mehmettaytak.com Open in urlscan Pro
217.116.205.52 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://postoffice257.click/l/?i90s
Effective URL:
https://mehmettaytak.com/l/TRACKING/index.php
Submission: On January 16 via api (January 16th 2023, 7:58:33 am UTC) from LU — Scanned from DE

Summary HTTP 54 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 54 HTTP transactions. The main IP is 217.116.205.52, located in Turkey and belongs to HOSTHANE, TR. The main domain is mehmettaytak.com.
TLS certificate: Issued by R3 on December 31st 2022. Valid for: 3 months.

This is the only time mehmettaytak.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canada Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	162.55.134.234 162.55.134.234	24940 (HETZNER-AS) (HETZNER-AS)
14	217.116.205.52 217.116.205.52	49879 (HOSTHANE) (HOSTHANE)
2 6	2a00:1450:400... 2a00:1450:400d:80a::2004	15169 (GOOGLE) (GOOGLE)
2 5	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:400d:802::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
4 8	2a02:26f0:350... 2a02:26f0:3500:2bf::1dc5	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:400d:803::2002	15169 (GOOGLE) (GOOGLE)
4	142.251.39.2 142.251.39.2	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:400d:802::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
54	12

1 162.55.134.234 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: server.codemaker.pt

postoffice257.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 217.116.205.52 (Turkey)

ASN49879 (HOSTHANE, TR)
PTR: ns1.fikrialemdijital.com

mehmettaytak.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:80a::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

9852050.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:400d:802::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:26f0:3500:2bf::1dc5 (Frankfurt am Main, Germany) 4 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.canadapost.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.canadapost-postescanada.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:803::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.39.2 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s37-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:807::2002 (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:802::2002 (Ireland) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	mehmettaytak.com mehmettaytak.com	200 KB
12	gstatic.com www.gstatic.com fonts.gstatic.com	57 KB
8	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 70	50 KB
7	doubleclick.net 4 redirects 9852050.fls.doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 33	4 KB
4	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 171	36 KB
4	canadapost-postescanada.ca www.canadapost-postescanada.ca — Cisco Umbrella Rank: 64634	7 KB
4	canadapost.ca 4 redirects www.canadapost.ca — Cisco Umbrella Rank: 65513	1 KB
3	google.de 1 redirects adservice.google.de — Cisco Umbrella Rank: 8470 www.google.de — Cisco Umbrella Rank: 5983	2 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
1	postoffice257.click postoffice257.click	255 B
0	23323232-postescanada.ca Failed evaluation.23323232-postescanada.ca Failed
0	23323232.ca Failed www.23323232.ca Failed
54	12

	Domain	Requested by
14	mehmettaytak.com	mehmettaytak.com
8	www.gstatic.com	www.google.com
6	www.google.com	2 redirects mehmettaytak.com
5	9852050.fls.doubleclick.net	2 redirects mehmettaytak.com adservice.google.com
4	www.googleadservices.com	9852050.fls.doubleclick.net www.googleadservices.com
4	www.canadapost-postescanada.ca	mehmettaytak.com
4	www.canadapost.ca	4 redirects
4	fonts.gstatic.com	fonts.googleapis.com
2	www.google.de	9852050.fls.doubleclick.net
2	googleads.g.doubleclick.net	2 redirects
2	adservice.google.com	9852050.fls.doubleclick.net
2	fonts.googleapis.com	mehmettaytak.com
1	adservice.google.de	1 redirects
1	postoffice257.click
0	evaluation.23323232-postescanada.ca Failed	mehmettaytak.com
0	www.23323232.ca Failed	mehmettaytak.com
54	16

This site contains links to these domains. Also see Links.

Domain
www.23323232.ca
www.facebook.com
twitter.com
www.instagram.com
www.linkedin.com
www.youtube.com
infopost.ca
mysite.23323232.ca
www.canada.ca

Subject Issuer	Validity	Valid
abarbosafilhos.pt R3	`2023-01-12` - `2023-04-12`	3 months	crt.sh
mehmettaytak.com R3	`2022-12-31` - `2023-03-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh

This page contains 12 frames:

Primary Page: https://mehmettaytak.com/l/TRACKING/index.php
Frame ID: 7E96B884030EADC985ED21FAB08B2297
Requests: 19 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Frame ID: 2A434837DCBC80AFA05AE89439F89BD3
Requests: 3 HTTP requests in this frame

Frame: https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
Frame ID: 379494E145F3FDB6F4662830605D1DCE
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: 9EBA2639CBA1E836954957C52F9C5F19
Requests: 1 HTTP requests in this frame

