firsatkimden3401.site Open in urlscan Pro
2606:4700:3037::ac43:b373 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term...
Submission: On September 02 via api (September 2nd 2024, 4:11:13 pm UTC) from TR — Scanned from DE

Summary HTTP 146 Redirects Links 52 Behaviour Indicators

Summary

This website contacted 61 IPs in 8 countries across 52 domains to perform 146 HTTP transactions. The main IP is 2606:4700:3037::ac43:b373, located in United States and belongs to CLOUDFLARENET, US. The main domain is firsatkimden3401.site.
TLS certificate: Issued by WE1 on September 1st 2024. Valid for: 3 months.

This is the only time firsatkimden3401.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700:303... 2606:4700:3037::ac43:b373	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.71.57 172.67.71.57	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::681a:ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.67.179.115 172.67.179.115	13335 (CLOUDFLAR...) (CLOUDFLARENET)
46	31.3.2.88 31.3.2.88	21245 (MEDIANOVA...) (MEDIANOVA-CDN)
3	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	172.67.8.141 172.67.8.141	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
1	176.235.128.37 176.235.128.37	34984 (TELLCOM-AS) (TELLCOM-AS)
1	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 _) (CDN77 _)
1	2606:4700:10:... 2606:4700:10::6816:3668	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 5	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0b::9a	15169 (GOOGLE) (GOOGLE)
2	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
1 5	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2	176.235.128.34 176.235.128.34	34984 (TELLCOM-AS) (TELLCOM-AS)
6	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2602:816:5001... 2602:816:5001::39	54113 (FASTLY) (FASTLY)
4	2620:1ec:bdf::44 2620:1ec:bdf::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2620:1ec:33:1... 2620:1ec:33:1::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1 1	91.235.64.232 91.235.64.232	201160 (D-TEK) (D-TEK)
1	34.246.169.171 34.246.169.171	16509 (AMAZON-02) (AMAZON-02)
1 1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1 1	142.250.186.100 142.250.186.100	15169 (GOOGLE) (GOOGLE)
2	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
1 2	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::15 2a02:2638:3::15	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::19 2a02:2638:3::19	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	35.214.136.108 35.214.136.108	15169 (GOOGLE) (GOOGLE)
2 3	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
3	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	185.255.84.152 185.255.84.152	200271 (IGUANE-) (IGUANE-)
1 2	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	54.228.154.232 54.228.154.232	16509 (AMAZON-02) (AMAZON-02)
1	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
1	34.253.43.0 34.253.43.0	16509 (AMAZON-02) (AMAZON-02)
1	34.117.157.22 34.117.157.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	184.30.20.22 184.30.20.22	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.120.103.239 3.120.103.239	16509 (AMAZON-02) (AMAZON-02)
1	35.80.135.250 35.80.135.250	16509 (AMAZON-02) (AMAZON-02)
1	70.42.32.191 70.42.32.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	198.47.127.205 198.47.127.205	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	18.195.234.25 18.195.234.25	16509 (AMAZON-02) (AMAZON-02)
1	23.52.181.90 23.52.181.90	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1f18:612... 2600:1f18:612b:4216:15c:6f8b:c2c7:4e11	14618 (AMAZON-AES) (AMAZON-AES)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	85.215.5.31 85.215.5.31	6786 (CRONON-BE...) (CRONON-BERLIN-AS)
1	23.35.237.75 23.35.237.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.194.169.106 54.194.169.106	16509 (AMAZON-02) (AMAZON-02)
1	18.194.226.218 18.194.226.218	16509 (AMAZON-02) (AMAZON-02)
2 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
3	4.227.249.197 4.227.249.197	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	151.101.193.44 151.101.193.44	54113 (FASTLY) (FASTLY)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
2	172.66.0.227 172.66.0.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
146	61

6 2606:4700:3037::ac43:b373 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

firsatkimden3401.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.71.57 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:ee (United States)

ASN13335 (CLOUDFLARENET, US)

bundles.efilli.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.179.115 (United States)

ASN13335 (CLOUDFLARENET, US)

firsatkimden3401.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 31.3.2.88 (Frankfurt am Main, Germany)

ASN21245 (MEDIANOVA-CDN, TR)

dist-klasor.hangikredi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.hangikredi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.8.141 (United States)

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 176.235.128.37 (Istanbul, Turkey)

ASN34984 (TELLCOM-AS, TR)
PTR: test.hangikredi.com.128.235.176.in-addr.arpa

isortagim.hangikredi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)

tags.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3668 (United States)

ASN13335 (CLOUDFLARENET, US)

rum-static.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2001:4860:4802:34::36 (United States) 2 redirects

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.184.8.90 (Amsterdam, Netherlands) 1 redirects

ASN204995 (RTB-HOUSE-AMS, CY)
PTR: ip-185-184-8-90.rtbhouse.net

ams.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.235.128.34 (Istanbul, Turkey)

ASN34984 (TELLCOM-AS, TR)

reporting.hangikredi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:816:5001::39 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:bdf::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

avlsh.visilabs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rpdn.relateddigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.64.232 (Turkey) 1 redirects

ASN201160 (D-TEK, TR)
PTR: eg-c-4-232.euromsg.net

wps.relateddigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.169.171 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-169-171.eu-west-1.compute.amazonaws.com

rum-collector-2.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.100 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::15 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

fledge.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::19 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

measurement-api.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.136.108 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 108.136.214.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.211.116 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.152 (France)

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.151.101 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.228.154.232 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-154-232.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.117 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.253.43.0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-43-0.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.157.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.157.117.34.bc.googleusercontent.com

matching.ivitrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.20.22 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-22.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.120.103.239 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-103-239.eu-central-1.compute.amazonaws.com

exchange.mediavine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.80.135.250 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-80-135-250.us-west-2.compute.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.191 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.205 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.234.25 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-234-25.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.52.181.90 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-181-90.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4216:15c:6f8b:c2c7:4e11 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

criteo-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.215.5.31 (Germany)

ASN6786 (CRONON-BERLIN-AS, DE)

a.twiago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.237.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-75.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.169.106 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-169-106.eu-west-1.compute.amazonaws.com

sync-criteo.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.194.226.218 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-226-218.eu-central-1.compute.amazonaws.com

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 4.227.249.197 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

u.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.44 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.44 (San Francisco, United States)

ASN54113 (FASTLY, US)

psb.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	hangikredi.com dist-klasor.hangikredi.com cdn.hangikredi.com isortagim.hangikredi.com reporting.hangikredi.com	113 KB
9	firsatkimden3401.site 1 redirects firsatkimden3401.site	46 KB
8	taboola.com sync-t1.taboola.com — Cisco Umbrella Rank: 2447 cdn.taboola.com — Cisco Umbrella Rank: 1198 psb.taboola.com — Cisco Umbrella Rank: 9372 trc.taboola.com — Cisco Umbrella Rank: 1123 trc-events.taboola.com — Cisco Umbrella Rank: 3272	24 KB
6	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 553 sslwidget.criteo.com — Cisco Umbrella Rank: 2867 fledge.eu.criteo.com — Cisco Umbrella Rank: 22953 measurement-api.criteo.com — Cisco Umbrella Rank: 3048 dis.criteo.com — Cisco Umbrella Rank: 1058	6 KB
6	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	7 KB
6	creativecdn.com 1 redirects tags.creativecdn.com — Cisco Umbrella Rank: 7049 ams.creativecdn.com — Cisco Umbrella Rank: 12281	4 KB
5	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 1114 u.clarity.ms — Cisco Umbrella Rank: 8734	28 KB
4	google.com 3 redirects region1.analytics.google.com — Cisco Umbrella Rank: 3773 www.google.com — Cisco Umbrella Rank: 10	2 KB
4	gstatic.com fonts.gstatic.com	52 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 383	3 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	16 KB
3	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 252 googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 cm.g.doubleclick.net — Cisco Umbrella Rank: 363	691 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	314 KB
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	1 KB
2	t.co t.co — Cisco Umbrella Rank: 979	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 741	739 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 319	1 KB
2	casalemedia.com 1 redirects r.casalemedia.com — Cisco Umbrella Rank: 2947	1 KB
2	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 441	957 B
2	relateddigital.com 1 redirects wps.relateddigital.com — Cisco Umbrella Rank: 209408 rpdn.relateddigital.com — Cisco Umbrella Rank: 156492	23 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3123
2	google.de www.google.de — Cisco Umbrella Rank: 6716	127 B
2	pingdom.net rum-static.pingdom.net — Cisco Umbrella Rank: 11368 rum-collector-2.pingdom.net — Cisco Umbrella Rank: 10581	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	67 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	unrulymedia.com sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1897	378 B
1	emxdgt.com e1.emxdgt.com — Cisco Umbrella Rank: 3254	44 B
1	yieldmo.com sync-criteo.ads.yieldmo.com — Cisco Umbrella Rank: 4043	38 B
1	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 7422	235 B
1	twiago.com a.twiago.com — Cisco Umbrella Rank: 49044	153 B
1	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 632	140 B
1	tremorhub.com criteo-partners.tremorhub.com — Cisco Umbrella Rank: 3878	397 B
1	teads.tv criteo-sync.teads.tv — Cisco Umbrella Rank: 3660	163 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 804	58 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 555	239 B
1	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 1358	225 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 1277	218 B
1	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 1508	422 B
1	mediavine.com exchange.mediavine.com — Cisco Umbrella Rank: 2423	884 B
1	media.net contextual.media.net — Cisco Umbrella Rank: 1060	815 B
1	ivitrack.com matching.ivitrack.com — Cisco Umbrella Rank: 15508	265 B
1	360yield.com ad.360yield.com — Cisco Umbrella Rank: 1075	199 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 645	1 KB
1	omnitagjs.com visitor.omnitagjs.com — Cisco Umbrella Rank: 1229	342 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 499	183 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 176	3 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 992	16 KB
1	visilabs.net avlsh.visilabs.net — Cisco Umbrella Rank: 234725	97 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 1453	31 KB
1	amung.us whos.amung.us — Cisco Umbrella Rank: 10888	210 B
1	efilli.com bundles.efilli.com — Cisco Umbrella Rank: 88834	37 KB
1	waust.at waust.at — Cisco Umbrella Rank: 28960	4 KB
146	52

	Domain	Requested by
34	cdn.hangikredi.com	firsatkimden3401.site
12	dist-klasor.hangikredi.com	firsatkimden3401.site
9	firsatkimden3401.site	1 redirects firsatkimden3401.site
6	www.facebook.com	firsatkimden3401.site
5	ams.creativecdn.com	1 redirects firsatkimden3401.site
4	fonts.gstatic.com	dist-klasor.hangikredi.com
3	trc.taboola.com	firsatkimden3401.site
3	u.clarity.ms	firsatkimden3401.site
3	ib.adnxs.com	2 redirects
3	bat.bing.com	firsatkimden3401.site
3	region1.analytics.google.com	2 redirects firsatkimden3401.site
3	www.googletagmanager.com	firsatkimden3401.site
2	trc-events.taboola.com	firsatkimden3401.site
2	analytics.twitter.com
2	t.co
2	sync.1rx.io	2 redirects
2	dpm.demdex.net	1 redirects
2	r.casalemedia.com	1 redirects
2	www.clarity.ms	firsatkimden3401.site
2	gum.criteo.com	1 redirects firsatkimden3401.site
2	bam.nr-data.net	firsatkimden3401.site
2	region1.google-analytics.com
2	reporting.hangikredi.com	isortagim.hangikredi.com
2	www.google.de	firsatkimden3401.site
2	connect.facebook.net	firsatkimden3401.site
1	psb.taboola.com	firsatkimden3401.site
1	static.ads-twitter.com	firsatkimden3401.site
1	cdn.taboola.com	firsatkimden3401.site
1	sync.targeting.unrulymedia.com
1	e1.emxdgt.com
1	sync-criteo.ads.yieldmo.com
1	ad.yieldlab.net
1	a.twiago.com
1	eb2.3lift.com
1	criteo-partners.tremorhub.com
1	criteo-sync.teads.tv
1	match.sharethrough.com
1	pixel.rubiconproject.com
1	simage2.pubmatic.com
1	sync.outbrain.com
1	jadserve.postrelease.com
1	exchange.mediavine.com
1	contextual.media.net
1	matching.ivitrack.com
1	ad.360yield.com
1	id5-sync.com
1	visitor.omnitagjs.com
1	sync-t1.taboola.com
1	dis.criteo.com
1	x.bidswitch.net
1	cm.g.doubleclick.net
1	measurement-api.criteo.com	firsatkimden3401.site
1	fledge.eu.criteo.com	firsatkimden3401.site
1	sslwidget.criteo.com	firsatkimden3401.site
1	www.google.com	1 redirects
1	googleads.g.doubleclick.net	1 redirects
1	rum-collector-2.pingdom.net	firsatkimden3401.site
1	rpdn.relateddigital.com
1	wps.relateddigital.com	1 redirects
1	www.googleadservices.com	firsatkimden3401.site
1	static.criteo.net	firsatkimden3401.site
1	avlsh.visilabs.net	firsatkimden3401.site
1	js-agent.newrelic.com	firsatkimden3401.site
1	stats.g.doubleclick.net	www.googletagmanager.com
1	rum-static.pingdom.net	firsatkimden3401.site
1	tags.creativecdn.com	firsatkimden3401.site
1	isortagim.hangikredi.com	firsatkimden3401.site
1	whos.amung.us	firsatkimden3401.site
1	bundles.efilli.com	firsatkimden3401.site
1	waust.at	firsatkimden3401.site
146	70

This site contains links to these domains. Also see Links.

Domain
www.hangikredi.com
www.garantibbva.com.tr
www.facebook.com
www.youtube.com
twitter.com
www.instagram.com
www.linkedin.com
5u3m.adj.st
www.eticaret.gov.tr
www.kariyer.net
www.sigortam.net
www.arabam.com
www.cimri.com
www.emlakjet.com
www.endeksa.com
www.neredekal.com
www.chemorbis.com
www.steelorbis.com.tr

Subject Issuer	Validity	Valid
firsatkimden3401.site WE1	`2024-09-01` - `2024-11-30`	3 months	crt.sh
waust.at WE1	`2024-08-30` - `2024-11-28`	3 months	crt.sh
efilli.com WE1	`2024-08-26` - `2024-11-24`	3 months	crt.sh
*.hangikredi.com Go Daddy Secure Certificate Authority - G2	`2024-07-12` - `2025-08-13`	a year	crt.sh
*.google-analytics.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
amung.us WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-11` - `2024-09-09`	3 months	crt.sh
1589314308.rsc.cdn77.org E5	`2024-08-07` - `2024-11-05`	3 months	crt.sh
pingdom.net Cloudflare Inc ECC CA-3	`2023-10-14` - `2024-10-13`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.google.de WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2024-04-05` - `2025-04-30`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-21` - `2025-04-22`	a year	crt.sh
avlsh.visilabs.net DigiCert TLS RSA SHA256 2020 CA1	`2024-08-01` - `2025-08-01`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-02` - `2024-11-28`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.googleadservices.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.pingdom.net Amazon RSA 2048 M03	`2023-11-06` - `2024-12-03`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-12` - `2025-08-12`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-26` - `2024-11-20`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-20` - `2024-11-22`	3 months	crt.sh
*.bidswitch.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-16` - `2024-10-16`	3 months	crt.sh
*.taboola.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-07-30` - `2024-12-31`	5 months	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-02` - `2025-08-01`	a year	crt.sh
*.id5-sync.com E5	`2024-09-01` - `2024-11-30`	3 months	crt.sh
*.360yield.com Amazon RSA 2048 M02	`2024-04-28` - `2025-05-27`	a year	crt.sh
itm.ivitrack.com R10	`2024-08-10` - `2024-11-08`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-21` - `2024-12-21`	a year	crt.sh
exchange.mediavine.com Amazon RSA 2048 M02	`2024-05-06` - `2025-06-04`	a year	crt.sh
*.postrelease.com Amazon RSA 2048 M03	`2024-07-31` - `2025-08-30`	a year	crt.sh
*.outbrain.com Thawte TLS RSA CA G1	`2024-07-31` - `2024-11-27`	4 months	crt.sh
*.pubmatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-03-19` - `2025-04-19`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-04-03`	8 months	crt.sh
*.sharethrough.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-07-15` - `2025-08-15`	a year	crt.sh
teads.tv R10	`2024-09-02` - `2024-12-01`	3 months	crt.sh
*.tremorhub.com Amazon RSA 2048 M03	`2024-01-24` - `2025-02-21`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2024-03-13` - `2025-04-11`	a year	crt.sh
*.twiago.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-07` - `2025-01-06`	a year	crt.sh
*.yieldlab.net DigiCert TLS RSA SHA256 2020 CA1	`2024-08-08` - `2025-08-10`	a year	crt.sh
*.ads.yieldmo.com Amazon RSA 2048 M03	`2024-03-04` - `2025-04-03`	a year	crt.sh
*.emxdgt.com Amazon RSA 2048 M03	`2024-04-02` - `2025-05-01`	a year	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
t.co E6	`2024-07-31` - `2024-10-29`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Frame ID: 061DB9FA678928C8BAFEBFFDB4F78677
Requests: 115 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=firsatkimden3401.site&origin=onetag
Frame ID: 4447FF6C271E41B19B331CC2A34281DE
Requests: 1 HTTP requests in this frame

Frame: https://fledge.eu.criteo.com/interest-group?data=bhIN8Hw3d09KS0E1cmZ6SEpQcWRQV243eTQ4cnEzd0tMY3ZIQXZQMXFkM29mU1Vtd3dGaHNleFpISkovaTR5NmYxaXBYdElCbmJacHZGK1J1K0VRd0xHYU9Fbk5UVTNYQytGMlZpaHRraDU4S0IxSzdkSUs5VlJERlFvYUxhT1M2S0dreGxFcXZzY0F1R2hRNU1URTJSaDhEczMxSVB1cWxIV29YNXhOaDNpTHcyL0JXelNLQ3k2N3BES3E5TDhvTTBCek98
Frame ID: E34E8A1DDB0FB2A82A6A3D21B67E9E3E
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-bMBS7pmx_FVo-b0VnxS1tTXfTkVmg9-wbIsP6A&google_cm&google_hm=ay1iTUJTN3BteF9GVm8tYjBWbnhTMXRUWGZUa1ZtZzktd2JJc1A2QQ
Frame ID: 5ED486DC10E9ADDD578121F7E8D39BFB
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=1202105... Page URL
https://firsatkimden3401.site/cdn-cgi/phish-bypass?atok=huOzqwai.BtRqZKix4TJXfJh717wbn3j08rDr9Li_E8-172529... HTTP 301
https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=1202105... Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Criteo (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

