mehmettaytak.com Open in urlscan Pro
217.116.205.52  Malicious Activity! Public Scan

Submitted URL: https://postoffice255.click/l/?i90s
Effective URL: https://mehmettaytak.com/l/TRACKING/index.php
Submission: On January 15 via api from LU — Scanned from DE

Summary

This website contacted 11 IPs in 5 countries across 12 domains to perform 55 HTTP transactions. The main IP is 217.116.205.52, located in Turkey and belongs to HOSTHANE, TR. The main domain is mehmettaytak.com.
TLS certificate: Issued by R3 on December 31st 2022. Valid for: 3 months.
This is the only time mehmettaytak.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canada Post (Transportation)

Live information

Domain & IP information

Apex Domain
Subdomains
Transfer
14 mehmettaytak.com
mehmettaytak.com
200 KB
12 gstatic.com
www.gstatic.com
fonts.gstatic.com
57 KB
8 doubleclick.net
9852050.fls.doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
5 KB
8 google.com
www.google.com — Cisco Umbrella Rank: 2
adservice.google.com — Cisco Umbrella Rank: 70
50 KB
4 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 171
36 KB
4 google.de
adservice.google.de — Cisco Umbrella Rank: 8470
www.google.de — Cisco Umbrella Rank: 5983
2 KB
4 canadapost-postescanada.ca
www.canadapost-postescanada.ca — Cisco Umbrella Rank: 64634
15 KB
4 canadapost.ca
www.canadapost.ca — Cisco Umbrella Rank: 65513
1 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
2 KB
1 postoffice255.click
postoffice255.click
255 B
0 23323232-postescanada.ca Failed
evaluation.23323232-postescanada.ca Failed
0 23323232.ca Failed
www.23323232.ca Failed
55 12
Domain Requested by
14 mehmettaytak.com mehmettaytak.com
8 www.gstatic.com www.google.com
6 9852050.fls.doubleclick.net 2 redirects mehmettaytak.com
adservice.google.com
6 www.google.com 2 redirects mehmettaytak.com
4 www.googleadservices.com 9852050.fls.doubleclick.net
www.googleadservices.com
4 www.canadapost-postescanada.ca mehmettaytak.com
4 www.canadapost.ca 4 redirects
4 fonts.gstatic.com fonts.googleapis.com
2 www.google.de 9852050.fls.doubleclick.net
2 googleads.g.doubleclick.net 2 redirects
2 adservice.google.de 2 redirects
2 adservice.google.com 9852050.fls.doubleclick.net
2 fonts.googleapis.com mehmettaytak.com
1 postoffice255.click
0 evaluation.23323232-postescanada.ca Failed mehmettaytak.com
0 www.23323232.ca Failed mehmettaytak.com
55 16
Subject Issuer Validity Valid
abarbosafilhos.pt
R3
2023-01-12 -
2023-04-12
3 months crt.sh
mehmettaytak.com
R3
2022-12-31 -
2023-03-31
3 months crt.sh
www.google.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
*.google.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh

This page contains 14 frames:

Primary Page: https://mehmettaytak.com/l/TRACKING/index.php
Frame ID: 43989C39EAD4D4827B03A13E2022D5A1
Requests: 19 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Frame ID: 967FA429BD9B3270C7D38EC84B0DAC51
Requests: 3 HTTP requests in this frame

Frame: https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
Frame ID: DB1C4BFC942989C12ED2540FF5B59AB8
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/activityi;dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: 413136848783C42037D29EB82CBA999B
Requests: 1 HTTP requests in this frame

Frame: https://mehmettaytak.com/l/TRACKING/index.php
Frame ID: E38B258F23D18EAACBE773C7C109385F
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Frame ID: BD028A0AFC9C9677202D3B0BF101384D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Frame ID: 7762DE95E8E9197866AE47E9B63C3304
Requests: 3 HTTP requests in this frame

Frame: https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
Frame ID: 3B1EC94B46869FBA03475070C3DF67DA
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/activityi;dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: B6577758E989A3A58D9132FCF909E15E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Frame ID: C2E8C78B4B25CAE6347F14086B775B41
Requests: 3 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: 5114F92A80ECCBCD27C78BADDBAF9506
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: CA9FA3B9716982DFAFC72BF02C73694A
Requests: 4 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: B04EA17F9F3A7BF2EACB621E4A44DCB8
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: 0EDB4D4DD71137F3B140A5774175A6FD
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

InformationFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTube

Page URL History Show full URLs

  1. https://postoffice255.click/l/?i90s Page URL
  2. https://mehmettaytak.com/l/TRACKING/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • <link[^>]+foundation[^>"]+css

Page Statistics

55
Requests

76 %
HTTPS

69 %
IPv6

12
Domains

16
Subdomains

11
IPs

5
Countries

363 kB
Transfer

1321 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://postoffice255.click/l/?i90s Page URL
  2. https://mehmettaytak.com/l/TRACKING/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal HTTP 302
  • https://9852050.fls.doubleclick.net/activityi;dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Request Chain 28
  • https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal HTTP 302
  • https://9852050.fls.doubleclick.net/activityi;dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Request Chain 34
  • https://www.canadapost.ca/cpc/assets/cpc/img/icons/search.svg HTTP 301
  • https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
Request Chain 35
  • https://www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg HTTP 301
  • https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
Request Chain 37
  • https://www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg HTTP 301
  • https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
Request Chain 38
  • https://www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg HTTP 301
  • https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
Request Chain 45
  • https://adservice.google.de/ddm/fls/i/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal HTTP 302
  • https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Request Chain 49
  • https://adservice.google.de/ddm/fls/i/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal HTTP 302
  • https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Request Chain 50
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=1696126099&cv=9&fst=1673800952869&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCILXrLmCyvwCFeIGaAgd5XYHvQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=-CzEY5WPNpCQmLAPmoa-2Ak&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/674834224/?random=1696126099&cv=9&fst=1673800952869&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCILXrLmCyvwCFeIGaAgd5XYHvQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=-CzEY5WPNpCQmLAPmoa-2Ak&cid=CAQSKQDq26N987wFlUPC8Xww6mTqiHXCMVzjrR6tAEWzBcmL3McopgGO3UsRIBM&random=374256938&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/674834224/?random=1696126099&cv=9&fst=1673800952869&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCILXrLmCyvwCFeIGaAgd5XYHvQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=-CzEY5WPNpCQmLAPmoa-2Ak&cid=CAQSKQDq26N987wFlUPC8Xww6mTqiHXCMVzjrR6tAEWzBcmL3McopgGO3UsRIBM&random=374256938&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Request Chain 53
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=946376404&cv=9&fst=1673800953236&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKzjrLmCyvwCFZFcDQodPs0DMA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=-SzEY8KlD4KtxwK3nq-ABQ&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/674834224/?random=946376404&cv=9&fst=1673800953236&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKzjrLmCyvwCFZFcDQodPs0DMA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=-SzEY8KlD4KtxwK3nq-ABQ&cid=CAQSKQDq26N9c71dnif46PZnmJCQM0m4X-da1RzdB9SpfeNBeoYnRJ2KEAWTIBM&random=541098090&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/674834224/?random=946376404&cv=9&fst=1673800953236&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKzjrLmCyvwCFZFcDQodPs0DMA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=-SzEY8KlD4KtxwK3nq-ABQ&cid=CAQSKQDq26N9c71dnif46PZnmJCQM0m4X-da1RzdB9SpfeNBeoYnRJ2KEAWTIBM&random=541098090&resp=GooglemKTybQhCsO&ipr=y&prhg=0

55 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
postoffice255.click/l/
90 B
255 B
Document
General
Full URL
https://postoffice255.click/l/?i90s
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.55.134.234 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
server.codemaker.pt
Software
nginx / PHP/8.0.27 PleskLin
Resource Hash
577827a8fa6b338a6d3b731265032badb3c4913f61d4e99bf4269ef4eb3866d7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
107
content-type
text/html; charset=UTF-8
date
Sun, 15 Jan 2023 16:42:30 GMT
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.0.27 PleskLin
Primary Request index.php
mehmettaytak.com/l/TRACKING/
52 KB
11 KB
Document
General
Full URL
https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PHP/7.4.33 PleskLin
Resource Hash
a91bc5a719815d9f10d35af1eccc3a16e61ea14a3205dbb42251d0762be5c3e5