Frame: https://mehmettaytak.com/l/TRACKING/index.php
Frame ID: 9E7BCA8010CC69E937BDB8FDF7E30A0D
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Frame ID: ADE89611DB9EE1FF720027C4CD0F9911
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Frame ID: 2CA8355407913FB1BBDD96F49184CAC6
Requests: 3 HTTP requests in this frame

Frame: https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
Frame ID: 9C23F8434C334343236574A998879B97
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnSzZfPy_wCFfFFHgIdnDYGpQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: 81F553351244BD3ECB472708B02AFBBE
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Frame ID: 157D5D92623521F6E159C45DC41D0185
Requests: 3 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: EEEE9E3CB63C62C6B1497FA09C79FF98
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: 6C849C371A874A6E601DEF409AF8CD4C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

InformationFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTubeFacebookTwitterInstagramLinkedinYouTube

Page URL History Show full URLs

https://postoffice257.click/l/?i90s Page URL
https://mehmettaytak.com/l/TRACKING/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+foundation[^>"]+css

Page Statistics

54
Requests

76 %
HTTPS

69 %
IPv6

12
Domains

16
Subdomains

12
IPs

4
Countries

353 kB
Transfer

1320 kB
Size

2
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.23323232.ca/dash-tableau/en
Title: My account

Search URL Search Domain Scan URL

URL: https://www.facebook.com/23323232
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/23323232corp
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/23323232agram/?hl=en
Title: Instagram

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/canada-post?trk=company_name
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/postes23323232
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.23323232.ca/web/en/pages/support/default.page
Title: Need help?

Search URL Search Domain Scan URL

URL: https://www.23323232.ca/web/en/pages/support/default.page#panel2-3
Title: Contact us

Search URL Search Domain Scan URL

URL: https://infopost.ca/
Title: I'm an employee

Search URL Search Domain Scan URL

URL: https://mysite.23323232.ca/saml2/idp/sso?saml2sp=https%3A%2F%2Fwww.successfactors.com%2FS000016952T1&RelayState=%2Fsf%2Fhome
Title: Talent Zone

Search URL Search Domain Scan URL

URL: https://www.23323232.ca/blogs/business
Title: Business Matters

Search URL Search Domain Scan URL

URL: https://www.23323232.ca/blogs/personal
Title: Canada Post Magazine

Search URL Search Domain Scan URL

URL: https://www.23323232.ca/web/en/kb/details.page?article=legal_terms_of_use&cattype=kb&cat=generalinquiries&subcat=generalinformation
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.canada.ca/

Search URL Search Domain Scan URL

URL: https://www.23323232.ca/info/mc/personal/postalcode/fpc.jsf
Title: Look up a postal code

Search URL Search Domain Scan URL

URL: https://www.23323232.ca/track-reperage/en
Title: Track

Search URL Search Domain Scan URL

URL: https://www.23323232.ca/tools/pg/default-e.asp
Title: All postal guides

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://postoffice257.click/l/?i90s Page URL
https://mehmettaytak.com/l/TRACKING/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal HTTP 302
https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal

Request Chain 28

https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal HTTP 302
https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnSzZfPy_wCFfFFHgIdnDYGpQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal

Request Chain 32

https://www.canadapost.ca/cpc/assets/cpc/img/icons/search.svg HTTP 301
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg

Request Chain 33

https://www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg HTTP 301
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg

Request Chain 35

https://www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg HTTP 301
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg

Request Chain 36

https://www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg HTTP 301
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg

Request Chain 47

https://adservice.google.de/ddm/fls/i/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal HTTP 302
https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal

Request Chain 49

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=901138227&cv=9&fst=1673855910793&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMnSzZfPy_wCFfFFHgIdnDYGpQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fmehmettaytak.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=pgPFY4S1MsHA1wabl7uIAw&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/674834224/?random=901138227&cv=9&fst=1673855910793&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMnSzZfPy_wCFfFFHgIdnDYGpQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fmehmettaytak.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=pgPFY4S1MsHA1wabl7uIAw&cid=CAQSKQDq26N9U_r7ROkYafL70sd9xbAGKXr0fHaJ2N_gqmXEi3EnuTdgIcLgIBM&random=1403826761&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/674834224/?random=901138227&cv=9&fst=1673855910793&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMnSzZfPy_wCFfFFHgIdnDYGpQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fmehmettaytak.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=pgPFY4S1MsHA1wabl7uIAw&cid=CAQSKQDq26N9U_r7ROkYafL70sd9xbAGKXr0fHaJ2N_gqmXEi3EnuTdgIcLgIBM&random=1403826761&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Request Chain 52