//static\.criteo\.net/js/ld/ld\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

146
Requests

93 %
HTTPS

27 %
IPv6

52
Domains

70
Subdomains

61
IPs

8
Countries

918 kB
Transfer

2731 kB
Size

55
Cookies

52 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hangikredi.com/kredi
Title: Kredi

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi/ihtiyac-kredisi
Title: İhtiyaç Kredisi İhtiyaç kredisi faiz oranlarını karşılaştırın, şubeye gitmeden hemen başvurun, size özel faiz oranlarını kaçırmayın.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi/konut-kredisi
Title: Konut Kredisi Hayalinizdeki evi almak için en avantajlı konut kredilerini listeleyin, ev kredisi faiz oranlarını hesaplayın ve ücretsiz başvurun.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi/hesaplama-araclari
Title: Kredi Hesaplama Araçları 20'den fazia bankanın kredi faiz oranlarını karşılaştırabilir, aylık ödemelerinizi kolayca hesaplayabilir, hemen başvuru yapabilirsiniz.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi/tasit-kredisi
Title: Taşıt Kredisi Almak istediğiniz araba için sıfır ve ikinci el taşıt kredilerini hesaplayın, faiz oranlarını karşılaştırın ve ücretsiz başvurun.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi/kobi-kredisi
Title: Kobi Kredisi İşletmeniz için ihtiyaç duyduğunuz KOBİ ve esnaf kredilerini karşılaştırın, en avantajlısına hemen başvurun.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi-karti
Title: Kredi Kartı

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi-karti/sorgulama/aidatsiz-kartlar
Title: Aidatsız Kartlar Aidatsız kredi kartlarını listeleyin, karşılaştırın ve en avantajlısına hızlıca başvurun. Aidat ücreti ödemeden rahatça kullanın.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi-karti/sorgulama/mil-veren-kartlar
Title: Mil Veren Kartlar Uçuşlarınızda kullanmak üzere mil puan biriktirmek için mil veren kredi kartlarını inceleyin, mil avantajlarını kaçırmayın.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi-karti/sorgulama/puan-veren-kartlar
Title: Puan Veren Kartlar Alışverişin keyfini katlayan puanları toplamak için puan veren kartları inceleyin, en avantajlısına hemen başvurun.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi-karti/sorgulama/ogrenci-karti
Title: Öğrenci Kartları En avantajlı öğrenci kredi kartlarını listeleyin, sizin için en avantajlısına hızlıca başvurun.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi-karti/ticari
Title: Ticari Kartlar İşletmeniz için ihtiyaç duyduğunuz ticari kredi kartlarını listeleyin, hemen ücretsiz başvurun.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/yatirim-araclari
Title: Mevduat/Yatırım

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/yatirim-araclari/mevduat-faiz-oranlari
Title: Mevduat 20’den fazla bankanın mevduat getirilerini karşılaştırın. En avantajlı mevduat faiz oranlarına ücretsiz başvurun.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/yatirim-araclari/altin-fiyatlari
Title: Altın Güncel altın fiyatlarını takip edin. Serbest piyasa canlı altın fiyatlarını anlık takip edin, güncel bilgileri kaçırmayın.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/yatirim-araclari/doviz-kurlari
Title: Döviz Döviz kurlarını takip edin. Euro, Dolar, Pound gibi döviz fiyatlarını inceleyin, güncel kalın.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/yatirim-araclari/hisse-senetleri/
Title: Hisse Senetleri Borsa İstanbul'da işlem gören tüm hisse senetlerini takip edebilirsin.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/emekli-bankaciligi
Title: Emekli Bankacılığı Bankaların emekli bankacılığı ürünlerini listeleyin, karşılaştırın ve en avantajlı emekli promosyonlarına hemen başvurun.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/uzaktan-musteri-edinimi
Title: Bankaların Müşterisi Ol Şubeye gitmeden bankaları listeleyin, karşılaştırın, zaman kaybetmeden seçtiğiniz bankanın müşterisi olun.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kredi-notu
Title: HangiKredi Finansal Raporu

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/bilgi-merkezi/
Title: HangiBilgi

Search URL Search Domain Scan URL

URL: https://www.garantibbva.com.tr/krediler/hizli-kredi?utm_source=hangikredi&utm_medium=listeleme&utm_campaign=ihtiyac-kredisi
Title: buraya tıklayın.

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/yatirim-araclari/hisse-senetleri
Title: Hisse Senetleri

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/
Title: Diğer Ürünlerimiz

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/sigorta
Title: Sigorta

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/hakkimizda
Title: Hakkımızda

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/hakkimizda/ekibimiz
Title: Ekibimiz

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/hakkimizda/kariyer
Title: Kariyer

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/hakkimizda/medyada-biz
Title: Medyada Biz

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/hakkimizda/iletisim
Title: İletişim

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/aydinlatma-metni-musteri
Title: Güvenlik

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/dist/files/bilgi-guvenligi-politikasi.pdf
Title: Bilgi Güvenliği Politikamız

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kisisel-verilerin-korunmasi
Title: Kişisel Verilerin Korunması

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/acik-riza-metni
Title: Açık Rıza Metni

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/gizlilik-bildirimi
Title: Gizlilik Bildirimi

Search URL Search Domain Scan URL

URL: https://www.hangikredi.com/kullanim-kosullari
Title: Kullanım Koşulları

Search URL Search Domain Scan URL

URL: https://www.facebook.com/hangikredi

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/HangiKredi

Search URL Search Domain Scan URL

URL: https://twitter.com/hangikredicom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/hangikredi/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/hangikredi.com/

Search URL Search Domain Scan URL

URL: https://5u3m.adj.st/Home?adj_t=5zunjej&adj_campaign=footer

Search URL Search Domain Scan URL

URL: https://www.eticaret.gov.tr/siteprofil/2228157474224568/wwwhangikredicom

Search URL Search Domain Scan URL

URL: https://www.kariyer.net/
Title: Kariyer.net -

Search URL Search Domain Scan URL

URL: https://www.sigortam.net/
Title: Sigortam.net -

Search URL Search Domain Scan URL

URL: https://www.arabam.com/
Title: Arabam.com -

Search URL Search Domain Scan URL

URL: https://www.cimri.com/
Title: Cimri -

Search URL Search Domain Scan URL

URL: https://www.emlakjet.com/
Title: Emlakjet -

Search URL Search Domain Scan URL

URL: https://www.endeksa.com/tr/
Title: Endeksa -

Search URL Search Domain Scan URL

URL: https://www.neredekal.com/
Title: Neredekal.com -

Search URL Search Domain Scan URL

URL: https://www.chemorbis.com/
Title: ChemOrbis -

Search URL Search Domain Scan URL

URL: https://www.steelorbis.com.tr/
Title: SteelOrbis

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ Page URL
https://firsatkimden3401.site/cdn-cgi/phish-bypass?atok=huOzqwai.BtRqZKix4TJXfJh717wbn3j08rDr9Li_E8-1725293462-0.0.1.1-%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ HTTP 301
https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://ams.creativecdn.com/tags/v2?type=json HTTP 307
https://ams.creativecdn.com/tags/v2?type=json&tc=1

Request Chain 79

https://region1.analytics.google.com/g/collect?v=2&tid=G-1QPJPKCB3G&gtm=45je48s0v9126711584z86989590za200zb6989590&_p=1725293468127&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=972998280.1725293469&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=2&sid=1725293468&sct=1&seg=0&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&dr=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&dt=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&en=begin_checkout&_c=1&pr1=id1~nmGaranti%20BBVA%20Yaz%20Kredisi~pr0~brGaranti%20BBVA~qt1~ca%C4%B0htiya%C3%A7%20Kredisi~k0dimension6~v0Evet&ep.pageType=Application&ep.page_name=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&ep.page_category=Kredi&ep.page_midcategory=%C4%B0htiya%C3%A7%20Kredisi&ep.page_subcategory=Yonlendirme&ep.server_code=hangikredistore-86c6dfd7db-b8mls&ep.bot_status=&ep.time_stamp=2024-09-02T18%3A11%3A09.105%2B02%3A00&ep.cd_useragent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F128.0.0.0%20Safari%2F537.36&ep.pipelineName=store-1.hangikredi.com&ep.cd_sessionId=99f6c7d6-a6bf-43ab-a89e-0ec051c82d81&_et=531&tfd=1353 HTTP 302
https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=972998280.1725293469&dbk=1058316243049016540&dma=1&dma_cps=syphamo&en=begin_checkout&gtm=45je48s0v9126711584z86989590za200zb6989590&npa=1&tid=G-1QPJPKCB3G&dl=https%3A%2F%2Ffirsatkimden3401.site%3F

Request Chain 85

https://region1.analytics.google.com/g/collect?v=2&tid=G-1QPJPKCB3G&gtm=45je48s0v9126711584z86989590za200zb6989590&_p=1725293468127&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=972998280.1725293469&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=YA&_s=3&cu=TRY&sid=1725293468&sct=1&seg=0&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&dr=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&dt=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&en=purchase&_c=1&pr1=nmGaranti%20BBVA%20Yaz%20Kredisi~id1~pr4.62~brGaranti%20BBVA~ca%C4%B0htiya%C3%A7%20Kredisi~qt1~k0dimension6~v0Evet&ep.transaction_id=11_58651286&epn.value=4.62&ep.item_list_name=%C4%B0htiya%C3%A7%20Kredisi%20-%20Ba%C5%9Fvuru%20Y%C3%B6nlendirme&ep.tax=&ep.shipping=&_et=18&tfd=1373 HTTP 302
https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=972998280.1725293469&dbk=11090335579882215074&dma=1&dma_cps=syphamo&en=purchase&gtm=45je48s0v9126711584z86989590za200zb6989590&npa=1&tid=G-1QPJPKCB3G&dl=https%3A%2F%2Ffirsatkimden3401.site%3F

Request Chain 91

https://wps.relateddigital.com/relatedpush_sdk.js?ckey=9B4A27155BF6443DA8881C809361F1BD&aid=487c5779-1434-41d4-bc02-da457b1903e5 HTTP 301
https://rpdn.relateddigital.com/rdsdk/9B4A27155BF6443DA8881C809361F1BD/487c5779-1434-41d4-bc02-da457b1903e5.js

Request Chain 94

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/971537583/?random=1742406709&cv=11&fst=1725293469122&bg=ffffff&guid=ON&async=1&gtm=45be48s0v882693891z86989590za201zb6989590&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&label=e6soCJnIngMQr_mhzwM&hn=www.googleadservices.com&frm=0&tiba=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&value=4.62&npa=1&pscdl=noapi&auid=229943164.1725293468&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAkonZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyWgMKAQFiBAoCAgM&eitems=ChEI8MTVtgYQxZbrvLXN2qDsARIdAGZ0zPNi7sQkh3R2Eif_7fGYGuEKk9Dh-PRws4o&pscrd=IhMI1Yj3gtOkiAMV9vMRCB0e_QPEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL2ZpcnNhdGtpbWRlbjM0MDEuc2l0ZS8 HTTP 302
https://www.google.com/pagead/1p-conversion/971537583/?random=1742406709&cv=11&fst=1725293469122&bg=ffffff&guid=ON&async=1&gtm=45be48s0v882693891z86989590za201zb6989590&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&label=e6soCJnIngMQr_mhzwM&hn=www.googleadservices.com&frm=0&tiba=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&value=4.62&npa=1&pscdl=noapi&auid=229943164.1725293468&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAkonZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyWgMKAQFiBAoCAgM&pscrd=IhMI1Yj3gtOkiAMV9vMRCB0e_QPEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL2ZpcnNhdGtpbWRlbjM0MDEuc2l0ZS8&is_vtc=1&cid=CAQSGwDpaXnfqEC-DhohltZT7KMX1s3Xo7DovGPx0Q&eitems=ChEI8MTVtgYQxZbrvLXN2qDsARIdAGZ0zPMlxssVqv2VTqq_qxbGn6-z39erqSHaAQg&random=2293047871 HTTP 302
https://www.google.de/pagead/1p-conversion/971537583/?random=1742406709&cv=11&fst=1725293469122&bg=ffffff&guid=ON&async=1&gtm=45be48s0v882693891z86989590za201zb6989590&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&label=e6soCJnIngMQr_mhzwM&hn=www.googleadservices.com&frm=0&tiba=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&value=4.62&npa=1&pscdl=noapi&auid=229943164.1725293468&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAkonZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyWgMKAQFiBAoCAgM&pscrd=IhMI1Yj3gtOkiAMV9vMRCB0e_QPEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL2ZpcnNhdGtpbWRlbjM0MDEuc2l0ZS8&is_vtc=1&cid=CAQSGwDpaXnfqEC-DhohltZT7KMX1s3Xo7DovGPx0Q&eitems=ChEI8MTVtgYQxZbrvLXN2qDsARIdAGZ0zPMlxssVqv2VTqq_qxbGn6-z39erqSHaAQg&random=2293047871&ipr=y

Request Chain 106

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7732677446541758592

Request Chain 109

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-84ANtZmx_FVo-b0VnxS1tTXfTkUmhDKxge93yw HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-84ANtZmx_FVo-b0VnxS1tTXfTkUmhDKxge93yw&C=1

Request Chain 110

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=MgzHLQ56oqgnKP9ARLUWsutvyvf1x_8a HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=MgzHLQ56oqgnKP9ARLUWsutvyvf1x_8a

Request Chain 128

https://sync.1rx.io/usersync/criteodsp/k-uP7yxpmx_FVo-b0VnxS1tTXfTkWI96LzObcssA HTTP 302
https://sync.1rx.io/usersync/criteodsp/k-uP7yxpmx_FVo-b0VnxS1tTXfTkWI96LzObcssA?zcc=1&cb=1725293470250 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-c32a4cc6-392e-4bad-a3d8-0b443f91460b-003

146 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
firsatkimden3401.site/ 5 KB
2 KB 141ms
43ms Document
text/html 2606:4700:3037::ac43:b373
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:b373 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b46257f718712c2dea44129a43b3adccb92a3a3f6325809c31b85e97c6ae2545

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cf-ray: 8bcec60dea97d3a6-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 02 Sep 2024 16:11:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CaGVAJ0TwzUjEXJ2qks6ta%2ByzoHhkh9p%2FoVeuKePOvofYl7o39cxh%2B82eOsnysiNStb%2Bda6hfrPH5n4L2SAprDw7x33aIEXpnHCB9JETA5iuBNt%2BvGSXOtPid82WyhS3NmN%2FzI0hZXxB5Mly982%2B320ODW8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
firsatkimden3401.site/cdn-cgi/styles/ 23 KB
5 KB 41ms
41ms Stylesheet
text/css 2606:4700:3037::ac43:b373
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://firsatkimden3401.site/cdn-cgi/styles/cf.errors.css

Requested by

Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:b373 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 27 Aug 2024 19:10:22 GMT
server: cloudflare
etag: W/"66ce249e-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8bcec60e3bc2d3a6-FRA
expires: Mon, 02 Sep 2024 18:11:02 GMT

GET
H2 200 icon-exclamation.png
firsatkimden3401.site/cdn-cgi/images/ 452 B
540 B 40ms
40ms Image
image/png 2606:4700:3037::ac43:b373
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://firsatkimden3401.site/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:b373 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://firsatkimden3401.site/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Aug 2024 19:10:22 GMT
server: cloudflare
etag: "66ce249e-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8bcec60e8c92d3a6-FRA
content-length: 452
expires: Mon, 02 Sep 2024 18:11:02 GMT

GET
H2 404 favicon.ico
firsatkimden3401.site/ 808 B
782 B 61ms
61ms Other
text/html 2606:4700:3037::ac43:b373
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://firsatkimden3401.site/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:b373 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

Referer: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:02 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 21 Aug 2024 15:17:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yr%2FntEMpW2dJzMtcyZ%2FPLt2TDoRwDFrRz%2BPJmL4nBdKv8XGEHSrVW7P7Z686GH7qG6RA%2BqlewvetpygK8RORw3mCPabB0j0w37E4w7zHTLukRuu1c6eaFRzZX9VRpzxgsXoVDG6nvn4jsQNYlinNhwhDzvU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 8bcec60edd9cd3a6-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

Primary Request / Show response
firsatkimden3401.site/
Redirect Chain

https://firsatkimden3401.site/cdn-cgi/phish-bypass?atok=huOzqwai.BtRqZKix4TJXfJh717wbn3j08rDr9Li_E8-1725293462-0.0.1.1-%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_...
https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW...