Request headers

Referer
https://postoffice255.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
br
Content-Type
text/html; charset=UTF-8
Date
Sun, 15 Jan 2023 16:42:04 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx
Transfer-Encoding
chunked
X-Powered-By
PHP/7.4.33 PleskLin
foundation.css
mehmettaytak.com/l/TRACKING/css/
205 KB
20 KB
Stylesheet
General
Full URL
https://mehmettaytak.com/l/TRACKING/css/foundation.css?version=2104.04.2427
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
216da4960223c3fcc55a0fa7942b8c3ef1d21b7fb2143e7ec5e6cd32c13aa13f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:04 GMT
Content-Encoding
br
Last-Modified
Thu, 03 Jun 2021 14:04:36 GMT
Server
nginx
ETag
W/"60b8e174-33543"
X-Powered-By
PleskLin
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
cwc.css
mehmettaytak.com/l/TRACKING/css/
191 KB
18 KB
Stylesheet
General
Full URL
https://mehmettaytak.com/l/TRACKING/css/cwc.css
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
a61def1cd61dedd0cccbcefcf32bf6e718434265d41fe7a16ab367fed074e57b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:04 GMT
Content-Encoding
br
Last-Modified
Thu, 03 Jun 2021 14:04:34 GMT
Server
nginx
ETag
W/"60b8e172-2fdaf"
X-Powered-By
PleskLin
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
styles.css
mehmettaytak.com/l/TRACKING/css/
32 KB
6 KB
Stylesheet
General
Full URL
https://mehmettaytak.com/l/TRACKING/css/styles.css?version=2104.04.2427
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
3282572fde87063e4842f0d7399f0af21c1daee8ddae0a82f6cb7b53b484932e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Content-Encoding
br
Last-Modified
Wed, 19 Jan 2022 15:13:52 GMT
Server
nginx
ETag
W/"61e82ab0-7e58"
X-Powered-By
PleskLin
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
logo.svg
mehmettaytak.com/l/TRACKING/img/
12 KB
12 KB
Image
General
Full URL
https://mehmettaytak.com/l/TRACKING/img/logo.svg
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Last-Modified
Thu, 03 Jun 2021 14:04:36 GMT
Server
nginx
ETag
"60b8e174-3037"
X-Powered-By
PleskLin
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12343
logo.png
mehmettaytak.com/l/TRACKING/img/
18 KB
18 KB
Image
General
Full URL
https://mehmettaytak.com/l/TRACKING/img/logo.png
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
87455028a326735882cbfe69b67ac225493263627e4118743f63730619dffcbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Last-Modified
Wed, 19 Jan 2022 15:00:46 GMT
Server
nginx
ETag
"61e8279e-47d5"
X-Powered-By
PleskLin
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18389
downlogo.svg
mehmettaytak.com/l/TRACKING/img/
14 KB
14 KB
Image
General
Full URL
https://mehmettaytak.com/l/TRACKING/img/downlogo.svg
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Last-Modified
Thu, 03 Jun 2021 14:04:36 GMT
Server
nginx
ETag
"60b8e174-37b3"
X-Powered-By
PleskLin
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14259
gov-canada-logo.svg
www.23323232.ca/cpc/assets/cpc/img/logos/
0
0

anchor
www.google.com/recaptcha/api2/ Frame 967F
43 KB
23 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2b4927c0cfa60092e2f98f11d0bbb2b81041772b98cda960b596c263e4c00685
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-_ktpHzza4psikID8yTXRyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mehmettaytak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
23227
content-security-policy
script-src 'report-sample' 'nonce-_ktpHzza4psikID8yTXRyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:31 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
SV_71iOFlig0vNugpn
evaluation.23323232-postescanada.ca/jfe/form/ Frame DB1C
0
0

activityi;dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BRef...
9852050.fls.doubleclick.net/ Frame 4131
Redirect Chain
  • https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BR...
  • https://9852050.fls.doubleclick.net/activityi;dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...
646 B
535 B
Document
General
Full URL
https://9852050.fls.doubleclick.net/activityi;dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.208.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s43-in-f6.1e100.net
Software
cafe /
Resource Hash
3440408a07a8f845efa22fd212136d9b276fb1fb08562e5c9d0d7120b1b3d3e4
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mehmettaytak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
359
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:32 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:31 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9852050.fls.doubleclick.net/activityi;dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
index.php
mehmettaytak.com/l/TRACKING/ Frame E38B
52 KB
11 KB
Document
General
Full URL
https://mehmettaytak.com/l/TRACKING/index.php
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PHP/7.4.33 PleskLin
Resource Hash
a91bc5a719815d9f10d35af1eccc3a16e61ea14a3205dbb42251d0762be5c3e5