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=807083573&cv=9&fst=1673855910956&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCMnRx5fPy_wCFdNXwgodvKsJLg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=pgPFY4WMPMGP1waV_aGIDg&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/674834224/?random=807083573&cv=9&fst=1673855910956&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCMnRx5fPy_wCFdNXwgodvKsJLg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=pgPFY4WMPMGP1waV_aGIDg&cid=CAQSKQDq26N9kq4t7lCYLqE9rCLt_DegdtcIB3LDgiAAgkRKWdfKs_GJBxMxIBM&random=1389686977&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/674834224/?random=807083573&cv=9&fst=1673855910956&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCMnRx5fPy_wCFdNXwgodvKsJLg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=pgPFY4WMPMGP1waV_aGIDg&cid=CAQSKQDq26N9kq4t7lCYLqE9rCLt_DegdtcIB3LDgiAAgkRKWdfKs_GJBxMxIBM&random=1389686977&resp=GooglemKTybQhCsO&ipr=y&prhg=0

54 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
postoffice257.click/l/ 90 B
255 B 205ms
19ms Document
text/html 162.55.134.234
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://postoffice257.click/l/?i90s
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.55.134.234 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server.codemaker.pt
Software: nginx / PHP/8.0.27 PleskLin
Resource Hash: 577827a8fa6b338a6d3b731265032badb3c4913f61d4e99bf4269ef4eb3866d7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 107
content-type: text/html; charset=UTF-8
date: Mon, 16 Jan 2023 07:58:29 GMT
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.0.27 PleskLin

GET
H/1.1 200
OK Primary Request index.php Show response
mehmettaytak.com/l/TRACKING/ 52 KB
11 KB 675ms
111ms Document
text/html 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to

Full URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PHP/7.4.33 PleskLin
Resource Hash: a91bc5a719815d9f10d35af1eccc3a16e61ea14a3205dbb42251d0762be5c3e5

Request headers

Referer: https://postoffice257.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: br
Content-Type: text/html; charset=UTF-8
Date: Mon, 16 Jan 2023 07:58:03 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.33 PleskLin

GET
H/1.1 200
OK foundation.css
mehmettaytak.com/l/TRACKING/css/ 205 KB
20 KB 88ms
87ms Stylesheet
text/css 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to

Full URL: https://mehmettaytak.com/l/TRACKING/css/foundation.css?version=2104.04.2427
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: 216da4960223c3fcc55a0fa7942b8c3ef1d21b7fb2143e7ec5e6cd32c13aa13f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Content-Encoding: br
Last-Modified: Thu, 03 Jun 2021 14:04:36 GMT
Server: nginx
ETag: W/"60b8e174-33543"
X-Powered-By: PleskLin
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK cwc.css
mehmettaytak.com/l/TRACKING/css/ 191 KB
18 KB 167ms
78ms Stylesheet
text/css 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to

Full URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: a61def1cd61dedd0cccbcefcf32bf6e718434265d41fe7a16ab367fed074e57b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Content-Encoding: br
Last-Modified: Thu, 03 Jun 2021 14:04:34 GMT
Server: nginx
ETag: W/"60b8e172-2fdaf"
X-Powered-By: PleskLin
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK styles.css
mehmettaytak.com/l/TRACKING/css/ 32 KB
6 KB 183ms
70ms Stylesheet
text/css 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to

Full URL: https://mehmettaytak.com/l/TRACKING/css/styles.css?version=2104.04.2427
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: 3282572fde87063e4842f0d7399f0af21c1daee8ddae0a82f6cb7b53b484932e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Content-Encoding: br
Last-Modified: Wed, 19 Jan 2022 15:13:52 GMT
Server: nginx
ETag: W/"61e82ab0-7e58"
X-Powered-By: PleskLin
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK logo.svg
mehmettaytak.com/l/TRACKING/img/ 12 KB
12 KB 233ms
115ms Image
image/svg+xml 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mehmettaytak.com/l/TRACKING/img/logo.svg
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Last-Modified: Thu, 03 Jun 2021 14:04:36 GMT
Server: nginx
ETag: "60b8e174-3037"
X-Powered-By: PleskLin
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12343

GET
H/1.1 200
OK logo.png
mehmettaytak.com/l/TRACKING/img/ 18 KB
18 KB 250ms
128ms Image
image/png 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mehmettaytak.com/l/TRACKING/img/logo.png
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: 87455028a326735882cbfe69b67ac225493263627e4118743f63730619dffcbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Last-Modified: Wed, 19 Jan 2022 15:00:46 GMT
Server: nginx
ETag: "61e8279e-47d5"
X-Powered-By: PleskLin
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18389