156 KB
36 KB

83ms
83ms

Document
text/html

2606:4700:3037::ac43:b373
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:b373 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: c5d05896b5cd1e482f60774cfae4214dfc366355d1a175b20a73d9fbadcdcb06

Request headers

Referer: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8bcec62deb5fd3a6-FRA
content-encoding: br
content-type: text/html
date: Mon, 02 Sep 2024 16:11:07 GMT
last-modified: Mon, 02 Sep 2024 00:29:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l5R%2FmrKfGFlfjJrZK2RIQTIZXG%2BECqa0hrrLcCKw7zeGGYu%2F7tbhy51DOTSDYiBFcdOXwqoACjXQErJD6c28IwZWnSBT1ximiv1BOo9AUYdMvPLHpoW%2F%2BN%2BkMopzF93x9EmKxhyH2W1LP1b9a6Wh5Ci1tPg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PleskLin

Redirect headers

cache-control: private, no-cache
cf-ray: 8bcec62daa6cd3a6-FRA
content-length: 167
content-type: text/html
date: Mon, 02 Sep 2024 16:11:07 GMT
location: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 s.js Show response
waust.at/ 8 KB
4 KB 109ms
50ms Script
application/x-javascript 172.67.71.57
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://waust.at/s.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.71.57 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1987
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 12 Jan 2023 17:19:44 GMT
server: cloudflare
etag: W/"63c04130-2170"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EILyMobh8VkAJmd%2FT6Iy1llR4fMSyzxcfqIE%2BmEgWcB2QzDpQ6A9Z0t3ed9Mx%2F84LCMl64%2BesABod8KQSHAjZMrK7p1cbrRsw9eRar06u4xWYnUgMcb5q0De"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 8bcec62ed9df1cb9-FRA
expires: Tue, 03 Sep 2024 15:38:00 GMT

GET
H2 200 hangikredi.com.prod.js Show response
bundles.efilli.com/ 112 KB
37 KB 194ms
59ms Script
application/javascript 2606:4700:20::681a:ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bundles.efilli.com/hangikredi.com.prod.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff1e0799d9b462718726f5b01aac1bc7c146ae6bb69e527100cfb7396dbabd9e

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:08 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 03 Jul 2024 12:41:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 177
etag: W/"668546e0-1c1f4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OA4XKstz346%2Bod5I9EK3hFxljudZyXdhKLSBRGBEpmmjB1SOOdUtlBS9tuDC3yhJyAGSFZLecAm5SQ27ZxF9Sh7YP0S0jHine7m1OJ%2BdkldpLVxGQPmrA%2BdY0w%2BPjcI%2BzFHYcdVeqeADx9xr9bftjA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300, must-revalidate
cf-ray: 8bcec62f5db05d69-FRA

GET
H3 404 glide.min.js
firsatkimden3401.site/dist/js/thirdparties/ 0
0 63ms
63ms Script
text/html 172.67.179.115
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://firsatkimden3401.site/dist/js/thirdparties/glide.min.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.179.115 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:08 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 21 Aug 2024 15:17:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fs%2BB77rF0Hn%2BH0H3%2Fis%2FKdcH%2B5Mgg%2BfxxH3JUFiI6rBDs6zxG5Rb%2BgrI%2Bvbsg3MOYllvGE4E8njX3NUZ9iWrkUmleQuOYfjP5Fd4DY4rC5EIVhzzX3L1IaDtO2bClTZqm9S4RIJSgMU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 8bcec62fd9d9d38d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 index-desktop.min.css
dist-klasor.hangikredi.com/css/helpers/redirect/ 85 KB
14 KB 202ms
57ms Stylesheet
text/css 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://dist-klasor.hangikredi.com/css/helpers/redirect/index-desktop.min.css?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

0974a2a9ee0905ddf7534083b520f05da02839d46c085a5bc231ac3e193fcfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: 3ff84f6f-aa21-4b6c-8318-451c011b16c4
date: Mon, 02 Sep 2024 16:11:07 GMT
content-encoding: br
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/css/helpers/redirect/index-desktop.min.css?v=105
age: 0
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/css/helpers/redirect/index-desktop.min.css
environment: Production
elapsed: 0
x-xss-protection: 1; mode=block
x-client-ip: 213.14.10.34
x-user-agent: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/109.0.0.0 safari/537.36
last-modified: Thu, 29 Aug 2024 13:58:10 GMT
server: MNCDN-235
x-mnrequest-id: ad953dcdbe131218256184c745e5debe
etag: W/"1dafa1b7b45d0ef"
x-new-feature: 10
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7776000
varnishxxx: 32
x-mserver: DE-372

GET
H2 200 garanti.svg
cdn.hangikredi.com/images/bank/ 13 KB
5 KB 191ms
51ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/bank/garanti.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 040b7f39fee2bbf0048192cec4b229ce9e8ec5ef3721d92f366938d043a1f6b4

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Fri, 23 Dec 2022 14:31:00 GMT
server: MNCDN-235
x-mnrequest-id: e8cd0d848a44bc0a1305f8a5d51a7846
age: 1
x-edge-location: DE-372
etag: W/"3524-5f07fa2782603"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: MNCDN-2137

GET
H2 200 98c5fe96-5522-4206-b416-8c9a2263ec4d.svg
cdn.hangikredi.com/images/menu/ 1 KB
915 B 54ms
48ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/98c5fe96-5522-4206-b416-8c9a2263ec4d.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 3d7c527b7ea76fb8e20427ee88a32f752a195097d344dc96a0065b2f36495efa

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:01:24 GMT
server: MNCDN-235
x-mnrequest-id: 4f34666d0098bb024a95ccdb041c639e
age: 1
x-edge-location: DE-372
etag: W/"577-5ffd04677c718"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 431a3227-96a7-4257-9f32-9174dd7e4a6e.svg
cdn.hangikredi.com/images/menu/activemenu/ 1 KB
916 B 55ms
49ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/431a3227-96a7-4257-9f32-9174dd7e4a6e.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 834b6c224c95e067edc6d2aa781225d215154147b197f480d7fdb1914173c22d

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:48:14 GMT
server: MNCDN-235
x-mnrequest-id: 4421249f31f1636ab90579be7a0d8dd2
age: 1
x-edge-location: DE-372
etag: W/"577-5ffd0ee00b71c"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 eab6d124-9d41-43f2-8d7b-977fd504424e.svg
cdn.hangikredi.com/images/menu/ 1 KB
737 B 56ms
51ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/eab6d124-9d41-43f2-8d7b-977fd504424e.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 7b8b14d91ce8ffdd1ff0016669568af10f5204a9d751b8813cea04a6a8951740

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:10:16 GMT
server: MNCDN-235
x-mnrequest-id: e6141717d01aa27e765f1a157fd62e7e
age: 1
x-edge-location: DE-372
etag: W/"41a-5ffd06631816d"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 ff6dbb2a-acef-462c-bd03-1b788ad5c5c1.svg
cdn.hangikredi.com/images/menu/activemenu/ 1 KB
738 B 58ms
52ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/ff6dbb2a-acef-462c-bd03-1b788ad5c5c1.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: a507ce33356780fdcf262ac008237301f39c0d358d314270f322a3e3cc24b434

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:10:16 GMT
server: MNCDN-235
x-mnrequest-id: 78cc4357b70280a517f8406b7df80a46
age: 1
x-edge-location: DE-372
etag: W/"41a-5ffd066321dac"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 94f6e72b-b231-46e7-af49-e4a0a4e248ea.svg
cdn.hangikredi.com/images/menu/ 598 B
569 B 58ms
53ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/94f6e72b-b231-46e7-af49-e4a0a4e248ea.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 98e86e8f16f39b0597b55bf6de26795e811c1b898520e2d9bbdac288b4c0e44d

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:24:50 GMT
server: MNCDN-235
x-mnrequest-id: 8d0bc9fa45be3a48844bb9685d09e329
age: 1
x-edge-location: DE-372
etag: W/"256-5ffd09a4aaa73"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 87fbc85a-7b03-4d69-a276-939d41dfcbb7.svg
cdn.hangikredi.com/images/menu/activemenu/ 598 B
567 B 58ms
53ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/87fbc85a-7b03-4d69-a276-939d41dfcbb7.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 875056d8b18edfbd0911abb8642b9588b2c6dff06a6494be4d22d34a9f8ff9a6

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:24:50 GMT
server: MNCDN-235
x-mnrequest-id: b43aeec4558adda8c3bdb5eb7d0f2025
age: 1
x-edge-location: DE-372
etag: W/"256-5ffd09a4b3ee3"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 14f15d42-f949-4875-8896-2409340ce4dc.svg
cdn.hangikredi.com/images/menu/ 4 KB
1 KB 59ms
54ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/14f15d42-f949-4875-8896-2409340ce4dc.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 10fdf8279552f7460c844b2d30abc65120b368dfd75e486ad326612e456329e7

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:26:45 GMT
server: MNCDN-235
x-mnrequest-id: 0a1e8055acf0bad9d3970cfef83933aa
age: 1
x-edge-location: DE-372
etag: W/"f18-5ffd0a12d2e3b"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 e2f26ec0-cc92-475d-9b4d-f67670a44fa0.svg
cdn.hangikredi.com/images/menu/activemenu/ 4 KB
1 KB 65ms
60ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/e2f26ec0-cc92-475d-9b4d-f67670a44fa0.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 36897dbbc9ba81d2ffcbb28625085e56b8297527a3a334ed4847a2f080df81b9

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:26:45 GMT
server: MNCDN-235
x-mnrequest-id: c2709cea5d3aa77ec736f60a4aaa9d4a
age: 1
x-edge-location: DE-372
etag: W/"f18-5ffd0a12de1ea"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 1e23b02f-0b4e-4a7b-9484-eaaea58d09f9.svg
cdn.hangikredi.com/images/menu/ 2 KB
932 B 66ms
61ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/1e23b02f-0b4e-4a7b-9484-eaaea58d09f9.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 568ecb37a3e047d96c60a489a7339fea2adf532ff9315f53ada0368c425363c5

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:27:57 GMT
server: MNCDN-235
x-mnrequest-id: a7dd8f69d131831fcc90bc4b4638ecb8
age: 1
x-edge-location: DE-372
etag: W/"64c-5ffd0a56be8d9"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 d2cb7f3f-7cd7-498c-97c7-1370a153246a.svg
cdn.hangikredi.com/images/menu/activemenu/ 2 KB
933 B 101ms
96ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/d2cb7f3f-7cd7-498c-97c7-1370a153246a.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: b5ff812dad227556704ffc292079890a68483cdcd76ac169b6cc077a1cb81790

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:27:57 GMT
server: MNCDN-235
x-mnrequest-id: 5e6bb6e5d5e1ed8a33cc949c83c03845
age: 1
x-edge-location: DE-372
etag: W/"64c-5ffd0a56c8130"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 18319503-b4b2-429e-a84d-82133eef929c.svg
cdn.hangikredi.com/images/menu/ 3 KB
2 KB 102ms
97ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/18319503-b4b2-429e-a84d-82133eef929c.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 0dc47839877ba28b9635b0e9568a70a37111c8b67a837c5f80328f6c9f9cf72b

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:34:27 GMT
server: MNCDN-235
x-mnrequest-id: 70c1ce9ef0178170f1b3323ac56d7504
age: 1
x-edge-location: DE-372
etag: W/"d74-5ffd0bcafb799"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 076ba76d-b696-4ad7-a5e0-391d6a13d0de.svg
cdn.hangikredi.com/images/menu/activemenu/ 3 KB
2 KB 104ms
99ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/076ba76d-b696-4ad7-a5e0-391d6a13d0de.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: e1ac9e4670f962dd56d3219bb5d8dab3694c821c1065fca8d330da6176ffeea5

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:34:27 GMT
server: MNCDN-235
x-mnrequest-id: ac51ad2022dcfa687e3fa0888c2c5d52
age: 1
x-edge-location: DE-372
etag: W/"d74-5ffd0bcb05ba9"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 5724e6a5-7984-44ae-89fc-3ac5831cf00f.svg
cdn.hangikredi.com/images/menu/ 2 KB
1 KB 105ms
100ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/5724e6a5-7984-44ae-89fc-3ac5831cf00f.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 4b1a7328c60b61139822918071186d93b67799d9bbe660adbabcb22a9c3e71a9

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:35:17 GMT
server: MNCDN-235
x-mnrequest-id: 2872a994ef690d67119142bb0548e27e
age: 1
x-edge-location: DE-372
etag: W/"96a-5ffd0bfab701f"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 1edcc3d1-ce65-467d-b5d8-af632226fc35.svg
cdn.hangikredi.com/images/menu/activemenu/ 2 KB
1 KB 109ms
104ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/1edcc3d1-ce65-467d-b5d8-af632226fc35.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 897bdfb38ac86bcd978f4fc40c545ad90010cdc8f76f13ea0cde939e8c180dc9

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:35:17 GMT
server: MNCDN-235
x-mnrequest-id: e26e30a6eda84ac62c02bb8de2615b06
age: 1
x-edge-location: DE-372
etag: W/"96a-5ffd0bfac1bff"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 e0ff2bf9-9a4b-4608-8500-f6f3b3c348e5.svg
cdn.hangikredi.com/images/menu/ 2 KB
1 KB 109ms
105ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/e0ff2bf9-9a4b-4608-8500-f6f3b3c348e5.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: a30193619d26f9641cf93737d73f3053101409e3685a859ca9aaa6f49a413d58

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:36:22 GMT
server: MNCDN-235
x-mnrequest-id: a3951309d9b92a01964296ae793d0afc
age: 1
x-edge-location: DE-372
etag: W/"704-5ffd0c387cf74"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 2f31f224-8f31-41cd-a349-ffbd43d23f51.svg
cdn.hangikredi.com/images/menu/activemenu/ 2 KB
1 KB 113ms
108ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/2f31f224-8f31-41cd-a349-ffbd43d23f51.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 991291da5d2ba1cc957841e19485b3705cfc59164db6edd4b6f6ee255ce94932

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:36:22 GMT
server: MNCDN-235
x-mnrequest-id: a9d2b3551e9ac6458a59149f12e62894
age: 1
x-edge-location: DE-372
etag: W/"704-5ffd0c3885c13"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 3b9b9a30-4235-46cc-bd49-f3c04d43c1aa.svg
cdn.hangikredi.com/images/menu/ 1 KB
893 B 110ms
105ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/3b9b9a30-4235-46cc-bd49-f3c04d43c1aa.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: b997d146d3cd6d70573d6ef2c33d054f7fee9e1605c5794fffcaaf98a086d401

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:37:04 GMT
server: MNCDN-235
x-mnrequest-id: 356e00afc709d518ed1b92a734b9a1d7
age: 1
x-edge-location: DE-372
etag: W/"4cd-5ffd0c6059a35"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 08d72c9e-9885-4516-aa90-4de8d8c001d4.svg
cdn.hangikredi.com/images/menu/activemenu/ 1 KB
894 B 111ms
107ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/08d72c9e-9885-4516-aa90-4de8d8c001d4.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 7163a7d63c1de2bf1e674242587e99a21a9456c5b009b92e99f73b333e45427e

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:37:04 GMT
server: MNCDN-235
x-mnrequest-id: 8c4450a4c083b0a590c3f47998ccfc38
age: 1
x-edge-location: DE-372
etag: W/"4cd-5ffd0c6066d24"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 60dcec3b-bdd9-41be-a9c1-4ea6985f5ea3.svg
cdn.hangikredi.com/images/menu/ 1 KB
810 B 118ms
113ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/60dcec3b-bdd9-41be-a9c1-4ea6985f5ea3.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 7a0f69b88e342930581723071d96b2f1fa6045e717827ff49918fe454acd18f7

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:38:06 GMT
server: MNCDN-235
x-mnrequest-id: c994f8711a58b8ae5894b6d8d6639c2a
age: 1
x-edge-location: DE-372
etag: W/"42d-5ffd0c9c1a06b"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 67d8fbb9-329f-45a9-a901-707111bfda0c.svg
cdn.hangikredi.com/images/menu/activemenu/ 1 KB
810 B 114ms
110ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/67d8fbb9-329f-45a9-a901-707111bfda0c.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 4696f810213cd2334086b5ccb7f70d622533bc31b8295dabecfef0a7ddda8cfc

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:38:06 GMT
server: MNCDN-235
x-mnrequest-id: 7b285a31a1c3799c5950abb33959afcf
age: 1
x-edge-location: DE-372
etag: W/"42d-5ffd0c9c21982"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 9ee0d2c3-c9cd-4d99-a9ce-4bcae55ee8c2.svg
cdn.hangikredi.com/images/menu/ 3 KB
1 KB 115ms
111ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/9ee0d2c3-c9cd-4d99-a9ce-4bcae55ee8c2.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: f39a8eead81d355d137c8639c646639f11cb03022a2df46ffdc45555e906d1ab

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:39:24 GMT
server: MNCDN-235
x-mnrequest-id: 2c10ac2c37ba37bf754b0121cb53e97e
age: 1
x-edge-location: DE-372
etag: W/"a97-5ffd0ce5c8851"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 55079d2b-7b69-48c3-9d9f-2d93031e2fb5.svg
cdn.hangikredi.com/images/menu/activemenu/ 3 KB
1 KB 115ms
112ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/55079d2b-7b69-48c3-9d9f-2d93031e2fb5.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 8dc2962102d46856515ee2afda7fde57c4cc0822917b941f9aecd8704aa07e6f

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:39:24 GMT
server: MNCDN-235
x-mnrequest-id: cf911dec63de02a31c054382e1836ada
age: 1
x-edge-location: DE-372
etag: W/"a97-5ffd0ce5d3431"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 ada76216-8441-4357-a0a9-6c4c676153aa.svg
cdn.hangikredi.com/images/menu/ 1 KB
841 B 116ms
113ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/ada76216-8441-4357-a0a9-6c4c676153aa.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 70da82f9d401292acc9c2ed28d6f3bb3d7d07737b4cc4f47a1264559730f05bd

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:40:00 GMT
server: MNCDN-235
x-mnrequest-id: f6c79b2ea2a57f3a8ebacc38f3d7bdc5
age: 1
x-edge-location: DE-372
etag: W/"54c-5ffd0d08b6c2c"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 d1cdfd1b-a9c2-40b2-b0e0-dd56168d2712.svg
cdn.hangikredi.com/images/menu/activemenu/ 1 KB
844 B 116ms
113ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/d1cdfd1b-a9c2-40b2-b0e0-dd56168d2712.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: e0ac09a5a5a7c5bc380ed976d13a1211653ee8368f5bc9297f5c4c9f44d7d1a4

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:40:00 GMT
server: MNCDN-235
x-mnrequest-id: cd5a11c5956c4a06929afb68aa60d056
age: 1
x-edge-location: DE-372
etag: W/"54c-5ffd0d08bfcb4"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 5abaee43-c7de-4449-9566-b6272f85362f.svg
cdn.hangikredi.com/images/menu/ 670 B
665 B 117ms
113ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/5abaee43-c7de-4449-9566-b6272f85362f.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 2fdb3bc7fa950d90a3487b805e336ecdba2b18232847bd404b80c0ffae8a81e7