Request headers

Referer
https://mehmettaytak.com/l/TRACKING/index.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
br
Content-Type
text/html; charset=UTF-8
Date
Sun, 15 Jan 2023 16:42:05 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx
Transfer-Encoding
chunked
X-Powered-By
PHP/7.4.33 PleskLin
bframe
www.google.com/recaptcha/api2/ Frame BD02
7 KB
2 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d516c1321f35fb57ddb9ea1b0abaa62a61866b8760fb7e8855a8ba98c70d1abf
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-d_D9JfiABIFdT9-3pf8V2A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mehmettaytak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
1116
content-security-policy
script-src 'report-sample' 'nonce-d_D9JfiABIFdT9-3pf8V2A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:31 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
gov-canada-logo.svg
www.23323232.ca/cpc/assets/cpc/img/logos/
0
0

css
fonts.googleapis.com/
8 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 15 Jan 2023 16:42:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 15 Jan 2023 15:43:33 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 15 Jan 2023 16:42:31 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame BD02
0
0
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame BD02
0
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 967F
0
0
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 967F
0
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

foundation.css
mehmettaytak.com/l/TRACKING/css/ Frame E38B
205 KB
20 KB
Stylesheet
General
Full URL
https://mehmettaytak.com/l/TRACKING/css/foundation.css?version=2104.04.2427
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
216da4960223c3fcc55a0fa7942b8c3ef1d21b7fb2143e7ec5e6cd32c13aa13f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Content-Encoding
br
Last-Modified
Thu, 03 Jun 2021 14:04:36 GMT
Server
nginx
ETag
W/"60b8e174-33543"
X-Powered-By
PleskLin
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
cwc.css
mehmettaytak.com/l/TRACKING/css/ Frame E38B
191 KB
18 KB
Stylesheet
General
Full URL
https://mehmettaytak.com/l/TRACKING/css/cwc.css
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
a61def1cd61dedd0cccbcefcf32bf6e718434265d41fe7a16ab367fed074e57b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Content-Encoding
br
Last-Modified
Thu, 03 Jun 2021 14:04:34 GMT
Server
nginx
ETag
W/"60b8e172-2fdaf"
X-Powered-By
PleskLin
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
styles.css
mehmettaytak.com/l/TRACKING/css/ Frame E38B
32 KB
6 KB
Stylesheet
General
Full URL
https://mehmettaytak.com/l/TRACKING/css/styles.css?version=2104.04.2427
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
3282572fde87063e4842f0d7399f0af21c1daee8ddae0a82f6cb7b53b484932e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Content-Encoding
br
Last-Modified
Wed, 19 Jan 2022 15:13:52 GMT
Server
nginx
ETag
W/"61e82ab0-7e58"
X-Powered-By
PleskLin
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
logo.svg
mehmettaytak.com/l/TRACKING/img/ Frame E38B
12 KB
12 KB
Image
General
Full URL
https://mehmettaytak.com/l/TRACKING/img/logo.svg
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Last-Modified
Thu, 03 Jun 2021 14:04:36 GMT
Server
nginx
ETag
"60b8e174-3037"
X-Powered-By
PleskLin
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12343
logo.png
mehmettaytak.com/l/TRACKING/img/ Frame E38B
18 KB
18 KB
Image
General
Full URL
https://mehmettaytak.com/l/TRACKING/img/logo.png
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
87455028a326735882cbfe69b67ac225493263627e4118743f63730619dffcbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Last-Modified
Wed, 19 Jan 2022 15:00:46 GMT
Server
nginx
ETag
"61e8279e-47d5"
X-Powered-By
PleskLin
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18389
downlogo.svg
mehmettaytak.com/l/TRACKING/img/ Frame E38B
14 KB
14 KB
Image
General
Full URL
https://mehmettaytak.com/l/TRACKING/img/downlogo.svg
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS
ns1.fikrialemdijital.com
Software
nginx / PleskLin
Resource Hash
6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/l/TRACKING/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 15 Jan 2023 16:42:05 GMT
Last-Modified
Thu, 03 Jun 2021 14:04:36 GMT
Server
nginx
ETag
"60b8e174-37b3"
X-Powered-By
PleskLin
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14259
gov-canada-logo.svg
www.23323232.ca/cpc/assets/cpc/img/logos/ Frame E38B
0
0