GET
H/1.1 200
OK downlogo.svg
mehmettaytak.com/l/TRACKING/img/ 14 KB
14 KB 253ms
127ms Image
image/svg+xml 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mehmettaytak.com/l/TRACKING/img/downlogo.svg
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: 6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Last-Modified: Thu, 03 Jun 2021 14:04:36 GMT
Server: nginx
ETag: "60b8e174-37b3"
X-Powered-By: PleskLin
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14259

GET gov-canada-logo.svg
www.23323232.ca/cpc/assets/cpc/img/logos/ 0
0

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 2A43 43 KB
23 KB 147ms
69ms Document
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

805450a18a382c9084f0118373a41dd1f176876f5f0a6ff60670039117f0f522

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4rNQQBp6vxcIVtjXZQKWSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mehmettaytak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 23066
content-security-policy: script-src 'report-sample' 'nonce-4rNQQBp6vxcIVtjXZQKWSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET SV_71iOFlig0vNugpn
evaluation.23323232-postescanada.ca/jfe/form/ Frame 3794 0
0

GET
H2

200

activityi;dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BRef... Show response
9852050.fls.doubleclick.net/ Frame 9EBA
Redirect Chain

https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BR...
https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...

646 B
534 B

53ms
52ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

31ca7287b61e504814ca59bd6a9d4bd5072e53451078afa8fef1bc128de5977e

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mehmettaytak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 358
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK index.php Show response
mehmettaytak.com/l/TRACKING/ Frame 9E7B 52 KB
11 KB 157ms
76ms Document
text/html 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to

Full URL: https://mehmettaytak.com/l/TRACKING/index.php
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PHP/7.4.33 PleskLin
Resource Hash: a91bc5a719815d9f10d35af1eccc3a16e61ea14a3205dbb42251d0762be5c3e5

Request headers

Referer: https://mehmettaytak.com/l/TRACKING/index.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: br
Content-Type: text/html; charset=UTF-8
Date: Mon, 16 Jan 2023 07:58:03 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.33 PleskLin

GET
H2 200 bframe Show response
www.google.com/recaptcha/api2/ Frame ADE8 7 KB
2 KB 120ms
58ms Document
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

581365c74668639f214dcee9797bc95ef2c651f03c9e23d555cee4c9250fffef

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8-8wwrFogSF-JmzUEsAsuQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mehmettaytak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1117
content-security-policy: script-src 'report-sample' 'nonce-8-8wwrFogSF-JmzUEsAsuQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET gov-canada-logo.svg
www.23323232.ca/cpc/assets/cpc/img/logos/ 0
0

GET
H2 404 styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame ADE8 0
0 140ms
62ms Stylesheet
text/html 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

GET
H2 404 recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame ADE8 0
0 237ms
159ms Script
text/html 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 60ms
25ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 16 Jan 2023 07:58:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 16 Jan 2023 06:03:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 16 Jan 2023 07:58:30 GMT

GET
H2 404 styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 2A43 0
0 160ms
97ms Stylesheet
text/html 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

GET
H2 404 recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 2A43 0
0 155ms
93ms Script
text/html 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

GET
H/1.1 200
OK foundation.css
mehmettaytak.com/l/TRACKING/css/ Frame 9E7B 205 KB
20 KB 67ms
66ms Stylesheet
text/css 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to

Full URL: https://mehmettaytak.com/l/TRACKING/css/foundation.css?version=2104.04.2427
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: 216da4960223c3fcc55a0fa7942b8c3ef1d21b7fb2143e7ec5e6cd32c13aa13f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Content-Encoding: br
Last-Modified: Thu, 03 Jun 2021 14:04:36 GMT
Server: nginx
ETag: W/"60b8e174-33543"
X-Powered-By: PleskLin
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK cwc.css
mehmettaytak.com/l/TRACKING/css/ Frame 9E7B 191 KB
18 KB 130ms
129ms Stylesheet
text/css 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to

Full URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: a61def1cd61dedd0cccbcefcf32bf6e718434265d41fe7a16ab367fed074e57b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Content-Encoding: br
Last-Modified: Thu, 03 Jun 2021 14:04:34 GMT
Server: nginx
ETag: W/"60b8e172-2fdaf"
X-Powered-By: PleskLin
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK styles.css
mehmettaytak.com/l/TRACKING/css/ Frame 9E7B 32 KB
6 KB 60ms
59ms Stylesheet
text/css 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to