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:40:47 GMT
server: MNCDN-235
x-mnrequest-id: 6374d2db0824ba5f4476a8c3947db3aa
age: 1
x-edge-location: DE-372
etag: W/"29e-5ffd0d350654b"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 f0216f85-1aca-4a78-be65-7dd3a1bd2d0a.svg
cdn.hangikredi.com/images/menu/activemenu/ 670 B
664 B 117ms
113ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/f0216f85-1aca-4a78-be65-7dd3a1bd2d0a.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 2e704f6ed14d9241b7b231338d07ae0f5472d50a47cf3c903172ca194a921d7a

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:40:47 GMT
server: MNCDN-235
x-mnrequest-id: 63df6b13468e151f4c8ec793dab53e76
age: 1
x-edge-location: DE-372
etag: W/"29e-5ffd0d351095a"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 c619b310-f678-4ff3-9206-0b5268bc1d61.svg
cdn.hangikredi.com/images/menu/ 1 KB
1 KB 117ms
114ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/c619b310-f678-4ff3-9206-0b5268bc1d61.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 1a9b390d05acee00c923434c219dabdf5e0b74763d2357408e83749c2991d8ec

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
content-encoding: br
last-modified: Fri, 24 May 2024 13:54:50 GMT
server: MNCDN-235
x-mnrequest-id: 37fbf349f2ada49182b08acbef21cade
age: 1
x-edge-location: DE-372
etag: W/"569-6193382ee08f4"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 644eb132-7aa8-4855-ac98-78d44112a5b0.svg
cdn.hangikredi.com/images/menu/activemenu/ 1 KB
1 KB 117ms
114ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/644eb132-7aa8-4855-ac98-78d44112a5b0.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 5cb17e134764e46e029d700a8b6b60bb8c2ae3a9499c3a49fa0245fd912c73fc

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
content-encoding: br
last-modified: Fri, 24 May 2024 13:54:50 GMT
server: MNCDN-235
x-mnrequest-id: 336b20554aaecf88efd1f4511b48c8fc
age: 1
x-edge-location: DE-372
etag: W/"569-6193382eefb24"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 ccaf9c3c-4522-4b97-af5c-28f81bcce707.svg
cdn.hangikredi.com/images/menu/ 4 KB
1 KB 118ms
114ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/ccaf9c3c-4522-4b97-af5c-28f81bcce707.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: e612bbb5cea5c672daa11cbd0f03b6025c2e020401b3a89d0488613b28b1b61b

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:43:42 GMT
server: MNCDN-235
x-mnrequest-id: 18df67a429436c9049e15804ceacc959
age: 1
x-edge-location: DE-372
etag: W/"ed4-5ffd0ddbf733a"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 1040d074-d127-49c2-8304-24f451ecaa77.svg
cdn.hangikredi.com/images/menu/activemenu/ 4 KB
1 KB 118ms
115ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/1040d074-d127-49c2-8304-24f451ecaa77.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: cdd5ba06ab8aba4acf943b6772bb0d7d89f96af30de6640f0348f4e8f0c22ce2

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:43:42 GMT
server: MNCDN-235
x-mnrequest-id: f538c84d4cbd12a9c02424fc8a83fa79
age: 1
x-edge-location: DE-372
etag: W/"ed4-5ffd0ddbfffda"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 cb26a611-1978-4ac4-a46b-f48890869cdb.svg
cdn.hangikredi.com/images/menu/ 5 KB
2 KB 120ms
117ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/cb26a611-1978-4ac4-a46b-f48890869cdb.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: ffe8da8b5f6348be8280e7f950393611c7f0b57d245989aab8bb78785a7177e8

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:44:55 GMT
server: MNCDN-235
x-mnrequest-id: 33949a3cf13fda9fdd9e24bca2f251e8
age: 1
x-edge-location: DE-372
etag: W/"1286-5ffd0e21f1b66"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 f1645b46-92f2-4b11-9a43-633bfe425063.svg
cdn.hangikredi.com/images/menu/activemenu/ 5 KB
2 KB 120ms
117ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/activemenu/f1645b46-92f2-4b11-9a43-633bfe425063.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: 3dcd58ead509fc4a00c01de7910bcf6b8453f2b1934210b832b676fcf4549cbc

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 12:44:55 GMT
server: MNCDN-235
x-mnrequest-id: 9c3a87d328c0adb587ac4c14ca5cf21d
age: 1
x-edge-location: DE-372
etag: W/"1286-5ffd0e21f9c4e"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 5e2d760e-ad4e-4f50-959b-f803d32cce7d.svg
cdn.hangikredi.com/images/menu/ 1 KB
1000 B 126ms
123ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.hangikredi.com/images/menu/5e2d760e-ad4e-4f50-959b-f803d32cce7d.svg
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-235 /
Resource Hash: bb81beddec7b4e8eb0613a8d5e8482c33e5cd58f3fe7462e689dd57eddc97ed7

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 153
content-encoding: br
last-modified: Thu, 06 Jul 2023 14:21:55 GMT
server: MNCDN-235
x-mnrequest-id: 324752d458ed867206136ef96cd0cdc1
age: 1
x-edge-location: DE-372
etag: W/"572-5ffd23d027265"
x-cache-status: Edge : HIT,
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=7776000
x-mserver: DE-372

GET
H2 200 hk-new-logo.png
dist-klasor.hangikredi.com/images/ 2 KB
2 KB 54ms
51ms Image
image/webp 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dist-klasor.hangikredi.com/images/hk-new-logo.png?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

c23c1d0706a3d447b666c50a727ea1d47ee4b5ca60e153ca4e64a29ed5e910e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: 025f5603-2b1d-466e-b898-0d6bdbceb625
date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/images/hk-new-logo.png?v=105
age: 1
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/hk-new-logo.png
environment: Production
elapsed: 0
content-length: 1608
x-xss-protection: 1; mode=block
x-client-ip: 95.14.75.231
x-user-agent: mozilla/5.0 (linux; android 13; 2310fpca4g build/tp1a.220624.014; wv) applewebkit/537.36 (khtml, like gecko) version/4.0 chrome/128.0.6613.54 mobile safari/537.36 [fb_iab/fb4a;fbav/478.0.0.41.86;]
last-modified: Thu, 29 Aug 2024 13:57:27 GMT
server: MNCDN-235
x-mnrequest-id: cdfcba5c010f39906351f4e1eac92b2d
x-new-feature: 12
content-type: image/webp
xet-cookie
cache-control: max-age=7776000
varnishxxx: 31
x-mserver: DE-372

GET
H2 200 placeholder.png
dist-klasor.hangikredi.com/images/ 72 B
707 B 59ms
56ms Image
image/webp 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dist-klasor.hangikredi.com/images/placeholder.png?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

a401bf42b76acb849a8a0852f293b536d7b0fc6433aa5bf3c74afe1576203878

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: bf5972dd-63f8-4eca-84d3-51d5ec7a9bbf
date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/images/placeholder.png?v=105
age: 1
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/placeholder.png
environment: Production
elapsed: 1
content-length: 72
x-xss-protection: 1; mode=block
x-client-ip: 149.140.237.246
x-user-agent: mozilla/5.0 (iphone; cpu iphone os 17_6_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.6 mobile/15e148 safari/604.1
last-modified: Thu, 29 Aug 2024 13:57:27 GMT
server: MNCDN-235
x-mnrequest-id: d42c96b4a95b9836f9cc1b281411cdaa
x-new-feature: 5
content-type: image/webp
xet-cookie
cache-control: max-age=7776000
varnishxxx: 31
x-mserver: DE-372

GET
H2 200 modal-close.svg
dist-klasor.hangikredi.com/images/ 695 B
1 KB 60ms
58ms Image
image/svg+xml 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dist-klasor.hangikredi.com/images/modal-close.svg?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

a5d06301506088b59508e8e33e093ac271940f2d540068e60169c9f9fa01ba4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: d1f47252-7d90-415c-bcf9-e1f8e6360d01
date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
content-encoding: br
x-backend: hangikredi-revolution
x-referrer: /dist/images/modal-close.svg?v=105
age: 0
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/modal-close.svg
environment: Production
elapsed: 0
x-xss-protection: 1; mode=block
x-client-ip: 95.14.75.231
x-user-agent: mozilla/5.0 (linux; android 13; 2310fpca4g build/tp1a.220624.014; wv) applewebkit/537.36 (khtml, like gecko) version/4.0 chrome/128.0.6613.54 mobile safari/537.36 [fb_iab/fb4a;fbav/478.0.0.41.86;]
last-modified: Thu, 29 Aug 2024 13:57:27 GMT
server: MNCDN-235
x-mnrequest-id: 378b64846eb1fa63820da33ad723d5c7
etag: W/"1dafa1b61a33f37"
x-new-feature: 12
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
xet-cookie
cache-control: max-age=7776000
varnishxxx: 32
x-mserver: DE-372

GET
H3 404 global-info.js
firsatkimden3401.site/dist/js/ 0
0 71ms
69ms Script
text/html 172.67.179.115
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://firsatkimden3401.site/dist/js/global-info.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.179.115 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:08 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 21 Aug 2024 15:17:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ckkDKSf%2B3BWe50ZVvAwnJp1XRCZ2u5icbS5M0GGrecchbOOrUUMdp6jCJ8ty0hMc2oGvDY6U2dcEWI%2FgfKHeO%2BMAlB%2BwIvVfUolux%2FSnDYF5cWCj1rkx5iYsmWSqaU83lOeXKwhclTo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 8bcec62ffa3cd38d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 454 KB
128 KB 158ms
69ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K3KM5Z

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

33e2835ded4e5115ebb4887dd38eb83ff6857af771f54fafacb068aaffd43071

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130206
x-xss-protection: 0
last-modified: Mon, 02 Sep 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 02 Sep 2024 16:11:08 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 170ms
49ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Host: dist-klasor.hangikredi.com
URL: https://dist-klasor.hangikredi.com/css/helpers/redirect/index-desktop.min.css?v=105

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dist-klasor.hangikredi.com/
Origin: https://firsatkimden3401.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 27 Aug 2024 00:00:54 GMT
x-content-type-options: nosniff
age: 576614
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14880
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Aug 2025 00:00:54 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 200ms
79ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: dist-klasor.hangikredi.com
URL: https://dist-klasor.hangikredi.com/css/helpers/redirect/index-desktop.min.css?v=105

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dist-klasor.hangikredi.com/
Origin: https://firsatkimden3401.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 27 Aug 2024 10:13:29 GMT
x-content-type-options: nosniff
age: 539859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14380
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Aug 2025 10:13:29 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFW50bbck.woff2
fonts.gstatic.com/s/opensans/v18/ 11 KB
11 KB 213ms
92ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFW50bbck.woff2

Requested by

Host: dist-klasor.hangikredi.com
URL: https://dist-klasor.hangikredi.com/css/helpers/redirect/index-desktop.min.css?v=105

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28e9420a6d03a70b837b51c9fbe1bb1f819a3d4aa71bffa07f7c3e79d7dcf878

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dist-klasor.hangikredi.com/
Origin: https://firsatkimden3401.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:55:32 GMT
x-content-type-options: nosniff
age: 342936
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Aug 2025 16:55:32 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOXOhpOqc.woff2
fonts.gstatic.com/s/opensans/v18/ 11 KB
12 KB 161ms
40ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOXOhpOqc.woff2

Requested by

Host: dist-klasor.hangikredi.com
URL: https://dist-klasor.hangikredi.com/css/helpers/redirect/index-desktop.min.css?v=105

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9d8ea031a330add9781fc795e3eb65238b4f3501647ea40558035d5d5fad268

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dist-klasor.hangikredi.com/
Origin: https://firsatkimden3401.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 31 Aug 2024 01:23:41 GMT
x-content-type-options: nosniff
age: 226047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11724
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 31 Aug 2025 01:23:41 GMT

GET
H2 200 footer-etbis.png
dist-klasor.hangikredi.com/images/ 10 KB
10 KB 53ms
51ms Image
image/webp 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dist-klasor.hangikredi.com/images/footer-etbis.png?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

1a2e991b47d65ed1d05a56781dcd0d31cadc033f6d837eee8df35d8da0659255

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: 67c7707c-ce46-4741-bdd1-f23da85cc9b9
date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/images/footer-etbis.png?v=105
age: 1
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/footer-etbis.png
environment: Production
elapsed: 0
content-length: 9928
x-xss-protection: 1; mode=block
x-client-ip: 78.187.233.189
x-user-agent: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/128.0.0.0 safari/537.36 edg/128.0.0.0
last-modified: Thu, 29 Aug 2024 13:57:27 GMT
server: MNCDN-235
x-mnrequest-id: faf2a9402575ae1b28fd87f860f7cc49
x-new-feature: 0
content-type: image/webp
xet-cookie
cache-control: max-age=7776000
varnishxxx: 32
x-mserver: DE-372

GET
H2 200 footer-kvkk.png
dist-klasor.hangikredi.com/images/ 1 KB
2 KB 58ms
56ms Image
image/webp 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dist-klasor.hangikredi.com/images/footer-kvkk.png?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

392fa277419aeda194405d4580953251b5e3d899ff9934a2dfede49f91e2404c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: 482c0b21-fa8a-4094-b9b6-1b4aa2b0fa89
date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/images/footer-kvkk.png?v=105
age: 1
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/footer-kvkk.png
environment: Production
elapsed: 0
content-length: 1476
x-xss-protection: 1; mode=block
x-client-ip: 78.187.233.189
x-user-agent: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/128.0.0.0 safari/537.36 edg/128.0.0.0
last-modified: Thu, 29 Aug 2024 13:57:27 GMT
server: MNCDN-235
x-mnrequest-id: 9550f1fe5a3e543458514c68e3aaac0e
x-new-feature: 0
content-type: image/webp
xet-cookie
cache-control: max-age=7776000
varnishxxx: 31
x-mserver: DE-372

GET
H2 200 footer-isae3402.png
dist-klasor.hangikredi.com/images/ 2 KB
2 KB 59ms
57ms Image
image/webp 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dist-klasor.hangikredi.com/images/footer-isae3402.png?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

882d06191f84d5be3fb1a016c7a29f3c8070296633d51928363383dc239cdfa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: 306f31a3-2969-4886-aaeb-428b35230228
date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/images/footer-isae3402.png?v=105
age: 1
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/footer-isae3402.png
environment: Production
elapsed: 1
content-length: 1552
x-xss-protection: 1; mode=block
x-client-ip: 78.187.233.189
x-user-agent: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/128.0.0.0 safari/537.36 edg/128.0.0.0
last-modified: Thu, 29 Aug 2024 13:57:27 GMT
server: MNCDN-235
x-mnrequest-id: 9abd94fb2b7c904b55196d881854756a
x-new-feature: 0
content-type: image/webp
xet-cookie
cache-control: max-age=7776000
varnishxxx: 32
x-mserver: DE-372

GET
H2 200 footer-iso.png
dist-klasor.hangikredi.com/images/ 1 KB
2 KB 61ms
59ms Image
image/webp 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dist-klasor.hangikredi.com/images/footer-iso.png?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

40cd26b705f3f15768b84a576a42e0262c80a95c6d037838ee1881e17b7c1fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: d95ec2bb-5b21-4d69-8846-e286e1c7894c
date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/images/footer-iso.png?v=105
age: 1
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/footer-iso.png
environment: Production
elapsed: 0
content-length: 1410
x-xss-protection: 1; mode=block
x-client-ip: 78.187.233.189
x-user-agent: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/128.0.0.0 safari/537.36 edg/128.0.0.0
last-modified: Thu, 29 Aug 2024 13:57:27 GMT
server: MNCDN-235
x-mnrequest-id: f19e65cbdc63606869c9d99e5b89fd37
x-new-feature: 0
content-type: image/webp
xet-cookie
cache-control: max-age=7776000
varnishxxx: 32
x-mserver: DE-372

GET
H2 200 footer-ssl.png
dist-klasor.hangikredi.com/images/ 978 B
2 KB 90ms
88ms Image
image/webp 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dist-klasor.hangikredi.com/images/footer-ssl.png?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

8608a528a1475a7ecd5a9d97bab2c8b6e9fae5165cb00e6d7e5eca6f87860fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: d2823b3a-02f3-43a6-b31d-4152be56069e
date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/images/footer-ssl.png?v=105
age: 1
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/footer-ssl.png
environment: Production
elapsed: 0
content-length: 978
x-xss-protection: 1; mode=block
x-client-ip: 78.187.233.189
x-user-agent: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/128.0.0.0 safari/537.36 edg/128.0.0.0
last-modified: Thu, 29 Aug 2024 13:57:27 GMT
server: MNCDN-235
x-mnrequest-id: 092be7fd06eaac2985dce8ea433aac27
x-new-feature: 0
content-type: image/webp
xet-cookie
cache-control: max-age=7776000
varnishxxx: 32
x-mserver: DE-372

GET
H2 200 footer-ilab.png
dist-klasor.hangikredi.com/images/ 604 B
1 KB 89ms
88ms Image
image/webp 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dist-klasor.hangikredi.com/images/footer-ilab.png?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

1e10348a61157f330720723b41b9b2617ed96a2a2db5e9cb196ef6964c2d4b2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: 2d55381e-d2a7-486d-a2f5-bdaf114399e9
date: Mon, 02 Sep 2024 16:11:07 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/images/footer-ilab.png?v=105
age: 2
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/footer-ilab.png
environment: Production
elapsed: 0
content-length: 604
x-xss-protection: 1; mode=block
x-client-ip: 78.187.233.189
x-user-agent: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/128.0.0.0 safari/537.36 edg/128.0.0.0
last-modified: Thu, 29 Aug 2024 13:57:27 GMT
server: MNCDN-235
x-mnrequest-id: c668e13ef72f8f969f661fe7594442ef
x-new-feature: 0
content-type: image/webp
xet-cookie
cache-control: max-age=7776000
varnishxxx: 31
x-mserver: DE-372

GET
H2 200 no-extend.min.js Show response
dist-klasor.hangikredi.com/js/prod/ 144 KB
27 KB 99ms
98ms Script
text/javascript 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://dist-klasor.hangikredi.com/js/prod/no-extend.min.js?v=105