anchor
www.google.com/recaptcha/api2/ Frame 7762
43 KB
23 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6ca0f9cdc961e227a54b7c1b883756f31fe41e633f10f901f831fdd6b6d97100
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-mxSRy3ljOg3YEaYvjlFgrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mehmettaytak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
23209
content-security-policy
script-src 'report-sample' 'nonce-mxSRy3ljOg3YEaYvjlFgrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:31 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
SV_71iOFlig0vNugpn
evaluation.23323232-postescanada.ca/jfe/form/ Frame 3B1E
0
0

activityi;dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BRef...
9852050.fls.doubleclick.net/ Frame B657
Redirect Chain
  • https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BR...
  • https://9852050.fls.doubleclick.net/activityi;dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...
646 B
530 B
Document
General
Full URL
https://9852050.fls.doubleclick.net/activityi;dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.208.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s43-in-f6.1e100.net
Software
cafe /
Resource Hash
08d5adcfe29836fa45ab8649952bcc96ae5e2ab73166d3ec563f9c2380aa2222
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mehmettaytak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
357
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:32 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:32 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9852050.fls.doubleclick.net/activityi;dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
bframe
www.google.com/recaptcha/api2/ Frame C2E8
7 KB
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
aa7f9f12d36899c4b169d059a72c106091c5b3e0bc6cdbd5a1024c1faa995247
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-72KAE_l7nIh2ZyXPt_FkrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mehmettaytak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
1117
content-security-policy
script-src 'report-sample' 'nonce-72KAE_l7nIh2ZyXPt_FkrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:31 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
gov-canada-logo.svg
www.23323232.ca/cpc/assets/cpc/img/logos/ Frame E38B
0
0

styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 7762
0
0
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 7762
0
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://mehmettaytak.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 13:14:53 GMT
x-content-type-options
nosniff
age
185258
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 13:14:53 GMT
search.svg
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/
Redirect Chain
  • https://www.canadapost.ca/cpc/assets/cpc/img/icons/search.svg
  • https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
320 B
4 KB
Image
General
Full URL
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css
Protocol
HTTP/1.1
Server
2a02:26f0:f700:494::1dc5 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'
strict-transport-security
max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
Date
Sun, 15 Jan 2023 16:42:32 GMT
Content-Encoding
gzip
x-permitted-cross-domain-policies
master-only
content-security-policy-report-only
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
p3p
CP="NON CUR OTPi OUR NOR UNI"
Connection
keep-alive
Content-Length
218
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
Last-Modified
Mon, 05 Feb 2018 18:44:49 GMT
ETag
"5a78a621-140"
x-frame-options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=86400, private
Accept-Ranges
bytes
Expires
Mon, 03 Oct 2022 07:18:58 GMT

Redirect headers

Location
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
Date
Sun, 15 Jan 2023 16:42:31 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
alert.svg
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/
Redirect Chain
  • https://www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
  • https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
1007 B
4 KB
Image
General
Full URL
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css
Protocol
HTTP/1.1
Server
2a02:26f0:f700:494::1dc5 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e62e54914dbabecaaaa6b6ba4b605ec384be240d485555452e7e094a3c5d9b7c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'
strict-transport-security
max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
Date
Sun, 15 Jan 2023 16:42:32 GMT
Content-Encoding
gzip
x-permitted-cross-domain-policies
master-only
content-security-policy-report-only
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
p3p
CP="NON CUR OTPi OUR NOR UNI"
Connection
keep-alive
Content-Length
455
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
Last-Modified
Fri, 26 Jan 2018 16:25:10 GMT
ETag
"5a6b5666-3ef"
x-frame-options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=86400, private
Accept-Ranges
bytes
Expires
Thu, 29 Sep 2022 12:19:08 GMT