Full URL: https://mehmettaytak.com/l/TRACKING/css/styles.css?version=2104.04.2427
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: 3282572fde87063e4842f0d7399f0af21c1daee8ddae0a82f6cb7b53b484932e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Content-Encoding: br
Last-Modified: Wed, 19 Jan 2022 15:13:52 GMT
Server: nginx
ETag: W/"61e82ab0-7e58"
X-Powered-By: PleskLin
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK logo.svg
mehmettaytak.com/l/TRACKING/img/ Frame 9E7B 12 KB
12 KB 111ms
63ms Image
image/svg+xml 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mehmettaytak.com/l/TRACKING/img/logo.svg
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Last-Modified: Thu, 03 Jun 2021 14:04:36 GMT
Server: nginx
ETag: "60b8e174-3037"
X-Powered-By: PleskLin
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12343

GET
H/1.1 200
OK logo.png
mehmettaytak.com/l/TRACKING/img/ Frame 9E7B 18 KB
18 KB 121ms
63ms Image
image/png 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mehmettaytak.com/l/TRACKING/img/logo.png
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: 87455028a326735882cbfe69b67ac225493263627e4118743f63730619dffcbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Last-Modified: Wed, 19 Jan 2022 15:00:46 GMT
Server: nginx
ETag: "61e8279e-47d5"
X-Powered-By: PleskLin
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18389

GET
H/1.1 200
OK downlogo.svg
mehmettaytak.com/l/TRACKING/img/ Frame 9E7B 14 KB
14 KB 125ms
59ms Image
image/svg+xml 217.116.205.52
HOSTHANE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mehmettaytak.com/l/TRACKING/img/downlogo.svg
Requested by: Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 217.116.205.52 , Turkey, ASN49879 (HOSTHANE, TR),
Reverse DNS: ns1.fikrialemdijital.com
Software: nginx / PleskLin
Resource Hash: 6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/l/TRACKING/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 07:58:03 GMT
Last-Modified: Thu, 03 Jun 2021 14:04:36 GMT
Server: nginx
ETag: "60b8e174-37b3"
X-Powered-By: PleskLin
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14259

GET gov-canada-logo.svg
www.23323232.ca/cpc/assets/cpc/img/logos/ Frame 9E7B 0
0

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 2CA8 43 KB
23 KB 64ms
63ms Document
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

681f87f70238d21a8f8582567431a22cb4ec69e23bed18e0e33f0c4631924c1e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Iwn20VXGiHfYd4XhHJ-DKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mehmettaytak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 23019
content-security-policy: script-src 'report-sample' 'nonce-Iwn20VXGiHfYd4XhHJ-DKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET SV_71iOFlig0vNugpn
evaluation.23323232-postescanada.ca/jfe/form/ Frame 9C23 0
0

GET
H3

200

activityi;dc_pre=CMnSzZfPy_wCFfFFHgIdnDYGpQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BRef... Show response
9852050.fls.doubleclick.net/ Frame 81F5
Redirect Chain

https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BR...
https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnSzZfPy_wCFfFFHgIdnDYGpQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...

1 KB
593 B

59ms
58ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnSzZfPy_wCFfFFHgIdnDYGpQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

d2340075117e11c5b67121db94b8b89a9b28f73c7c2916e5858ad89690908319

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mehmettaytak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 568
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Mon, 16 Jan 2023 07:58:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnSzZfPy_wCFfFFHgIdnDYGpQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 157D 7 KB
1 KB 59ms
58ms Document
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b4823e743e1407ab6fb5819bac22215faf55f7dc8847c1dc43395690a0444213

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6ppj_00tYOAgyh55z50RWg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mehmettaytak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1116
content-security-policy: script-src 'report-sample' 'nonce-6ppj_00tYOAgyh55z50RWg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET gov-canada-logo.svg
www.23323232.ca/cpc/assets/cpc/img/logos/ Frame 9E7B 0
0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 50ms
14ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mehmettaytak.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:14:53 GMT
x-content-type-options: nosniff
age: 240217
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 13:14:53 GMT

GET
H/1.1

200
OK

search.svg
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/
Redirect Chain

https://www.canadapost.ca/cpc/assets/cpc/img/icons/search.svg
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg

320 B
983 B

238ms
120ms

Image
image/svg+xml

2a02:26f0:3500:2bf::1dc5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css

Protocol

HTTP/1.1

Server

2a02:26f0:3500:2bf::1dc5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
Date: Mon, 16 Jan 2023 07:58:30 GMT
Content-Encoding: gzip
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 218
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
Last-Modified: Mon, 05 Feb 2018 18:44:49 GMT
ETag: "5a78a621-140"
x-frame-options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=86400, private
Accept-Ranges: bytes
Expires: Mon, 11 Oct 2021 07:22:57 GMT