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

a278632968026b09d8147fcafc6d1c2d3622ad74ac27e9fd33d27d8c5a40d030

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: ebfe0cd8-0e2e-422d-8681-860de0d308c8
date: Mon, 02 Sep 2024 16:11:07 GMT
content-encoding: br
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/js/prod/no-extend.min.js?v=105
age: 0
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/js/prod/no-extend.min.js
environment: Production
elapsed: 0
x-xss-protection: 1; mode=block
x-client-ip: 66.249.70.196
x-user-agent: mozilla/5.0 applewebkit/537.36 (khtml, like gecko; compatible; googlebot/2.1; +http://www.google.com/bot.html) chrome/127.0.6533.99 safari/537.36
last-modified: Thu, 29 Aug 2024 13:58:59 GMT
server: MNCDN-235
x-mnrequest-id: 1296e9eb118008af3b85aca3bb16bdf9
etag: W/"1dafa1b987b6d5d"
x-new-feature: 10
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=7776000
varnishxxx: 32
x-mserver: DE-372

GET KVKK.png
dist-klasor.hangikredi.com/images/ 0
0

GET
H3 200 / Show response
whos.amung.us/pingjs/ 25 B
210 B 330ms
259ms Script
text/javascript 172.67.8.141
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://whos.amung.us/pingjs/?k=themis8&t=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&c=s&x=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&y=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&a=0&d=0.453&v=27&r=7465
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.8.141 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f810cade896a6215ef3b0ec000031890c444e1f7ced1fbb2872a5920dbc157c

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:08 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8bcec630ee580482-FRA
alt-svc: h3=":443"; ma=86400
content-type: text/javascript;charset=UTF-8

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 293 KB
100 KB 56ms
55ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1QPJPKCB3G&l=dataLayer&cx=c

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1eead9d70e9b2ca9a45fdab0216267796e8d1659740a2ba273548c3479971f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 102201
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 02 Sep 2024 16:11:08 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 243 KB
86 KB 58ms
58ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-971537583&l=dataLayer&cx=c

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c0121ed610fe1f41cad64cf0bc48fb5e566ab11e37ec1dd2f1c4894d929c6f3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88161
x-xss-protection: 0
last-modified: Mon, 02 Sep 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 02 Sep 2024 16:11:08 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 96ms
40ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 02 Sep 2024 16:11:08 GMT
document-policy: force-load-at-top
x-fb-server-load: 49
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58936
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=43, rtx=0, c=23, mss=1232, tbw=4286, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: 2fbUuST8Yqznw7HS5Ank6NRct+YH2ARrtdO+lWcJ5HJT/j0iNksUBzqOZAyF1O+m/NR5TtTVy1/38zrGR58Kpw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK hangipixel.js Show response
isortagim.hangikredi.com/content/ 13 KB
6 KB 310ms
73ms Script
application/javascript 176.235.128.37
TELLCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://isortagim.hangikredi.com/content/hangipixel.js?t=v116564608000001725321600000
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.235.128.37 Istanbul, Turkey, ASN34984 (TELLCOM-AS, TR),
Reverse DNS: test.hangikredi.com.128.235.176.in-addr.arpa
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 82b35ca5b7fad192706e05fc786774be20fac78d1df15f4c7171ee02e1f4e0be

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 02 Sep 2024 16:11:08 GMT
Via: NS-CACHE-10.0: 154
Content-Encoding: gzip
Last-Modified: Fri, 03 Nov 2023 08:14:29 GMT
Server: Microsoft-IIS/10.0
Age: 1
ETag: "80a044c42deda1:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type,Cache-Control
Content-Length: 5237

GET
H2 200 wzq0zSCQVti7ckin0WUs.js Show response
tags.creativecdn.com/ 4 KB
2 KB 152ms
41ms Script
application/javascript 2a02:6ea0:c700::19
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.creativecdn.com/wzq0zSCQVti7ckin0WUs.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a18ebd731b20d7404e2eed45ad15a0e9068ec7c4eb6d95da6727c086e366227d

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 02 Sep 2024 16:11:08 GMT
content-encoding: gzip
x-accel-date-max: 1721302616
x-guploader-uploadid: ACJd0No-dh5o_unOL6SXULAaPmArhaqJyoaVkI8OH5gYCfJOb8EjoMRD6imXwUrqo1XOz51oJ5zpjRWlxg
x-77-cache: HIT
x-cache: HIT
x-goog-storage-class: STANDARD
x-guploader-response-body-transformations: gunzipped
x-goog-metageneration: 4
x-goog-stored-content-encoding: gzip
x-age: 2509
x-accel-date: 1725290959
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-77-nzt: EgwBw7WqEQH3zQkAAAwBJRPCLgH3LQAAAA
x-accel-expires: @1725294498
x-77-age: 2509
last-modified: Wed, 12 Apr 2023 14:55:24 GMT
server: CDN77-Turbo
etag: W/"7dd71e4b922b44d4a1b639cea2047fcd"
x-77-nzt-ray: 4c15622492d8fb629ce3d5662ce42b22
vary: Accept-Encoding
x-goog-generation: 1681311324263432
content-type: application/javascript
x-goog-hash: crc32c=U/iOdA==, md5=fdceS5IrRNShtjnOogR/zQ==
cache-control: public, max-age=3600
warning: 214 UploadServer gunzipped
x-goog-stored-content-length: 1741
expires: Thu, 18 Jul 2024 12:36:11 GMT

GET
H2 200 pa-659f8bcadaab420012000558.js Show response
rum-static.pingdom.net/ 6 KB
3 KB 144ms
52ms Script
application/javascript 2606:4700:10::6816:3668
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-static.pingdom.net/pa-659f8bcadaab420012000558.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3668 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2c691345beb60be6c2b8c60de29573a76651b9fb54a75dec7d02c71b0f7e8cb

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:08 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 14 Oct 2022 06:22:28 GMT
server: cloudflare
age: 116
etag: W/"63490024-1852"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 8bcec6327fdd9758-FRA
expires: Mon, 02 Sep 2024 16:14:12 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 146ms
48ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-1QPJPKCB3G&gtm=45je48s0v9126711584z86989590za200zb6989590&_p=1725293468127&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=972998280.1725293469&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&dt=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&dr=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&sid=1725293468&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=2&ep.pageType=Application&ep.page_name=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&ep.page_category=Kredi&ep.page_midcategory=%C4%B0htiya%C3%A7%20Kredisi&ep.page_subcategory=Yonlendirme&ep.server_code=hangikredistore-86c6dfd7db-b8mls&ep.bot_status=&ep.time_stamp=2024-09-02T18%3A11%3A08.442%2B02%3A00&ep.cd_useragent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F128.0.0.0%20Safari%2F537.36&ep.pipelineName=store-1.hangikredi.com&ep.cd_sessionId=7ccd8344-a4f3-4ccc-a589-655212325ebe&up.=&tfd=821
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://firsatkimden3401.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
258 B 157ms
51ms Ping
text/plain 2a00:1450:400c:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-1QPJPKCB3G&cid=972998280.1725293469&gtm=45je48s0v9126711584z86989590za200zb6989590&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1QPJPKCB3G&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://firsatkimden3401.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 134ms
76ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-1QPJPKCB3G&cid=972998280.1725293469&gtm=45je48s0v9126711584z86989590za200zb6989590&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=1776758632

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 439 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 781954915193091 Show response
connect.facebook.net/signals/config/ 47 KB
10 KB 191ms
191ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/781954915193091?v=2.9.166&r=stable&domain=firsatkimden3401.site&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

8fc84be20bc9551a223e82ffbdb302f0525f48daa2021010b10ebdd9e65e6f22

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 02 Sep 2024 16:11:08 GMT
document-policy: force-load-at-top
x-fb-server-load: 73
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=74, mss=1232, tbw=66956, tp=63, tpl=0, uplat=150, ullat=0
pragma: public
x-fb-debug: DKGdCqIFMfi2vAoF5wZgIT4ESvjK2zD7hyIDJr6Lw2quQLQnKQy8Q/6ptOdFzd0Xx5tqRVnacz2Ev/X1aFxjVA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2

204

v2 Show response
ams.creativecdn.com/tags/
Redirect Chain

https://ams.creativecdn.com/tags/v2?type=json
https://ams.creativecdn.com/tags/v2?type=json&tc=1

0
175 B

43ms
42ms

Fetch

185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://ams.creativecdn.com/tags/v2?type=json&tc=1
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: https://firsatkimden3401.site
vary: Origin
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:08 GMT, Mon, 02 Sep 2024 16:11:08 GMT
access-control-max-age: 3600
vary: Origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
access-control-allow-origin: https://firsatkimden3401.site
access-control-allow-methods: GET, POST
location: https://ams.creativecdn.com/tags/v2?type=json&tc=1
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT

OPTIONS
H2 200 v2
ams.creativecdn.com/tags/ Frame 0
0 125ms
39ms Preflight 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://ams.creativecdn.com/tags/v2?type=json
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://firsatkimden3401.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://firsatkimden3401.site
access-control-max-age: 3600
content-length: 0
date: Mon, 02 Sep 2024 16:11:08 GMT
vary: Origin

POST
H/1.1 204
No Content /
reporting.hangikredi.com/pixel/api/v1/ 0
119 B 234ms
73ms Ping
text/plain 176.235.128.34
TELLCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://reporting.hangikredi.com/pixel/api/v1/?id=HangiKredi-123qwe&uid=5-lgpxmd2e-m0l76ogl&ev=viewPage&ed=%7B%22params%22%3A%7B%22pageType%22%3A%22Application%22%7D%2C%22customData%22%3A%7B%22pageMidCategory%22%3A%22%C4%B0htiya%C3%A7%20Kredisi%22%7D%7D&v=5&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&rl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ts=1725293468758&de=UTF-8&sr=1600x1200&vp=1600x1200&cd=24&dt=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&bn=Chrome%20128&md=false&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F128.0.0.0%20Safari%2F537.36&tz=-120&utm_source=ig&utm_medium=paid&utm_term=120210551539140408&utm_content=120210551539190408&utm_campaign=120210551539100408&ssrc=ig%2Fpaid%2F120210551539100408&lndssrc=ig%2Fpaid%2F120210551539100408&hktrxid=120210551539190408&hktrxid_mr=120210551539190408&ssid=5-su88its5-m0l76ogl&lndssid=5-su88its5-m0l76ogl
Requested by: Host: isortagim.hangikredi.com
URL: https://isortagim.hangikredi.com/content/hangipixel.js?t=v116564608000001725321600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.235.128.34 Istanbul, Turkey, ASN34984 (TELLCOM-AS, TR),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Date: Mon, 02 Sep 2024 16:11:08 GMT
Server: nginx/1.18.0 (Ubuntu)

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 129ms
40ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=781954915193091&ev=PageView&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&rl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&if=false&ts=1725293468794&sw=1600&sh=1200&v=2.9.166&r=stable&ec=0&o=12316&fbc=fb.1.1725293468791.PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&fbp=fb.1.1725293468793.413922729219361479&cdl=API_unavailable&it=1725293468593&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=10, mss=1297, tbw=2800, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 02 Sep 2024 16:11:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 304ms
215ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=781954915193091&ev=PageView&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&rl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&if=false&ts=1725293468794&sw=1600&sh=1200&v=2.9.166&r=stable&ec=0&o=12316&fbc=fb.1.1725293468791.PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&fbp=fb.1.1725293468793.413922729219361479&cdl=API_unavailable&it=1725293468593&coo=false&rqm=FGET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x78b0fe0e31732005","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:6254108411369477","7830:6254108411369477","10853:6254108411369477","41:6254108411369477","8046:6254108411369477"]},"debug_reporting":true,"debug_key":"1"}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Mon, 02 Sep 2024 16:11:09 GMT
x-fb-server-load: 40
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7410079021370778968", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=12, mss=1297, tbw=3118, tp=-1, tpl=-1, uplat=173, ullat=0
pragma: no-cache
x-fb-debug: GYM/UUQVTlRmq1b7QELE89QFxSsEaArto29d4ZWxZ4Z9KhVuxTFX9Et+g5eu720boL5g5/MSzidrY1PCTRJOhg==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7410079021370778968"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

OPTIONS
H2 200 v2
ams.creativecdn.com/tags/ Frame 0
0 39ms
39ms Preflight 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://ams.creativecdn.com/tags/v2?type=json&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://firsatkimden3401.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://firsatkimden3401.site
access-control-max-age: 3600
content-length: 0
date: Mon, 02 Sep 2024 16:11:08 GMT
vary: Origin

GET
H2 200 nr-spa-1.263.0.min.js Show response
js-agent.newrelic.com/ 109 KB
31 KB 153ms
47ms Script
application/javascript 2602:816:5001::39
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1.263.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2602:816:5001::39 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a974fe46929964e7412266b8e9875d6bde9a2ea653f4575545816411ebbf1d3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://firsatkimden3401.site/
Origin: https://firsatkimden3401.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 29419
date: Mon, 02 Sep 2024 16:11:09 GMT
content-encoding: br
strict-transport-security: max-age=300
last-modified: Thu, 25 Jul 2024 23:28:25 GMT
etag: "251fca68c40d5bfc49721a4b1d3a8b47"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 31897
x-served-by: cache-mxp6968-MXP

GET
H2 200 Visilabs.min.js Show response
avlsh.visilabs.net/4E5034696D4D2B304C556B3D/4433466F6150594E6E78773D/ 264 KB
97 KB 253ms
83ms Script
text/javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://avlsh.visilabs.net/4E5034696D4D2B304C556B3D/4433466F6150594E6E78773D/Visilabs.min.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: a8fab85b0f39cfe895e2410d94692dfc14926334cc35b369b61b2afbf49bca1a

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Mon, 02 Sep 2024 16:11:09 GMT
content-encoding: br
last-modified: Thu, 29 Aug 2024 07:58:20 GMT
vary: Accept-Encoding
x-azure-ref: 20240902T161109Z-166b9c58d6cvlctrk6e8mrbn5800000005800000000006sv
content-type: text/javascript
x-ms-request-id: e188045d-001e-0023-68e9-f96554000000
cache-control: public, max-age=8640000
x-cache: TCP_HIT
x-ms-version: 2009-09-19
x-fd-int-roxy-purgeid: 75225428

GET
H2

204

https://region1.analytics.google.com/g/collect?v=2&tid=G-1QPJPKCB3G&gtm=45je48s0v9126711584z86989590za200zb6989590&_p=1725293468127&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=972998...
https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=972998280.1725293469&dbk=1058316243049016540&dma=1&dma_cps=syphamo&en=begin_checkout&gtm=45je48s0v9126711584z869895...

0
0

56ms
55ms

Fetch
text/plain

2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=972998280.1725293469&dbk=1058316243049016540&dma=1&dma_cps=syphamo&en=begin_checkout&gtm=45je48s0v9126711584z86989590za200zb6989590&npa=1&tid=G-1QPJPKCB3G&dl=https%3A%2F%2Ffirsatkimden3401.site%3F
Protocol: H2
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
attribution-reporting-register-trigger: {"aggregatable_trigger_data":[{"key_piece":"0x11ab6aae6ebe56f1","source_keys":["1"]},{"key_piece":"0x59ef4e50900440eb","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"debug_key":"1058316243049016540","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"}],"filters":{"2":["10985372006","881039902","384193777","971537583","383937996","383937702","383945802","10985326216","930907091","870003909"],"5":["09-02","09-01","08-31"]}}
date: Mon, 02 Sep 2024 16:11:09 GMT
server: Golfe2
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
server: Golfe2
content-type: text/html; charset=UTF-8
location: https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=972998280.1725293469&dbk=1058316243049016540&dma=1&dma_cps=syphamo&en=begin_checkout&gtm=45je48s0v9126711584z86989590za200zb6989590&npa=1&tid=G-1QPJPKCB3G&dl=https%3A%2F%2Ffirsatkimden3401.site%3F
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 511
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ld.js Show response
static.criteo.net/js/ld/ 50 KB
16 KB 178ms
83ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/ld.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

769c0c15b0505b178f3a245cd21b058c38f1bb0a091ccdfb83ea159bf9da10a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 03 Jul 2024 16:35:03 GMT
server: nginx
etag: W/"66857db7-c699"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 03 Sep 2024 16:11:09 GMT

POST
H2 204 v2 Show response
ams.creativecdn.com/tags/ 0
175 B 42ms
41ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://ams.creativecdn.com/tags/v2?type=json
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://firsatkimden3401.site
vary: Origin
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 209ms
66ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 02 Sep 2024 16:11:08 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2068121E324E43448E95A1A5977F8CA1 Ref B: FRA31EDGE0611 Ref C: 2024-09-02T16:11:09Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

POST
H/1.1 204
No Content /
reporting.hangikredi.com/pixel/api/v1/ 0
119 B 76ms
76ms Ping
text/plain 176.235.128.34
TELLCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://reporting.hangikredi.com/pixel/api/v1/?id=HangiKredi-123qwe&uid=5-lgpxmd2e-m0l76ogl&ev=viewConversion&ed=%7B%22params%22%3A%7B%22transactionId%22%3A%2211_58651286%22%2C%22transactionRevenue%22%3A%224.62%22%2C%22productName%22%3A%22Garanti%20BBVA%20Yaz%20Kredisi%22%7D%2C%22customData%22%3A%7B%22eventCategory%22%3A%22Enhanced%20Ecommerce%22%2C%22eventAction%22%3A%22Purchase%22%2C%22eventLabel%22%3A%22%C4%B0htiya%C3%A7%20Kredisi%22%2C%22productList%22%3A%22%C4%B0htiya%C3%A7%20Kredisi%20-%20Ba%C5%9Fvuru%20Y%C3%B6nlendirme%22%2C%22productBrand%22%3A%22Garanti%20BBVA%22%2C%22productId%22%3A%221%22%2C%22productCategory%22%3A%22%C4%B0htiya%C3%A7%20Kredisi%22%2C%22productVariant%22%3A%22undefined%22%7D%7D&v=5&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&rl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ts=1725293469122&de=UTF-8&sr=1600x1200&vp=1600x1200&cd=24&dt=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&bn=Chrome%20128&md=false&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F128.0.0.0%20Safari%2F537.36&tz=-120&utm_source=ig&utm_medium=paid&utm_term=120210551539140408&utm_content=120210551539190408&utm_campaign=120210551539100408&ssrc=ig%2Fpaid%2F120210551539100408&lndssrc=ig%2Fpaid%2F120210551539100408&hktrxid=120210551539190408&hktrxid_mr=120210551539190408&ssid=5-su88its5-m0l76ogl&lndssid=5-su88its5-m0l76ogl
Requested by: Host: isortagim.hangikredi.com
URL: https://isortagim.hangikredi.com/content/hangipixel.js?t=v116564608000001725321600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.235.128.34 Istanbul, Turkey, ASN34984 (TELLCOM-AS, TR),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Date: Mon, 02 Sep 2024 16:11:09 GMT
Server: nginx/1.18.0 (Ubuntu)

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/971537583/ 5 KB
3 KB 132ms
62ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/971537583/?random=1725293469122&cv=11&fst=1725293469122&bg=ffffff&guid=ON&async=1&gtm=45be48s0v882693891z86989590za201zb6989590&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&label=e6soCJnIngMQr_mhzwM&hn=www.googleadservices.com&frm=0&tiba=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&value=4.62&bttype=purchase&npa=1&pscdl=noapi&auid=229943164.1725293468&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&rfmt=3&fmt=4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

8881b242713e6baafba7834d038a03fc24bda4b8a004a52d53ea7999269bce12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2782
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

https://region1.analytics.google.com/g/collect?v=2&tid=G-1QPJPKCB3G&gtm=45je48s0v9126711584z86989590za200zb6989590&_p=1725293468127&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=972998...
https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=972998280.1725293469&dbk=11090335579882215074&dma=1&dma_cps=syphamo&en=purchase&gtm=45je48s0v9126711584z86989590za2...