Redirect headers

Location
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
Date
Sun, 15 Jan 2023 16:42:31 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://mehmettaytak.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 20:22:20 GMT
x-content-type-options
nosniff
age
159611
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15740
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 20:22:20 GMT
cancel.svg
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/
Redirect Chain
  • https://www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
  • https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
817 B
4 KB
Image
General
Full URL
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css
Protocol
HTTP/1.1
Server
2a02:26f0:f700:494::1dc5 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8608c8e2dcc2a14b5b21503077bf54d62a215a013a4eb7b80b09099d201a445e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'
strict-transport-security
max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
Date
Sun, 15 Jan 2023 16:42:32 GMT
Content-Encoding
gzip
x-permitted-cross-domain-policies
master-only
content-security-policy-report-only
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
p3p
CP="NON CUR OTPi OUR NOR UNI"
Connection
keep-alive
Content-Length
377
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
Last-Modified
Fri, 26 Jan 2018 16:25:10 GMT
ETag
"5a6b5666-331"
x-frame-options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=86400, private
Accept-Ranges
bytes
Expires
Wed, 28 Sep 2022 10:14:23 GMT

Redirect headers

Location
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
Date
Sun, 15 Jan 2023 16:42:31 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
feedback.svg
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/
Redirect Chain
  • https://www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
  • https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
724 B
4 KB
Image
General
Full URL
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css
Protocol
HTTP/1.1
Server
2a02:26f0:f700:494::1dc5 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
acf56f4833ccd8789f66864deae46f9a6efb8625f15b9e5996a00e5634f094e1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'
strict-transport-security
max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
Date
Sun, 15 Jan 2023 16:42:32 GMT
Content-Encoding
gzip
x-permitted-cross-domain-policies
master-only
content-security-policy-report-only
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
p3p
CP="NON CUR OTPi OUR NOR UNI"
Connection
keep-alive
Content-Length
382
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
Last-Modified
Mon, 05 Feb 2018 18:45:12 GMT
ETag
"5a78a638-2d4"
x-frame-options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=86400, private
Accept-Ranges
bytes
Expires
Mon, 03 Oct 2022 07:00:39 GMT