Redirect headers

Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
Date: Mon, 16 Jan 2023 07:58:30 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

alert.svg
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/
Redirect Chain

https://www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg

1007 B
1 KB

439ms
324ms

Image
image/svg+xml

2a02:26f0:3500:2bf::1dc5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css

Protocol

HTTP/1.1

Server

2a02:26f0:3500:2bf::1dc5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e62e54914dbabecaaaa6b6ba4b605ec384be240d485555452e7e094a3c5d9b7c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
Date: Mon, 16 Jan 2023 07:58:31 GMT
Content-Encoding: gzip
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 455
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
Last-Modified: Fri, 26 Jan 2018 16:25:10 GMT
ETag: "5a6b5666-3ef"
x-frame-options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=86400, private
Accept-Ranges: bytes
Expires: Mon, 06 Jun 2022 13:37:51 GMT

Redirect headers

Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
Date: Mon, 16 Jan 2023 07:58:30 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 52ms
17ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mehmettaytak.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 20:22:20 GMT
x-content-type-options: nosniff
age: 214570
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 20:22:20 GMT

GET
H/1.1

200
OK

cancel.svg
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/
Redirect Chain

https://www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg

817 B
1 KB

441ms
326ms

Image
image/svg+xml

2a02:26f0:3500:2bf::1dc5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css

Protocol

HTTP/1.1

Server

2a02:26f0:3500:2bf::1dc5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8608c8e2dcc2a14b5b21503077bf54d62a215a013a4eb7b80b09099d201a445e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
Date: Mon, 16 Jan 2023 07:58:31 GMT
Content-Encoding: gzip
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 377
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
Last-Modified: Fri, 26 Jan 2018 16:25:10 GMT
ETag: "5a6b5666-331"
x-frame-options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=86400, private
Accept-Ranges: bytes
Expires: Tue, 11 May 2021 19:10:21 GMT

Redirect headers

Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
Date: Mon, 16 Jan 2023 07:58:30 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

feedback.svg
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/
Redirect Chain

https://www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg

724 B
4 KB

431ms
316ms

Image
image/svg+xml

2a02:26f0:3500:2bf::1dc5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css

Protocol

HTTP/1.1

Server

2a02:26f0:3500:2bf::1dc5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

acf56f4833ccd8789f66864deae46f9a6efb8625f15b9e5996a00e5634f094e1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
Date: Mon, 16 Jan 2023 07:58:31 GMT
Content-Encoding: gzip
x-permitted-cross-domain-policies: master-only
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 382
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
Last-Modified: Mon, 05 Feb 2018 18:45:12 GMT
ETag: "5a78a638-2d4"
x-frame-options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=86400, private
Accept-Ranges: bytes
Expires: Mon, 03 Oct 2022 07:01:32 GMT

Redirect headers

Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
Date: Mon, 16 Jan 2023 07:58:30 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 58ms
29ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mehmettaytak.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 20:10:25 GMT
x-content-type-options: nosniff
age: 388085
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Jan 2024 20:10:25 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 10 KB
10 KB 61ms
32ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mehmettaytak.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 05:13:29 GMT
x-content-type-options: nosniff
age: 269101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9840
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 05:13:29 GMT

GET
H2 200 dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u... Show response
adservice.google.com/ddm/fls/i/ Frame EEEE 645 B
827 B 149ms
67ms Document
text/html 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal

Requested by

Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e49e7ed32f50cb6ebde49e54dc0a819b9002413ba2b69a95773a0404b4e6847

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9852050.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 359
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 404 styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 2CA8 0
0 218ms
217ms Stylesheet
text/html 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

GET
H2 404 recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 2CA8 0
0 155ms
155ms Script
text/html 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

GET
H2 404 styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 157D 0
0 352ms
351ms Stylesheet
text/html 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

GET
H2 404 recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 157D 0
0 130ms
130ms Script
text/html 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

GET
H2 200 css
fonts.googleapis.com/ Frame 9E7B 8 KB
789 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Requested by

Host: mehmettaytak.com
URL: https://mehmettaytak.com/l/TRACKING/css/cwc.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mehmettaytak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 16 Jan 2023 07:58:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 16 Jan 2023 06:09:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 16 Jan 2023 07:58:30 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ Frame 81F5 45 KB
17 KB 182ms
67ms Script
text/javascript 142.251.39.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/activityi;dc_pre=CMnSzZfPy_wCFfFFHgIdnDYGpQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.39.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s37-in-f2.1e100.net

Software

cafe /

Resource Hash

14f83d37619780f5412503666cfd263ee69956e5788b513a12d214b74e0a6ae3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9852050.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 07:58:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16839
x-xss-protection: 0
server: cafe
etag: 6595900510577199317
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 16 Jan 2023 07:58:30 GMT

GET
H2 200 dc_pre=CMnSzZfPy_wCFfFFHgIdnDYGpQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=*;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=...
adservice.google.com/ddm/fls/z/ Frame 81F5 42 B
118 B 68ms
67ms Image
image/gif 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMnSzZfPy_wCFfFFHgIdnDYGpQ;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=*;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9852050.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Jan 2023 07:58:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u... Show response
9852050.fls.doubleclick.net/ddm/fls/r/ Frame 6C84
Redirect Chain

https://adservice.google.de/ddm/fls/i/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Na...
https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...