0
0

50ms
50ms

Fetch
text/plain

2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=972998280.1725293469&dbk=11090335579882215074&dma=1&dma_cps=syphamo&en=purchase&gtm=45je48s0v9126711584z86989590za200zb6989590&npa=1&tid=G-1QPJPKCB3G&dl=https%3A%2F%2Ffirsatkimden3401.site%3F
Protocol: H2
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
attribution-reporting-register-trigger: {"aggregatable_trigger_data":[{"key_piece":"0x88fa6662e59d5925","source_keys":["1"]},{"key_piece":"0xe2182f8f29b780bc","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"debug_key":"11090335579882215074","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"1"}],"filters":{"2":["10985372006","881039902","384193777","971537583","383937996","383937702","383945802","10985326216","930907091","870003909"],"5":["09-02","09-01","08-31"]}}
date: Mon, 02 Sep 2024 16:11:09 GMT
server: Golfe2
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
server: Golfe2
content-type: text/html; charset=UTF-8
location: https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=972998280.1725293469&dbk=11090335579882215074&dma=1&dma_cps=syphamo&en=purchase&gtm=45je48s0v9126711584z86989590za200zb6989590&npa=1&tid=G-1QPJPKCB3G&dl=https%3A%2F%2Ffirsatkimden3401.site%3F
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 506
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
102 B 41ms
40ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=781954915193091&ev=Purchase&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&rl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&if=false&ts=1725293469119&cd[contents]=%5B%7B%22id%22%3A1%2C%22quantity%22%3A1%7D%5D&cd[content_type]=product&cd[value]=4.62&cd[currency]=TRY&cd[content_category]=%C4%B0htiya%C3%A7%20Kredisi&sw=1600&sh=1200&v=2.9.166&r=stable&ec=1&o=12316&fbc=fb.1.1725293468791.PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&fbp=fb.1.1725293468793.413922729219361479&cdl=API_unavailable&it=1725293468593&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=44, rtx=0, c=12, mss=1297, tbw=6793, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 02 Sep 2024 16:11:09 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
1 KB 159ms
158ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=781954915193091&ev=Purchase&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&rl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&if=false&ts=1725293469119&cd[contents]=%5B%7B%22id%22%3A1%2C%22quantity%22%3A1%7D%5D&cd[content_type]=product&cd[value]=4.62&cd[currency]=TRY&cd[content_category]=%C4%B0htiya%C3%A7%20Kredisi&sw=1600&sh=1200&v=2.9.166&r=stable&ec=1&o=12316&fbc=fb.1.1725293468791.PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&fbp=fb.1.1725293468793.413922729219361479&cdl=API_unavailable&it=1725293468593&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x3c471b31ad23dbb4","source_keys":["1"]},{"key_piece":"0x5b151df840e1c3e0","source_keys":["2"]}],"aggregatable_values":{"1":10922,"2":6307},"filters":{"2":["20:3145714752137213","20:6971453909578811","511:3145714752137213","511:6971453909578811","562:3145714752137213","562:6971453909578811","1607:3145714752137213","1607:6971453909578811","9662:3145714752137213","9662:6971453909578811","10853:3145714752137213","10853:6971453909578811","37:3145714752137213","37:6971453909578811","515:3145714752137213","515:6971453909578811","622:3145714752137213","622:6971453909578811","1608:3145714752137213","1608:6971453909578811"]},"debug_reporting":true,"debug_key":"1"}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Mon, 02 Sep 2024 16:11:09 GMT
x-fb-server-load: 39
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7410079026488343171", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=47, rtx=0, c=12, mss=1297, tbw=8318, tp=-1, tpl=-1, uplat=118, ullat=0
pragma: no-cache
x-fb-debug: TluSQAWpbYc13ECXo4zKvtEmbNll/QM3v3JXBAitcR4n/7yGv/CdiJm0hiUGxaH+tOcG0Bfhvm8Nne5y7VJaqA==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7410079026488343171"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
32 B 42ms
41ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=781954915193091&ev=ga_ihtiyac_lead&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&rl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&if=false&ts=1725293469120&cd[currency]=TRY&cd[value]=4.62&sw=1600&sh=1200&v=2.9.166&r=stable&ec=2&o=12316&fbc=fb.1.1725293468791.PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&fbp=fb.1.1725293468793.413922729219361479&cdl=API_unavailable&it=1725293468593&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=44, rtx=0, c=12, mss=1297, tbw=6793, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 02 Sep 2024 16:11:09 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
1 KB 153ms
153ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=781954915193091&ev=ga_ihtiyac_lead&dl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&rl=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&if=false&ts=1725293469120&cd[currency]=TRY&cd[value]=4.62&sw=1600&sh=1200&v=2.9.166&r=stable&ec=2&o=12316&fbc=fb.1.1725293468791.PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&fbp=fb.1.1725293468793.413922729219361479&cdl=API_unavailable&it=1725293468593&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x9225a5657f3c9b21","source_keys":["1"]},{"key_piece":"0x36a99a288c0b2d91","source_keys":["2"]}],"aggregatable_values":{"1":10922,"2":6307},"filters":{"2":["23:4990805957654271","23:6254108411369477","7811:4990805957654271","7811:6254108411369477","10193:4990805957654271","10193:6254108411369477","10853:4990805957654271","10853:6254108411369477","40:4990805957654271","40:6254108411369477","8050:4990805957654271","8050:6254108411369477"]},"debug_reporting":true,"debug_key":"1"}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Mon, 02 Sep 2024 16:11:09 GMT
x-fb-server-load: 67
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7410079026425501091", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=47, rtx=0, c=12, mss=1297, tbw=6971, tp=-1, tpl=-1, uplat=112, ullat=0
pragma: no-cache
x-fb-debug: AOimRm0Ma8jO1bT3C6T7lhaqmFLbew84d5mAmc9CaCpfRIpAWlwCrXGIKMnmWfT4D4RqkfRxzOCAuuNOJgWXJA==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7410079026425501091"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 404 getsignedin Show response
firsatkimden3401.site/revolution/customer/ 808 B
828 B 63ms
62ms XHR
text/html 172.67.179.115
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://firsatkimden3401.site/revolution/customer/getsignedin
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.179.115 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

Accept: application/json, text/plain, */*
Referer: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
tracestate: 148085@nr=0-1-148085-1166814335-3a357211259a699c----1725293469133
traceparent: 00-b3d80a8b220151c1fa52f2b12f373554-3a357211259a699c-01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE0ODA4NSIsImFwIjoiMTE2NjgxNDMzNSIsImlkIjoiM2EzNTcyMTEyNTlhNjk5YyIsInRyIjoiYjNkODBhOGIyMjAxNTFjMWZhNTJmMmIxMmYzNzM1NTQiLCJ0aSI6MTcyNTI5MzQ2OTEzM319

Response headers

date: Mon, 02 Sep 2024 16:11:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 21 Aug 2024 15:17:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m7sWNHbABd%2Bkz9C5Abgtdq8X88bvbi6vpEI8X%2B47WxCr%2BD2bFb1MFXRrvHTaviyHFQMoaLAdA2kfbcS5t%2B729jtCRHwkJFEmaMF3s5lxaYjuarFa6WAa2RynZwQ5XzTIryztAWb8baE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cf-ray: 8bcec636380bd38d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

487c5779-1434-41d4-bc02-da457b1903e5.js Show response
rpdn.relateddigital.com/rdsdk/9B4A27155BF6443DA8881C809361F1BD/
Redirect Chain

https://wps.relateddigital.com/relatedpush_sdk.js?ckey=9B4A27155BF6443DA8881C809361F1BD&aid=487c5779-1434-41d4-bc02-da457b1903e5
https://rpdn.relateddigital.com/rdsdk/9B4A27155BF6443DA8881C809361F1BD/487c5779-1434-41d4-bc02-da457b1903e5.js

72 KB
23 KB

247ms
81ms

Script
application/javascript

2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://rpdn.relateddigital.com/rdsdk/9B4A27155BF6443DA8881C809361F1BD/487c5779-1434-41d4-bc02-da457b1903e5.js
Protocol: H2
Server: 2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 70c360a1275959ee89a74601f814bc77196ccfa4b6cc70b4c4b572c6d0708dee

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Mon, 02 Sep 2024 16:11:09 GMT
content-encoding: br
last-modified: Mon, 01 Aug 2022 12:00:08 GMT
vary: Accept-Encoding
x-azure-ref: 20240902T161109Z-166b9c58d6cxk2w97k4mbwpn7400000004x00000000158z0
content-type: application/javascript
x-ms-request-id: d75d672e-201e-0069-1fc7-fa7d5a000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2009-09-19
x-fd-int-roxy-purgeid: 74754751

Redirect headers

Date: Mon, 02 Sep 2024 16:11:09 GMT
Strict-Transport-Security: max-age=157680000
Server
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: text/html; charset=utf-8
Location: https://rpdn.relateddigital.com/rdsdk/9B4A27155BF6443DA8881C809361F1BD/487c5779-1434-41d4-bc02-da457b1903e5.js
Cache-Control: private
LB: 113
Content-Length: 227

GET
H2 200 favicon.png
dist-klasor.hangikredi.com/images/ 2 KB
3 KB 51ms
51ms Other
image/webp 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://dist-klasor.hangikredi.com/images/favicon.png?v=105

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-235 /

Resource Hash

9a7667a7182356a9adabca185979c2ddfa38636b6dfe52005017844b9a94a293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

correlationid: c3f81f5b-8f87-475f-a83f-ede185f90830
date: Mon, 02 Sep 2024 16:11:08 GMT
via: NS-CACHE-10.0: 154
x-content-type-options: nosniff
x-backend: hangikredi-revolution
x-referrer: /dist/images/favicon.png?v=105
age: 1
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: MISS
x-url: /dist/images/favicon.png
environment: Production
elapsed: 0
content-length: 2102
x-xss-protection: 1; mode=block
x-client-ip: 213.180.203.17
x-user-agent: mozilla/5.0 (compatible; yandexfavicons/1.0; +http://yandex.com/bots)
last-modified: Tue, 13 Aug 2024 11:02:35 GMT
server: MNCDN-235
x-mnrequest-id: fda7d5043a32b3ec5e1117d91f100565
content-type: image/webp
xet-cookie
cache-control: max-age=7776000
varnishxxx: 31
x-mserver: DE-372

GET
H/1.1 200
OK beacon.gif Show response
rum-collector-2.pingdom.net/img/ 0
213 B 230ms
57ms XHR
text/plain 34.246.169.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-collector-2.pingdom.net/img/beacon.gif?id=659f8bcadaab420012000558&sAW=1600&sAH=1200&bIW=1600&bIH=1200&pD=24&dPR=1&or=landscape-primary&nT=0&rC=1&nS=0&cS=46&cE=46&dLE=46&dLS=46&fS=46&hS=-1&rE=46&rS=5&reS=47&resS=129&resE=165&uEE=131&uES=131&dL=132&dI=392&dCLES=453&dCLEE=454&dC=1343&lES=1343&lEE=1376&s=nt&title=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&path=https%3A%2F%2Ffirsatkimden3401.site%2F&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&sId=pgpjd66x&sST=1725293469&sIS=1&rV=0&v=1.4.1
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.169.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-169-171.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Mon, 02 Sep 2024 16:11:09 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H3

200

/
www.google.de/pagead/1p-conversion/971537583/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/971537583/?random=1742406709&cv=11&fst=1725293469122&bg=ffffff&guid=ON&async=1&gtm=45be48s0v882693891z86989590za201zb6989590&gcd=13l...
https://www.google.com/pagead/1p-conversion/971537583/?random=1742406709&cv=11&fst=1725293469122&bg=ffffff&guid=ON&async=1&gtm=45be48s0v882693891z86989590za201zb6989590&gcd=13l3l3l2l1l1&dma_cps=syp...
https://www.google.de/pagead/1p-conversion/971537583/?random=1742406709&cv=11&fst=1725293469122&bg=ffffff&guid=ON&async=1&gtm=45be48s0v882693891z86989590za201zb6989590&gcd=13l3l3l2l1l1&dma_cps=syph...

42 B
64 B

63ms
63ms

Image
image/gif

142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/971537583/?random=1742406709&cv=11&fst=1725293469122&bg=ffffff&guid=ON&async=1&gtm=45be48s0v882693891z86989590za201zb6989590&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&label=e6soCJnIngMQr_mhzwM&hn=www.googleadservices.com&frm=0&tiba=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&value=4.62&npa=1&pscdl=noapi&auid=229943164.1725293468&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAkonZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyWgMKAQFiBAoCAgM&pscrd=IhMI1Yj3gtOkiAMV9vMRCB0e_QPEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL2ZpcnNhdGtpbWRlbjM0MDEuc2l0ZS8&is_vtc=1&cid=CAQSGwDpaXnfqEC-DhohltZT7KMX1s3Xo7DovGPx0Q&eitems=ChEI8MTVtgYQxZbrvLXN2qDsARIdAGZ0zPMlxssVqv2VTqq_qxbGn6-z39erqSHaAQg&random=2293047871&ipr=y

Protocol

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/971537583/?random=1742406709&cv=11&fst=1725293469122&bg=ffffff&guid=ON&async=1&gtm=45be48s0v882693891z86989590za201zb6989590&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&label=e6soCJnIngMQr_mhzwM&hn=www.googleadservices.com&frm=0&tiba=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&value=4.62&npa=1&pscdl=noapi&auid=229943164.1725293468&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAkonZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyWgMKAQFiBAoCAgM&pscrd=IhMI1Yj3gtOkiAMV9vMRCB0e_QPEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL2ZpcnNhdGtpbWRlbjM0MDEuc2l0ZS8&is_vtc=1&cid=CAQSGwDpaXnfqEC-DhohltZT7KMX1s3Xo7DovGPx0Q&eitems=ChEI8MTVtgYQxZbrvLXN2qDsARIdAGZ0zPMlxssVqv2VTqq_qxbGn6-z39erqSHaAQg&random=2293047871&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 a771d7726b Show response
bam.nr-data.net/1/ 150 B
609 B 590ms
497ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/a771d7726b?a=1125766052&sa=1&v=1.263.0&t=Unnamed%20Transaction&rst=1523&ck=0&s=879b7361149c1b12&ref=https://firsatkimden3401.site/&ptid=808ed304c6fcb070&af=err,spa,xhr,stn,ins&be=128&fe=1248&dc=326&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1725293467759,%22n%22:0,%22u%22:131,%22r%22:5,%22ue%22:131,%22re%22:46,%22f%22:46,%22dn%22:46,%22dne%22:46,%22c%22:46,%22s%22:46,%22ce%22:46,%22rq%22:47,%22rp%22:129,%22rpe%22:165,%22di%22:392,%22ds%22:453,%22de%22:454,%22dc%22:1343,%22l%22:1343,%22le%22:1376%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=385&fcp=405
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8bc22b4f2896b0980cd85cd7c8411c5e49a9c698b3c8c5ba7098d0791ffee89c

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 02 Sep 2024 16:11:09 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://firsatkimden3401.site
access-control-expose-headers: Date
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
timing-allow-origin: https://firsatkimden3401.site
Content-Length: 150
x-served-by: cache-fra-etou8220154-FRA

GET
H2 200 syncframe
gum.criteo.com/ Frame 4447 0
0 143ms
48ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=firsatkimden3401.site&origin=onetag

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://firsatkimden3401.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 02 Sep 2024 16:11:09 GMT
server: Kestrel
server-processing-duration-in-ticks: 379052
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H2 200 187040756.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 65ms
64ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187040756.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8680e113f3a9571f96b1ca862416553889e5db4b5734585117f319cfb4887ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Mon, 02 Sep 2024 16:11:08 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0DDF881808434207BF950AEC5A759DC7 Ref B: FRA31EDGE0611 Ref C: 2024-09-02T16:11:09Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 200 187040756 Show response
www.clarity.ms/tag/uet/ 680 B
936 B 272ms
134ms Script
application/x-javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/187040756
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: b556be9e42bf854834c317dff1fec496208c0d439264f320b7d7b350fc44c56c

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
date: Mon, 02 Sep 2024 16:11:09 GMT
x-azure-ref: 20240902T161109Z-166b9c58d6cbv9rgccm8wk6ux00000000530000000019597
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 680
expires: -1

GET
H2 204 0
bat.bing.com/action/ 0
178 B 62ms
62ms Image
text/plain 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=187040756&Ver=2&mid=341e99ed-d621-4612-a4ca-0eddb96d2546&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Garanti%20BBVA%20Yaz%20Kredisi%20%C4%B0htiya%C3%A7%20Kredisi%20Ba%C5%9Fvuru%20Y%C3%B6nlendirmesi&p=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&r=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&lt=1376&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=389573