Redirect headers

Location
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
Date
Sun, 15 Jan 2023 16:42:31 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://mehmettaytak.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date
Wed, 11 Jan 2023 20:10:25 GMT
x-content-type-options
nosniff
age
333126
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 11 Jan 2024 20:10:25 GMT
KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/
10 KB
10 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://mehmettaytak.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 05:13:29 GMT
x-content-type-options
nosniff
age
214142
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9840
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 05:13:29 GMT
css
fonts.googleapis.com/ Frame E38B
8 KB
789 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Requested by
Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mehmettaytak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 15 Jan 2023 16:42:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 15 Jan 2023 16:13:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 15 Jan 2023 16:42:31 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame C2E8
0
0
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame C2E8
0
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u...
adservice.google.com/ddm/fls/i/ Frame 5114
645 B
826 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/activityi;dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fe8b43cff274c2bbce61d85ba821b36cbaefd91c23ee3b468486d434ac39aaf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://9852050.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
358
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:32 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u...
9852050.fls.doubleclick.net/ddm/fls/r/ Frame CA9F
Redirect Chain
  • https://adservice.google.de/ddm/fls/i/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Na...
  • https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...
851 B
356 B
Document
General
Full URL
https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.208.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s43-in-f6.1e100.net
Software
cafe /
Resource Hash
6042ad8c3bdcc3ab368872b5df39419ea249d06ff935990cd5d84e0318d3f091
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
br
content-length
331
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:32 GMT
expires
Sun, 15 Jan 2023 16:42:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:32 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
conversion.js
www.googleadservices.com/pagead/ Frame CA9F
45 KB
17 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
14f83d37619780f5412503666cfd263ee69956e5788b513a12d214b74e0a6ae3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date
Sun, 15 Jan 2023 16:42:32 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16839
x-xss-protection
0
server
cafe
etag
6595900510577199317
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 15 Jan 2023 16:42:32 GMT
dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u...
adservice.google.com/ddm/fls/i/ Frame B04E
645 B
427 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/activityi;dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecb2b9ac36ba5e681e8544086ec069cdf042bd0fd5816f39000e002b67f2f786
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://9852050.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
357
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:32 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/conversion/674834224/ Frame CA9F
2 KB
1 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/674834224/?random=1673800952869&cv=9&fst=1673800952869&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCILXrLmCyvwCFeIGaAgd5XYHvQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
ee36f50feb83186d2aa941491d2bf6c59dd0086074656babf0109ed69741bd93
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 15 Jan 2023 16:42:32 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1264
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u...
9852050.fls.doubleclick.net/ddm/fls/r/ Frame 0EDB
Redirect Chain
  • https://adservice.google.de/ddm/fls/i/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Na...
  • https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...
851 B
354 B
Document
General
Full URL
https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.208.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s43-in-f6.1e100.net
Software
cafe /
Resource Hash
6042ad8c3bdcc3ab368872b5df39419ea249d06ff935990cd5d84e0318d3f091
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
br
content-length
331
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:33 GMT
expires
Sun, 15 Jan 2023 16:42:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 16:42:32 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.google.de/pagead/1p-conversion/674834224/ Frame CA9F
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=1696126099&cv=9&fst=1673800952869&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=3756032...
  • https://www.google.com/pagead/1p-conversion/674834224/?random=1696126099&cv=9&fst=1673800952869&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&...
  • https://www.google.de/pagead/1p-conversion/674834224/?random=1696126099&cv=9&fst=1673800952869&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u...
42 B
548 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/674834224/?random=1696126099&cv=9&fst=1673800952869&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCILXrLmCyvwCFeIGaAgd5XYHvQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=-CzEY5WPNpCQmLAPmoa-2Ak&cid=CAQSKQDq26N987wFlUPC8Xww6mTqiHXCMVzjrR6tAEWzBcmL3McopgGO3UsRIBM&random=374256938&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CILXrLmCyvwCFeIGaAgd5XYHvQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Protocol
H2
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 15 Jan 2023 16:42:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 15 Jan 2023 16:42:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/674834224/?random=1696126099&cv=9&fst=1673800952869&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCILXrLmCyvwCFeIGaAgd5XYHvQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=-CzEY5WPNpCQmLAPmoa-2Ak&cid=CAQSKQDq26N987wFlUPC8Xww6mTqiHXCMVzjrR6tAEWzBcmL3McopgGO3UsRIBM&random=374256938&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion.js
www.googleadservices.com/pagead/ Frame 0EDB
45 KB
16 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
14f83d37619780f5412503666cfd263ee69956e5788b513a12d214b74e0a6ae3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date
Sun, 15 Jan 2023 16:42:33 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16839
x-xss-protection
0
server
cafe
etag
6595900510577199317
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 15 Jan 2023 16:42:33 GMT
/
www.googleadservices.com/pagead/conversion/674834224/ Frame 0EDB
2 KB
1 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/674834224/?random=1673800953236&cv=9&fst=1673800953236&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKzjrLmCyvwCFZFcDQodPs0DMA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
04342cfc0478f6308feab3147290f0b0f00d26c8b525f5a221de96ad4818babb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 15 Jan 2023 16:42:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1267
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/674834224/ Frame 0EDB
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=946376404&cv=9&fst=1673800953236&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=37560326...
  • https://www.google.com/pagead/1p-conversion/674834224/?random=946376404&cv=9&fst=1673800953236&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u...
  • https://www.google.de/pagead/1p-conversion/674834224/?random=946376404&cv=9&fst=1673800953236&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_...
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/674834224/?random=946376404&cv=9&fst=1673800953236&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKzjrLmCyvwCFZFcDQodPs0DMA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=-SzEY8KlD4KtxwK3nq-ABQ&cid=CAQSKQDq26N9c71dnif46PZnmJCQM0m4X-da1RzdB9SpfeNBeoYnRJ2KEAWTIBM&random=541098090&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CKzjrLmCyvwCFZFcDQodPs0DMA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Protocol
H2
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 15 Jan 2023 16:42:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 15 Jan 2023 16:42:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/674834224/?random=946376404&cv=9&fst=1673800953236&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCKzjrLmCyvwCFZFcDQodPs0DMA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=-SzEY8KlD4KtxwK3nq-ABQ&cid=CAQSKQDq26N9c71dnif46PZnmJCQM0m4X-da1RzdB9SpfeNBeoYnRJ2KEAWTIBM&random=541098090&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.23323232.ca
URL
https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg
Domain
evaluation.23323232-postescanada.ca
URL
https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
Domain
www.23323232.ca
URL
https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg
Domain
www.23323232.ca
URL
https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg
Domain
evaluation.23323232-postescanada.ca
URL
https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
Domain
www.23323232.ca
URL
https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canada Post (Transportation)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| oncontentvisibilityautostatechange