851 B
354 B

50ms
50ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

6042ad8c3bdcc3ab368872b5df39419ea249d06ff935990cd5d84e0318d3f091

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 331
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Mon, 16 Jan 2023 07:58:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 16 Jan 2023 07:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/674834224/ Frame 81F5 2 KB
1 KB 57ms
56ms Script
text/javascript 142.251.39.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/674834224/?random=1673855910793&cv=9&fst=1673855910793&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMnSzZfPy_wCFfFFHgIdnDYGpQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fmehmettaytak.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.39.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s37-in-f2.1e100.net

Software

cafe /

Resource Hash

8a9d599099e3b440f7fcf249f1ac2d634191a6966e21dff6e3a478fe1eb1f65f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9852050.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Jan 2023 07:58:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1270
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/674834224/ Frame 81F5
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=901138227&cv=9&fst=1673855910793&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=37560326...
https://www.google.com/pagead/1p-conversion/674834224/?random=901138227&cv=9&fst=1673855910793&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u...
https://www.google.de/pagead/1p-conversion/674834224/?random=901138227&cv=9&fst=1673855910793&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_...

42 B
548 B

68ms
33ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/674834224/?random=901138227&cv=9&fst=1673855910793&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMnSzZfPy_wCFfFFHgIdnDYGpQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fmehmettaytak.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=pgPFY4S1MsHA1wabl7uIAw&cid=CAQSKQDq26N9U_r7ROkYafL70sd9xbAGKXr0fHaJ2N_gqmXEi3EnuTdgIcLgIBM&random=1403826761&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Requested by

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9852050.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Jan 2023 07:58:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 16 Jan 2023 07:58:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/674834224/?random=901138227&cv=9&fst=1673855910793&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMnSzZfPy_wCFfFFHgIdnDYGpQ%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fmehmettaytak.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=pgPFY4S1MsHA1wabl7uIAw&cid=CAQSKQDq26N9U_r7ROkYafL70sd9xbAGKXr0fHaJ2N_gqmXEi3EnuTdgIcLgIBM&random=1403826761&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 conversion.js Show response
www.googleadservices.com/pagead/ Frame 6C84 45 KB
16 KB 75ms
75ms Script
text/javascript 142.251.39.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=CMnRx5fPy_wCFdNXwgodvKsJLg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.39.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s37-in-f2.1e100.net

Software

cafe /

Resource Hash

14f83d37619780f5412503666cfd263ee69956e5788b513a12d214b74e0a6ae3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9852050.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 07:58:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16839
x-xss-protection: 0
server: cafe
etag: 6595900510577199317
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 16 Jan 2023 07:58:30 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/674834224/ Frame 6C84 2 KB
1 KB 56ms
56ms Script
text/javascript 142.251.39.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/674834224/?random=1673855910956&cv=9&fst=1673855910956&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCMnRx5fPy_wCFdNXwgodvKsJLg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.39.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s37-in-f2.1e100.net

Software

cafe /

Resource Hash

f58d41b76b1eaffd377b16f874db9cfb43d97e38d41296c58da7283f99b6f496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9852050.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Jan 2023 07:58:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1268
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/674834224/ Frame 6C84
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=807083573&cv=9&fst=1673855910956&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=37560326...
https://www.google.com/pagead/1p-conversion/674834224/?random=807083573&cv=9&fst=1673855910956&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u...
https://www.google.de/pagead/1p-conversion/674834224/?random=807083573&cv=9&fst=1673855910956&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_...