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 02 Sep 2024 16:11:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 56B2D2294BB0465AB94943EFC9A07BD9 Ref B: FRA31EDGE0611 Ref C: 2024-09-02T16:11:09Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 event Show response
sslwidget.criteo.com/ 10 KB
5 KB 140ms
50ms Script
application/x-javascript 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://sslwidget.criteo.com/event?a=25194&v=5.26.1&otl=1&p0=e%3Dce%26m%3D%255B%255D&p1=e%3Dexd%26site_type%3Dd&p2=e%3Dvc%26tms%3Dgtm-criteo-2.0.0%26id%3DIhtiyac_89041598381%26p%3D%255Bi%25253D1%252526pr%25253D4.62%252526q%25253D1%255D&p3=e%3Ddis&adce=1&bundle=HPt3rl81ZnFhbiUyRjhOUmpvSmxFYThYYmZBZ0llSDdCNnIxV1VBWDRIOHdVd0slMkJnU2dFaVFieXZ6R3dwdEUlMkZRN0xSUFh4M1FpR1poRnd6QmZXaEZtVUgwZlRpa1pGWWdpbzA5a2U0RGs2UDN5NVFMakt2cVVoJTJCbnRrQThIM2VLczdWVEFrbGlDSHZyWDZJNldiTmdXb00zTUpnRiUyRk5Cd0pNZnYlMkZXa3JvUjc5RG9VUzQlM0Q&sc=%7B%22fbc%22%3A%22fb.1.1725293468791.PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ%22%2C%22fbp%22%3A%22fb.1.1725293468793.413922729219361479%22%7D&tld=firsatkimden3401.site&fu=https%253A%252F%252Ffirsatkimden3401.site%252F%253Futm_medium%253Dpaid%2526utm_source%253Dig%2526utm_id%253D120210551539100408%2526utm_content%253D120210551539190408%2526utm_term%253D120210551539140408%2526utm_campaign%253D120210551539100408%2526fbclid%253DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&pu=https%253A%252F%252Ffirsatkimden3401.site%252F%253Futm_medium%253Dpaid%2526utm_source%253Dig%2526utm_id%253D120210551539100408%2526utm_content%253D120210551539190408%2526utm_term%253D120210551539140408%2526utm_campaign%253D120210551539100408%2526fbclid%253DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ceid=d8976292-5a49-445b-b3cb-b6382f873e86

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

67c0d7838ea3eb2e6cbfe0da12c2f73b5c8c11e190cd72dcc19373a940e2ad4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
content-type: application/x-javascript
access-control-allow-origin: *
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 7600154
timing-allow-origin: *
expires: 0

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.45/ 64 KB
27 KB 80ms
80ms Script
application/javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.45/clarity.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 264532af47b2cfb6620970592478c442a0cd429beccead9d062ff5a91284dc15

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:09 GMT
content-encoding: br
last-modified: Sun, 01 Sep 2024 12:45:29 GMT
etag: W/"0x8DCCA83F5A7F4DF"
vary: Accept-Encoding
x-azure-ref: 20240902T161109Z-166b9c58d6cbv9rgccm8wk6ux0000000053000000001959y
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 5454d1aa-501e-005b-2174-fc17e0000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 interest-group
fledge.eu.criteo.com/ Frame E34E 0
0 217ms
43ms Document
text/html 2a02:2638:3::15
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://fledge.eu.criteo.com/interest-group?data=bhIN8Hw3d09KS0E1cmZ6SEpQcWRQV243eTQ4cnEzd0tMY3ZIQXZQMXFkM29mU1Vtd3dGaHNleFpISkovaTR5NmYxaXBYdElCbmJacHZGK1J1K0VRd0xHYU9Fbk5UVTNYQytGMlZpaHRraDU4S0IxSzdkSUs5VlJERlFvYUxhT1M2S0dreGxFcXZzY0F1R2hRNU1URTJSaDhEczMxSVB1cWxIV29YNXhOaDNpTHcyL0JXelNLQ3k2N3BES3E5TDhvTTBCek98

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::15 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://firsatkimden3401.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-type: text/html
date: Mon, 02 Sep 2024 16:11:09 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-allow-fledge: true

GET
H2 200 register-trigger
measurement-api.criteo.com/ 0
0 144ms
47ms Fetch 2a02:2638:3::19
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://measurement-api.criteo.com/register-trigger?partner_id=25194&uid=90a33fa8-7c11-447b-b514-befe4ace9906&event_name=Sales&islcc=0&amount_local=4.62&amount_euro=0.12234&hashed_ext_id=707984191652811888&client_side_event_id=d8976292-5a49-445b-b3cb-b6382f873e86&transaction_id=Ihtiyac_89041598381

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::19 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:09 GMT
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"1","priority":"3"}],"debug_key":"6309589182218475639","debug_reporting":true,"aggregatable_trigger_data":[{"key_piece":"0x0","source_keys":["2"],"filters":{},"not_filters":{}},{"key_piece":"0x400000000","source_keys":["6"],"filters":{},"not_filters":{}}],"aggregatable_values":{"2":6553,"6":6553},"aggregatable_source_registration_time":"include"}
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin
access-control-allow-origin: https://firsatkimden3401.site
access-control-allow-credentials: true
content-length: 0

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 5ED4 170 B
409 B 177ms
79ms Image
image/png 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-bMBS7pmx_FVo-b0VnxS1tTXfTkVmg9-wbIsP6A&google_cm&google_hm=ay1iTUJTN3BteF9GVm8tYjBWbnhTMXRUWGZUa1ZtZzktd2JJc1A2QQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame 5ED4 43 B
183 B 184ms
86ms Image
image/gif 35.214.136.108
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-FRJl_Zmx_FVo-b0VnxS1tTXfTkXes-VH8RlGpA&expires=30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.214.136.108 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS: 108.136.214.35.bc.googleusercontent.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:09 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 5ED4
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7732677446541758592

43 B
370 B

43ms
42ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7732677446541758592

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1013439
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:10 GMT
an-x-request-uuid: 5aee3d35-b943-4efa-ad67-32369254c63c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7732677446541758592
x-proxy-origin: 80.255.7.102; 80.255.7.102; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 5ED4 0
99 B 210ms
43ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-xKwVvJmx_FVo-b0VnxS1tTXfTkW0su1JSvrP9w
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:09 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 41635

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame 5ED4 49 B
342 B 356ms
189ms Image
image/gif 185.255.84.152
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-Y06-KZmx_FVo-b0VnxS1tTXfTkVbhxgRJp--Tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.152 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 140
content-length: 49
expires: 0

GET
H2

200

rum
r.casalemedia.com/ Frame 5ED4
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-84ANtZmx_FVo-b0VnxS1tTXfTkUmhDKxge93yw
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-84ANtZmx_FVo-b0VnxS1tTXfTkUmhDKxge93yw&C=1

43 B
328 B

62ms
62ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-84ANtZmx_FVo-b0VnxS1tTXfTkUmhDKxge93yw&C=1
Protocol: H2
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PB3N3Pw6U6LMjG3ge3Xsk81%2BC3dULg4maXNbtSEeE%2BtLWESIBQaMP7nbD1Aj8nywqHLNYqcPDOtCdPMmE2%2FjF5%2BR54K0tVX1gWXbcSS42lkfXKW6FzvS2HQlY5HY%2B9RPEHhy"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8bcec63ac8c3451c-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bkqd0RBd4WVw1ly3e%2FTTHx7JxqcSY%2FLpb%2FoGgX%2BbWETXn7THuFT8hCfBEA7dgn073V9SJBtAyQWC5iOtnxcE17IAw6ow%2BGXWjA9e8xzPMEWLnWWU3YwS1jC2YW%2BuTYQM%2BrjQ"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=20&external_user_id=k-84ANtZmx_FVo-b0VnxS1tTXfTkUmhDKxge93yw&C=1
cache-control: no-cache
cf-ray: 8bcec63a3f8b451c-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame 5ED4
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=MgzHLQ56oqgnKP9ARLUWsutvyvf1x_8a
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=MgzHLQ56oqgnKP9ARLUWsutvyvf1x_8a

42 B
716 B

59ms
59ms

Image
image/gif

54.228.154.232
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=MgzHLQ56oqgnKP9ARLUWsutvyvf1x_8a

Protocol

Server

54.228.154.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-228-154-232.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v065-0c0839f88.edge-irl1.demdex.com 4 ms
pragma: no-cache
date: Mon, 02 Sep 2024 16:11:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: ya26bcRUQdw=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v065-0a63ce833.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Mon, 02 Sep 2024 16:11:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: 9ujvaLidQi0=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=MgzHLQ56oqgnKP9ARLUWsutvyvf1x_8a
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 9.gif
id5-sync.com/s/966/ Frame 5ED4 43 B
1 KB 129ms
41ms Image
image/gif 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/966/9.gif?puid=k-kz7RQJmx_FVo-b0VnxS1tTXfTkXloLmcYbLaoA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

p3p: CP="CAO PSA OUR"
date: Mon, 02 Sep 2024 16:11:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: image/gif;charset=UTF-8

GET
H2 200 match
ad.360yield.com/ Frame 5ED4 43 B
199 B 221ms
56ms Image
image/gif 34.253.43.0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-JUi255mx_FVo-b0VnxS1tTXfTkUhmcUkfor95w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.253.43.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-43-0.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 02 Sep 2024 16:11:09 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 43
content-type: image/gif

GET
H2 200 sync
matching.ivitrack.com/ Frame 5ED4 42 B
265 B 138ms
51ms Image
image/gif 34.117.157.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-gxyu8Zmx_FVo-b0VnxS1tTXfTkU4F-1p9QBlSg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.157.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:09 GMT
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 cksync.php
contextual.media.net/ Frame 5ED4 61 B
815 B 229ms
110ms Image
image/gif 184.30.20.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-8zmQr5mx_FVo-b0VnxS1tTXfTkU0o1yEkydxvQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.20.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-20-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

14c847e283cde4999e0d4ba2b30bc61e64217110eb8f08f24751d0fdeb3ba8e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Mon, 02 Sep 2024 16:11:10 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
alt-svc: h3=":443"; ma=93600
content-length: 61
x-mnet-hl2: E
expires: Mon, 02 Sep 2024 16:11:10 GMT

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame 5ED4 0
884 B 134ms
43ms Image
text/html 3.120.103.239
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-YIbvUZmx_FVo-b0VnxS1tTXfTkXcFqiqoUu05g
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.103.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-103-239.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:09 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 1017
jadserve.postrelease.com/suid/ Frame 5ED4 43 B
422 B 663ms
211ms Image
image/gif 35.80.135.250
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/1017?vk=k-OXKZ1Zmx_FVo-b0VnxS1tTXfTkXnzK6p6tFKeg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.80.135.250 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-80-135-250.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:10 GMT
server: nginx
content-type: image/gif
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame 5ED4 0
218 B 374ms
117ms Image
text/plain 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-0isSbJmx_FVo-b0VnxS1tTXfTkX4SXjD5f_3Lw&initiator=partner

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:10 GMT
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: 93b3a8bc907051f92271a74a2aeec8aa
content-length: 0

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 5ED4 0
225 B 149ms
42ms Image
text/html 198.47.127.205
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-5f8ycZmx_FVo-b0VnxS1tTXfTkUX4ZISJZHK4Q
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 02 Sep 2024 16:11:09 GMT
cache-control: no-store, no-cache, private
content-encoding: gzip
server: nginx
content-type: text/html; charset=utf-8

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 5ED4 0
239 B 201ms
40ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-6gFaS5mx_FVo-b0VnxS1tTXfTkUH-r2bOMdCwg&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 579d6dd278f76ae39d067788043e4297
Expires: 0

GET
H2 204 v1
match.sharethrough.com/sync/ Frame 5ED4 0
58 B 137ms
41ms Image
text/plain 18.195.234.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-X3Ymepmx_FVo-b0VnxS1tTXfTkVDYGOHwGUEVQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.195.234.25 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-195-234-25.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=16000000; includeSubDomains; preload;

GET
H2 200 um
criteo-sync.teads.tv/ Frame 5ED4 23 B
163 B 205ms
65ms Image
image/gif 23.52.181.90
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-eAR-_Jmx_FVo-b0VnxS1tTXfTkVmE7sx9qPIdg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.181.90 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-181-90.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.1 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 02 Sep 2024 16:11:10 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.1
content-length: 23
expires: Mon, 02 Sep 2024 16:11:10 GMT

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame 5ED4 43 B
397 B 368ms
118ms Image
image/gif 2600:1f18:612b:4216:15c:6f8b:c2c7:4e11
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-h6pkpJmx_FVo-b0VnxS1tTXfTkU99P0YaopIKw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:15c:6f8b:c2c7:4e11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Mon, 02 Sep 2024 16:11:10 GMT
server: nginx
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET
H2 200 xuid
eb2.3lift.com/ Frame 5ED4 37 B
140 B 119ms
42ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-gPGWw5mx_FVo-b0VnxS1tTXfTkXL6CKB-IeADw&dongle=013b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 getusermatch.php
a.twiago.com/rtb/ Frame 5ED4 43 B
153 B 103ms
37ms Image
image/gif 85.215.5.31
CRONON-BERLIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-p2S2tJmx_FVo-b0VnxS1tTXfTkUH5ak2zceHpw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.215.5.31 , Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software: Apache / PHP/7.3.29
Resource Hash: 5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 02 Sep 2024 16:11:10 GMT
server: Apache
x-powered-by: PHP/7.3.29
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame 5ED4 0
235 B 156ms
61ms Image
text/plain 23.35.237.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-GqPql5mx_FVo-b0VnxS1tTXfTkVz2mMAcjKJMQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 02 Sep 2024 16:11:10 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Sun, 01 Sep 2024 16:11:10 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame 5ED4 0
38 B 201ms
55ms Image
text/plain 54.194.169.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-i6oofJmx_FVo-b0VnxS1tTXfTkVGJU8pFR5Fzg&pn_id=criteo&ext=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.169.106 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-169-106.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:10 GMT
content-length: 0

GET
H2 204 put
e1.emxdgt.com/ Frame 5ED4 0
44 B 128ms
39ms Image
text/plain 18.194.226.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d53&uid=k--e6hApmx_FVo-b0VnxS1tTXfTkX7KpfZQN-D5A
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.226.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-226-218.eu-central-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:10 GMT
server: awselb/2.0

GET
H2

200

RX-c32a4cc6-392e-4bad-a3d8-0b443f91460b-003
sync.targeting.unrulymedia.com/csync/ Frame 5ED4
Redirect Chain

https://sync.1rx.io/usersync/criteodsp/k-uP7yxpmx_FVo-b0VnxS1tTXfTkWI96LzObcssA
https://sync.1rx.io/usersync/criteodsp/k-uP7yxpmx_FVo-b0VnxS1tTXfTkWI96LzObcssA?zcc=1&cb=1725293470250
https://sync.targeting.unrulymedia.com/csync/RX-c32a4cc6-392e-4bad-a3d8-0b443f91460b-003

43 B
378 B

133ms
41ms

Image
image/gif

46.228.174.117
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-c32a4cc6-392e-4bad-a3d8-0b443f91460b-003
Protocol: H2
Server: 46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:10 GMT
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

content-type: text/html
pragma: no-cache
date: Mon, 02 Sep 2024 16:11:10 GMT
cache-control: no-store, no-cache, must-revalidate
location: https://sync.targeting.unrulymedia.com/csync/RX-c32a4cc6-392e-4bad-a3d8-0b443f91460b-003
expires: 0

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
285 B 503ms
245ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://firsatkimden3401.site
Date: Mon, 02 Sep 2024 16:11:10 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H2 200 setuid
ib.adnxs.com/ Frame 5ED4 43 B
1 KB 57ms
57ms Image
image/gif 185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=52&code=k-6Abua5mx_FVo-b0VnxS1tTXfTkUbQoXjmrV7aw

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2024 16:11:10 GMT
an-x-request-uuid: 0cf1d6fd-6b61-4bef-97c7-b160314461f3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.102; 80.255.7.102; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200 a771d7726b Show response
bam.nr-data.net/events/1/ 24 B
348 B 400ms
399ms XHR
image/gif 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/a771d7726b?a=1125766052&sa=1&v=1.263.0&t=Unnamed%20Transaction&rst=2629&ck=0&s=879b7361149c1b12&ref=https://firsatkimden3401.site/&ptid=808ed304c6fcb070
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 02 Sep 2024 16:11:10 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://firsatkimden3401.site
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 24
x-served-by: cache-fra-etou8220110-FRA

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
285 B 125ms
123ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://firsatkimden3401.site
Date: Mon, 02 Sep 2024 16:11:10 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1240975/ 71 KB
22 KB 128ms
40ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1240975/tfa.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ce30419afdc9cccf6c91e449fa419527591baca0d7fb76213b15da04bdd7bced

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 1S3VAg2B2Pcp9MvuKZltyzqYcN.uIr94
content-encoding: gzip
via: 1.1 varnish
date: Mon, 02 Sep 2024 16:11:11 GMT
x-amz-request-id: WZ5W9GNKTE8236S2
age: 100
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 21940
x-amz-id-2: xmHP35mmvWPlxue8Wc0aMKJKsCqWwyHdjNlq14X7ZBCD/PE3Ct9QOeoD5hzzZMNiKVRVFPqXy2c=
x-served-by: cache-fra-etou8220143-FRA
last-modified: Sun, 01 Sep 2024 11:33:51 GMT
server: AmazonS3
x-timer: S1725293471.210212,VS0,VE0
etag: "7015d954ab81372030762f6312f71a8b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 11
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 137ms
41ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 02 Sep 2024 16:11:11 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220068-FRA

GET
H2 200 topics_api Show response
psb.taboola.com/ 65 B
284 B 122ms
39ms Fetch
text/html 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://psb.taboola.com/topics_api
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e7112b70eed95d42b178135728e6153e34f07001827870748de87cd7dec3538e