2 Cookies

Domain/Path Name / Value
mehmettaytak.com/ Name: PHPSESSID
Value: s9reg5s73njf6e319o1j1910lc
.doubleclick.net/ Name: IDE
Value: AHWqTUmIPmnUw-lt8hXJIo-TAJP6C645JhZDtsokuzJk0al49LrPG6nrQh1PBWyyKLE

12 Console Messages

Source Level URL
Text
network error URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9852050.fls.doubleclick.net
adservice.google.com
adservice.google.de
evaluation.23323232-postescanada.ca
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
mehmettaytak.com
postoffice255.click
www.23323232.ca
www.canadapost-postescanada.ca
www.canadapost.ca
www.google.com
www.google.de
www.googleadservices.com
www.gstatic.com
evaluation.23323232-postescanada.ca
www.23323232.ca
142.250.186.66
142.251.208.166
162.55.134.234
217.116.205.52
2a00:1450:4001:80b::2002
2a00:1450:4001:811::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2003
2a00:1450:400d:806::200a
2a00:1450:400d:80a::2003
2a00:1450:400d:80c::2004
2a02:26f0:f700:494::1dc5
2a02:26f0:f700:4a4::1dc5
04342cfc0478f6308feab3147290f0b0f00d26c8b525f5a221de96ad4818babb
08d5adcfe29836fa45ab8649952bcc96ae5e2ab73166d3ec563f9c2380aa2222
14f83d37619780f5412503666cfd263ee69956e5788b513a12d214b74e0a6ae3
216da4960223c3fcc55a0fa7942b8c3ef1d21b7fb2143e7ec5e6cd32c13aa13f
2b4927c0cfa60092e2f98f11d0bbb2b81041772b98cda960b596c263e4c00685
3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113
3282572fde87063e4842f0d7399f0af21c1daee8ddae0a82f6cb7b53b484932e
3440408a07a8f845efa22fd212136d9b276fb1fb08562e5c9d0d7120b1b3d3e4
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
577827a8fa6b338a6d3b731265032badb3c4913f61d4e99bf4269ef4eb3866d7
6042ad8c3bdcc3ab368872b5df39419ea249d06ff935990cd5d84e0318d3f091
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3
6ca0f9cdc961e227a54b7c1b883756f31fe41e633f10f901f831fdd6b6d97100
8608c8e2dcc2a14b5b21503077bf54d62a215a013a4eb7b80b09099d201a445e
87455028a326735882cbfe69b67ac225493263627e4118743f63730619dffcbb
a61def1cd61dedd0cccbcefcf32bf6e718434265d41fe7a16ab367fed074e57b
a91bc5a719815d9f10d35af1eccc3a16e61ea14a3205dbb42251d0762be5c3e5
aa7f9f12d36899c4b169d059a72c106091c5b3e0bc6cdbd5a1024c1faa995247
acf56f4833ccd8789f66864deae46f9a6efb8625f15b9e5996a00e5634f094e1
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
d516c1321f35fb57ddb9ea1b0abaa62a61866b8760fb7e8855a8ba98c70d1abf
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87
e62e54914dbabecaaaa6b6ba4b605ec384be240d485555452e7e094a3c5d9b7c
ecb2b9ac36ba5e681e8544086ec069cdf042bd0fd5816f39000e002b67f2f786
ee36f50feb83186d2aa941491d2bf6c59dd0086074656babf0109ed69741bd93
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fe8b43cff274c2bbce61d85ba821b36cbaefd91c23ee3b468486d434ac39aaf9