52b8a50dc142bd
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
334c6cfdcd0d58cf5245f28768c0e8486f89e9785d1d178cc9d9f2d38d416c3c
34332706e5b51ee18bc1efb39cbbfe6f93b76d6a5c4000f266c9c3c77e5190a8
3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb
39a0823bad670a023b382a214644a124daf5ab80356accbbd8adf21624a77aad
3d0ec5fb78fb216ec7b42129713fd6488f6d5f9a6e5ce54f62dce6cc432c136e
450c7014170dee74e2feda8a08e2d2a3459e7976904abaad528ecee50e90d34c
459dc02737a8127153538d8b7811fbaff4e4e0ce003936a61f2d06b3975b10e2
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6e6c980407fb5310cd8c1dd31f113abd897475f65e55110de4b6f24913636d5b
73b7902f35ace7f3e318b2d7d155fc3336a88857c89f673f5298db699e3f09b2
7769cc22bb77a68446908cddbb26700d20bb85afdaa36b2c426c7e50cb4ffb1a
78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e
7fad3744828f016da23f7c763c9b71477e2aa18aba5e9aed3e699dc0262232f3
89a3cb451976b2a95904aaef3961051e319d0ea13785f510dd4bcbb7105f8513
8b28a74a084bd572b20868768decfd91f5919f76464e093dce348e3acd38f6d5
8cddcd7afd0ada980ad3dd078c1fbcdfc46eebd6bdf93f661c21909c609926a3
8e36707e7bd75d1be703f0c1708be48fef9590151e9d1378e6e9f943d58f39d9
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a96f664a52bdca0f3d7d49db75fd32683437f92b0153c16c53426f97e6adeb65
a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2
aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27
b346aa78f878c7d62cfa56e4581a669603493c8a687f5626a47c32103d60bddd
b805ca2f85bb31be5f1784eaabd036b7f28db92c97f909ec197f6dc5885f8c48
bb43993c41fd5c3f985706affc0c5be45ea153c4450b9952450acac34310451b
be29b15365c4d3bf68d421758ad0676949f889999be4049a74a3f70e79e723a5
c00423f1e160b5c86739849af3519a6cafdb08a0a984804e031bcc1e5446cf40
c6518ca30318d2ac923908a7f54bb5ff250cdb665daaa7c13003f22b684b2bcf
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
d344cefb8e13a5bd880e7bf234a527b50796e3206726d636f8fe3f91ed66fc60
d746d194c26295355c9667ba959828a1be1729cb72fed1d2b0699433d9b24ad1
dadc9aa58077856f25b786604ea4218bb49cec86062a9fc28564d25233da1bc5
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c661ed61d37345fcf3140b0bdf7ff63318a6d11153a1e8a63e3762522edf72
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fe4119f53c9a4bac2bfeb035bc4478a2094d3748ff36e2546bf08df6a5b3dac7
fecb593b9e5f5abc0a077b4bb2d49b408e82cb63fa27fccb4d50996f586c189b

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

62 Requests

100 %HTTPS

82 %IPv6

14 Domains

18 Subdomains

17 IPs

3 Countries

890 kBTransfer

2055 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

62 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

62
Requests

100 %
HTTPS

82 %
IPv6

14
Domains

18
Subdomains

17
IPs

3
Countries

890 kB
Transfer

2055 kB
Size

5
Cookies

62 HTTP transactions
2 data transactions