42 B
108 B

30ms
30ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/674834224/?random=807083573&cv=9&fst=1673855910956&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCMnRx5fPy_wCFdNXwgodvKsJLg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=pgPFY4WMPMGP1waV_aGIDg&cid=CAQSKQDq26N9kq4t7lCYLqE9rCLt_DegdtcIB3LDgiAAgkRKWdfKs_GJBxMxIBM&random=1389686977&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Requested by

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9852050.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Jan 2023 07:58:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 16 Jan 2023 07:58:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/674834224/?random=807083573&cv=9&fst=1673855910956&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCMnRx5fPy_wCFdNXwgodvKsJLg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=pgPFY4WMPMGP1waV_aGIDg&cid=CAQSKQDq26N9kq4t7lCYLqE9rCLt_DegdtcIB3LDgiAAgkRKWdfKs_GJBxMxIBM&random=1389686977&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.23323232.ca
URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg

Domain: evaluation.23323232-postescanada.ca
URL: https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1

Domain: www.23323232.ca
URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg

Domain: www.23323232.ca
URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg

Domain: evaluation.23323232-postescanada.ca
URL: https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1

Domain: www.23323232.ca
URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canada Post (Transportation)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mehmettaytak.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 203b00om6bqnk0clq70oo5j26l
			.doubleclick.net/	1970-01-20 18:19:11	Name: IDE Value: AHWqTUncw6j8gZScio7_KCiZCQyjcCVfm1mX_Wy2WCtsqQOjtJcrGGVyEFFYluABmwM

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://www.23323232.ca/cpc/assets/cpc/img/logos/gov-canada-logo.svg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9852050.fls.doubleclick.net
adservice.google.com
adservice.google.de
evaluation.23323232-postescanada.ca
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
mehmettaytak.com
postoffice257.click
www.23323232.ca
www.canadapost-postescanada.ca
www.canadapost.ca
www.google.com
www.google.de
www.googleadservices.com
www.gstatic.com
evaluation.23323232-postescanada.ca
www.23323232.ca
142.250.185.102
142.251.39.2
162.55.134.234
217.116.205.52
2a00:1450:4001:813::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200a
2a00:1450:400d:802::2002
2a00:1450:400d:802::2003
2a00:1450:400d:803::2002
2a00:1450:400d:807::2002
2a00:1450:400d:80a::2004
2a02:26f0:3500:2bf::1dc5
0e49e7ed32f50cb6ebde49e54dc0a819b9002413ba2b69a95773a0404b4e6847
14f83d37619780f5412503666cfd263ee69956e5788b513a12d214b74e0a6ae3
216da4960223c3fcc55a0fa7942b8c3ef1d21b7fb2143e7ec5e6cd32c13aa13f
31ca7287b61e504814ca59bd6a9d4bd5072e53451078afa8fef1bc128de5977e
3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113
3282572fde87063e4842f0d7399f0af21c1daee8ddae0a82f6cb7b53b484932e
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
577827a8fa6b338a6d3b731265032badb3c4913f61d4e99bf4269ef4eb3866d7
581365c74668639f214dcee9797bc95ef2c651f03c9e23d555cee4c9250fffef
6042ad8c3bdcc3ab368872b5df39419ea249d06ff935990cd5d84e0318d3f091
681f87f70238d21a8f8582567431a22cb4ec69e23bed18e0e33f0c4631924c1e
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
6a50626ef34e5da6014662089f0775c6187d23e5c22379da71203848eac50ee3
805450a18a382c9084f0118373a41dd1f176876f5f0a6ff60670039117f0f522
8608c8e2dcc2a14b5b21503077bf54d62a215a013a4eb7b80b09099d201a445e
87455028a326735882cbfe69b67ac225493263627e4118743f63730619dffcbb
8a9d599099e3b440f7fcf249f1ac2d634191a6966e21dff6e3a478fe1eb1f65f
a61def1cd61dedd0cccbcefcf32bf6e718434265d41fe7a16ab367fed074e57b
a91bc5a719815d9f10d35af1eccc3a16e61ea14a3205dbb42251d0762be5c3e5
acf56f4833ccd8789f66864deae46f9a6efb8625f15b9e5996a00e5634f094e1
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b4823e743e1407ab6fb5819bac22215faf55f7dc8847c1dc43395690a0444213
d2340075117e11c5b67121db94b8b89a9b28f73c7c2916e5858ad89690908319
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87
e62e54914dbabecaaaa6b6ba4b605ec384be240d485555452e7e094a3c5d9b7c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f58d41b76b1eaffd377b16f874db9cfb43d97e38d41296c58da7283f99b6f496
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

mehmettaytak.com Open in urlscan Pro 217.116.205.52 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

54 Requests

76 %HTTPS

69 %IPv6

12 Domains

16 Subdomains

12 IPs

4 Countries

353 kBTransfer

1320 kBSize

2 Cookies

17 Outgoing links

Page URL History

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

mehmettaytak.com Open in urlscan Pro
217.116.205.52 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

76 %
HTTPS

69 %
IPv6

12
Domains

16
Subdomains

12
IPs

4
Countries

353 kB
Transfer

1320 kB
Size

2
Cookies

54 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!