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 02 Sep 2024 16:11:11 GMT
via: 1.1 varnish
server: Varnish
observe-browsing-topics: ?1
x-timer: S1725293471.339773,VS0,VE0
x-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=2592000
accept-ranges: bytes
content-length: 65
retry-after: 0
x-served-by: cache-fra-etou8220087-FRA

GET
H2 200 json Show response
trc.taboola.com/1240975/trc/3/ 2 KB
2 KB 65ms
59ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1240975/trc/3/json?tim=1725293471241&data=%7B%22id%22%3A111%2C%22ii%22%3A%22%2Fbasvuru%2Fihtiyac%2Fyonlendirme%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1725293471237%2C%22cv%22%3A%2220240830-4-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.hangikredi.com%2Fbasvuru%2Fihtiyac%2Fyonlendirme%22%2C%22e%22%3A%22https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ%22%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dhangikredi-sc-try%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1725293471240%2C%22ref%22%3A%22https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ%22%2C%22item-url%22%3A%22https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ%22%2C%22tos%22%3A1%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22ler%22%3A%22other%22%2C%22it%22%3A%22JS_PIXEL%22%2C%22supv%22%3Atrue%7D%2C%22pa%22%3A%7B%22su%22%3Atrue%7D%2C%22psb%22%3Atrue%7D&pubit=i
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3633e632ceff475b1d2770b021fc6921cac1e437aec3ad22c81b52150e0c23f0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-vcl-time-ms: 19
date: Mon, 02 Sep 2024 16:11:11 GMT
content-encoding: gzip
via: 1.1 varnish
cpu: 0.21225
x-fastly-to-nlb-rtt: 7551
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-etou8220143-FRA
x-log-content-encoding: gzip
server: nginx
x-timer: S1725293471.269355,VS0,VE19
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 adsct
t.co/1/i/ 43 B
469 B 356ms
262ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=9ff272d8-003a-42ed-8b89-af845add2c74&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fdc1c8d3-6f34-4b7d-a517-b46a47e2b1c2&tw_document_href=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&tw_iframe_status=0&txn_id=o3zq3&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 185
date: Mon, 02 Sep 2024 16:11:11 GMT
strict-transport-security: max-age=0
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif;charset=utf-8
x-transaction-id: 19a1e75024fe6add
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 1df87c37686fef6495939f4b37b75077ba28c4ca37ff35da5f458061eb2cab44
cf-ray: 8bcec6440c8062bf-HAM
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
565 B 252ms
167ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=9ff272d8-003a-42ed-8b89-af845add2c74&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fdc1c8d3-6f34-4b7d-a517-b46a47e2b1c2&tw_document_href=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&tw_iframe_status=0&txn_id=o3zq3&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 127
date: Mon, 02 Sep 2024 16:11:10 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 03c80a1aa5ccf2e0
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 91b512bb24e7f378a0aa7378d2cf4854cd3029115c395ce8ec51da5e7307e84b
content-length: 43

OPTIONS
H2 200 unip
trc.taboola.com/1240975/log/3/ Frame 0
0 47ms
47ms Preflight 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1240975/log/3/unip?en=ihtiyac&tim=1725293471332&vi=1725293471237&ri=072b63cf2d2c577a8a6c1e23527010f9&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&cv=20240830-4-RELEASE&item-url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&tos=92&ssd=1&scd=0&ler=other&it=JS_PIXEL&psb=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://firsatkimden3401.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-origin: https://firsatkimden3401.site
allow: GET, HEAD, POST, TRACE, OPTIONS
content-length: 0
date: Mon, 02 Sep 2024 16:11:11 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server: nginx
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-fastly-to-nlb-rtt: 7530
x-served-by: cache-fra-etou8220087-FRA
x-service-version: v1
x-timer: S1725293471.352633,VS0,VE9
x-vcl-time-ms: 9

GET
H2 204 unip Show response
trc.taboola.com/1240975/log/3/ 0
184 B 51ms
51ms XHR
image/gif 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1240975/log/3/unip?en=ihtiyac&tim=1725293471332&vi=1725293471237&ri=072b63cf2d2c577a8a6c1e23527010f9&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&cv=20240830-4-RELEASE&item-url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&tos=92&ssd=1&scd=0&ler=other&it=JS_PIXEL&psb=true
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://firsatkimden3401.site/
Attribution-Reporting-Eligible: trigger
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-vcl-time-ms: 11
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"845974"}]}
date: Mon, 02 Sep 2024 16:11:11 GMT
via: 1.1 varnish
x-fastly-to-nlb-rtt: 7586
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-etou8220143-FRA
pragma: no-cache
server: nginx
x-timer: S1725293471.400797,VS0,VE11
content-type: image/gif
access-control-allow-origin: https://firsatkimden3401.site
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 adsct
t.co/1/i/ 43 B
624 B 270ms
259ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=4&event=%7B%7D&event_id=6f1d2fae-4914-4a9e-b6f0-71b9702fa21e&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fdc1c8d3-6f34-4b7d-a517-b46a47e2b1c2&tw_document_href=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&tw_iframe_status=0&txn_id=tw-o3zq3-od6s1&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 183
date: Mon, 02 Sep 2024 16:11:11 GMT
strict-transport-security: max-age=0
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif;charset=utf-8
x-transaction-id: 25ef34c90cbfb16b
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: e20e531100a4d27ba52611a902350d08e42c6113a10b773c15bd82c20abfc3e4
cf-ray: 8bcec6440c8862bf-HAM
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
723 B 163ms
161ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=4&event=%7B%7D&event_id=6f1d2fae-4914-4a9e-b6f0-71b9702fa21e&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fdc1c8d3-6f34-4b7d-a517-b46a47e2b1c2&tw_document_href=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&tw_iframe_status=0&txn_id=tw-o3zq3-od6s1&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 120
date: Mon, 02 Sep 2024 16:11:11 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 752eff6338984008
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 91b512bb24e7f378a0aa7378d2cf4854cd3029115c395ce8ec51da5e7307e84b
content-length: 43

GET
H2 204 unip Show response
trc-events.taboola.com/1240975/log/3/ 0
250 B 44ms
44ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1240975/log/3/unip?en=pre_d_eng_tb&tos=1551&scd=0&ssd=1&est=1725293471239&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1725293472791&vi=1725293471237&ri=072b63cf2d2c577a8a6c1e23527010f9&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&cv=20240830-4-RELEASE&item-url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ler=other&it=JS_PIXEL
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://firsatkimden3401.site/
Attribution-Reporting-Eligible: trigger
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: https://firsatkimden3401.site
pragma: no-cache
date: Mon, 02 Sep 2024 16:11:12 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

OPTIONS
H2 200 unip
trc-events.taboola.com/1240975/log/3/ Frame 0
0 143ms
42ms Preflight 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1240975/log/3/unip?en=pre_d_eng_tb&tos=1551&scd=0&ssd=1&est=1725293471239&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1725293472791&vi=1725293471237&ri=072b63cf2d2c577a8a6c1e23527010f9&ref=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&cv=20240830-4-RELEASE&item-url=https%3A%2F%2Ffirsatkimden3401.site%2F%3Futm_medium%3Dpaid%26utm_source%3Dig%26utm_id%3D120210551539100408%26utm_content%3D120210551539190408%26utm_term%3D120210551539140408%26utm_campaign%3D120210551539100408%26fbclid%3DPAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ&ler=other&it=JS_PIXEL
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://firsatkimden3401.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-origin: https://firsatkimden3401.site
allow: GET, HEAD, POST, TRACE, OPTIONS
content-length: 0
date: Mon, 02 Sep 2024 16:11:12 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server: nginx

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
285 B 123ms
122ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: firsatkimden3401.site
URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://firsatkimden3401.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://firsatkimden3401.site
Date: Mon, 02 Sep 2024 16:11:13 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dist-klasor.hangikredi.com
URL: https://dist-klasor.hangikredi.com/images/KVKK.png?v=105

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

245 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

55 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.firsatkimden3401.site/	1970-01-20 23:16:19	Name: __cf_mw_byp Value: huOzqwai.BtRqZKix4TJXfJh717wbn3j08rDr9Li_E8-1725293462-0.0.1.1-/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
.firsatkimden3401.site/	1970-01-21 01:24:29	Name: _gcl_au Value: 1.1.229943164.1725293468
.firsatkimden3401.site/	1970-01-21 08:50:53	Name: _ga Value: GA1.1.972998280.1725293469
firsatkimden3401.site/	1970-01-21 08:00:36	Name: __rtbh.lid Value: %7B%22eventType%22%3A%22lid%22%2C%22id%22%3A%22r2IIZmqfYLn7eXKBRxl4%22%7D
firsatkimden3401.site/	1970-01-21 08:50:53	Name: __hangipix_uid Value: 5-lgpxmd2e-m0l76ogl
firsatkimden3401.site/	1970-01-20 23:14:55	Name: __hangipix_ssid Value: 5-su88its5-m0l76ogl
firsatkimden3401.site/	1970-01-20 23:14:55	Name: __hangipix_ssrc Value: ig/paid/120210551539100408
firsatkimden3401.site/	1970-01-21 03:34:05	Name: __hangipix_lndssid Value: 5-su88its5-m0l76ogl
firsatkimden3401.site/	1970-01-21 03:34:05	Name: __hangipix_lndssrc Value: ig/paid/120210551539100408
firsatkimden3401.site/	1970-01-21 03:34:05	Name: __hangipix_utm Value: {"utm_source":"ig","utm_medium":"paid","utm_term":"120210551539140408","utm_content":"120210551539190408","utm_campaign":"120210551539100408"}
firsatkimden3401.site/	1970-01-20 23:14:55	Name: __hangipix_hktrxid_mr Value: 120210551539190408
firsatkimden3401.site/	1970-01-21 03:34:05	Name: __hangipix_hktrxid Value: 120210551539190408
.firsatkimden3401.site/	1970-01-21 01:24:29	Name: _fbc Value: fb.1.1725293468791.PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ
.firsatkimden3401.site/	1970-01-21 01:24:29	Name: _fbp Value: fb.1.1725293468793.413922729219361479
.creativecdn.com/	1970-01-21 08:00:29	Name: g Value: ac0DshofxUatFWw5qczW_1725293468840
.creativecdn.com/	1970-01-21 08:00:29	Name: c Value: ac0DshofxUatFWw5qczW_wzq0zSCQVti7ckin0WUs_1725293468840
.creativecdn.com/	1970-01-21 08:00:29	Name: ts Value: 1725293468
firsatkimden3401.site/	1970-01-21 08:00:36	Name: __rtbh.uid Value: %7B%22eventType%22%3A%22uid%22%2C%22id%22%3A%22%C4%B0htiya%C3%A7%20Kredisi%22%7D
.firsatkimden3401.site/	1970-01-21 08:50:53	Name: _ga_1QPJPKCB3G Value: GS1.1.1725293468.1.0.1725293469.59.0.0
.region1.google-analytics.com/	1970-01-21 01:24:29	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-20 23:14:54	Name: test_cookie Value: CheckForPermission
.criteo.com/	1970-01-21 08:36:29	Name: uid Value: 90a33fa8-7c11-447b-b514-befe4ace9906
.criteo.com/	1970-01-21 08:36:29	Name: receive-cookie-deprecation Value: 1
.firsatkimden3401.site/	1970-01-21 08:44:17	Name: cto_bundle Value: HPt3rl81ZnFhbiUyRjhOUmpvSmxFYThYYmZBZ0llSDdCNnIxV1VBWDRIOHdVd0slMkJnU2dFaVFieXZ6R3dwdEUlMkZRN0xSUFh4M1FpR1poRnd6QmZXaEZtVUgwZlRpa1pGWWdpbzA5a2U0RGs2UDN5NVFMakt2cVVoJTJCbnRrQThIM2VLczdWVEFrbGlDSHZyWDZJNldiTmdXb00zTUpnRiUyRk5Cd0pNZnYlMkZXa3JvUjc5RG9VUzQlM0Q
measurement-api.criteo.com/	1969-12-31 23:59:59	Name: ar_debug Value: 1
.criteo.com/	1970-01-21 08:36:29	Name: cto_bundle Value: btd9IF9iaFozWWZEajhyWDVmQnY4ZXFoN2hxUjdnVEhuN1E1aXRBZlVVdkhSYWRLQWhrciUyQmMlMkJRb1pQYmlwTVFPJTJGUG5I
.casalemedia.com/	1970-01-21 08:00:29	Name: CMID Value: ZtXjnVVbLaIAAH.wAHtSHwAA
.casalemedia.com/	1970-01-21 01:24:29	Name: CMPS Value: 3348
.casalemedia.com/	1970-01-21 01:24:29	Name: CMPRO Value: 3348
.adnxs.com/	1970-01-21 01:24:29	Name: XANDR_PANID Value: cCUbn3PrNA-Sya_3bQVtzJfusy5_Ot1ntKzPNB-VpHyU1oN-Vmr_mTlxvCyu7_Bvj9r8QvTQXlVRCDmhTBx9yjfwPXtniYTsd5BrMWe5QzQ.
.adnxs.com/	1970-01-21 08:50:53	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 01:24:29	Name: uuid2 Value: 7732677446541758592
exchange.mediavine.com/	1970-01-20 23:35:03	Name: mv_tokens Value: %7B%22mv_uuid%22%3A%22f79bd6a0-6945-11ef-9a8f-f3a2cf73cf3e%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 23:35:03	Name: mv_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22f79bd6a0-6945-11ef-9a8f-f3a2cf73cf3e%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 23:35:03	Name: am_tokens Value: %7B%22mv_uuid%22%3A%22f79bd6a0-6945-11ef-9a8f-f3a2cf73cf3e%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 23:35:03	Name: am_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22f79bd6a0-6945-11ef-9a8f-f3a2cf73cf3e%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 23:35:03	Name: criteo Value: %7B%22id%22%3A%22k-YIbvUZmx_FVo-b0VnxS1tTXfTkXcFqiqoUu05g%22%2C%22version%22%3A%22criteo%22%7D
.demdex.net/	1970-01-21 03:34:05	Name: demdex Value: 24036849952871735093390957814313609047
.omnitagjs.com/	1970-01-20 23:58:05	Name: ayl_visitor Value: 02d9ceae7bec738004ef93be20d57cac
.media.net/	1970-01-21 08:00:29	Name: visitor-id Value: 3682950709085499000V10
.media.net/	1970-01-20 23:58:05	Name: data-c-ts Value: 1725293470
.media.net/	1970-01-20 23:58:05	Name: data-c Value: k-8zmQr5mx_FVo-b0VnxS1tTXfTkU0o1yEkydxvQ~~3
.dpm.demdex.net/	1970-01-21 03:34:05	Name: dpm Value: 24036849952871735093390957814313609047
.adnxs.com/	1970-01-21 01:24:29	Name: anj Value: dTM7k!M4/rCxrEQF']wIg2GUdHzIqb!@wnfH1YdP.dEXlSkeIbUwOQkVXlFr*:+1sE1^(1(WyTc(x6wr-P`a3.0Hlr)T@vA2mqgmtpjP]%nugO%v4VB%nq>k+hhvA
.1rx.io/	1970-01-21 08:00:29	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-c32a4cc6-392e-4bad-a3d8-0b443f91460b-003%22%7D
.tremorhub.com/	1970-01-21 08:00:50	Name: tvid Value: 1c0101165a094b0d9318dd0f60889e22
.tremorhub.com/	1970-01-20 23:58:05	Name: tv_UICR Value: k-h6pkpJmx_FVo-b0VnxS1tTXfTkU99P0YaopIKw
.targeting.unrulymedia.com/	1970-01-21 08:00:29	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-c32a4cc6-392e-4bad-a3d8-0b443f91460b-003%22%7D
.postrelease.com/	1970-01-21 08:00:29	Name: opt_out Value: 1
.twitter.com/	1970-01-21 08:50:53	Name: guest_id_marketing Value: v1%3A172529347141918278
.twitter.com/	1970-01-21 08:50:53	Name: guest_id_ads Value: v1%3A172529347141918278
.twitter.com/	1970-01-21 08:50:53	Name: personalization_id Value: "v1_QQasNPC/3OWsQIVXfNxfJw=="
.twitter.com/	1970-01-21 08:50:53	Name: guest_id Value: v1%3A172529347141918278
.t.co/	1970-01-21 08:50:53	Name: muc_ads Value: 000d2a23-b25c-4927-9a32-7e7c9f60354c
.t.co/	1970-01-20 23:14:55	Name: __cf_bm Value: afDU_4NsaysW6SHye8jQRs9E1tV27YsTjy.XDLGV0VI-1725293471-1.0.1.1-r2v.IW.hmaerVMYY5J3j22PkjgfSA2RL2QYSyGkQcwISGTDJhDHwrDZ6xT3pbrkXt9.tkOJd2Tq92JqACqJJcg

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://firsatkimden3401.site/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://firsatkimden3401.site/dist/js/thirdparties/glide.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://firsatkimden3401.site/dist/js/global-info.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://firsatkimden3401.site/revolution/customer/getsignedin Message: Failed to load resource: the server responded with a status of 404 ()
security	warning	URL: https://firsatkimden3401.site/?utm_medium=paid&utm_source=ig&utm_id=120210551539100408&utm_content=120210551539190408&utm_term=120210551539140408&utm_campaign=120210551539100408&fbclid=PAZXh0bgNhZW0BMAABptKe48TYZ_8MD2CQnlE3LrUFweCKWjWR-ViXuOxWeG6LdRwAJiyVGpAqoQ_aem_oEZ3BRfP-w_jaDMtmSP4bQ(Line 54) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.twiago.com
ad.360yield.com
ad.yieldlab.net
ams.creativecdn.com
analytics.twitter.com
avlsh.visilabs.net
bam.nr-data.net
bat.bing.com
bundles.efilli.com
cdn.hangikredi.com
cdn.taboola.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
dis.criteo.com
dist-klasor.hangikredi.com
dpm.demdex.net
e1.emxdgt.com
eb2.3lift.com
exchange.mediavine.com
firsatkimden3401.site
fledge.eu.criteo.com
fonts.gstatic.com
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
id5-sync.com
isortagim.hangikredi.com
jadserve.postrelease.com
js-agent.newrelic.com
match.sharethrough.com
matching.ivitrack.com
measurement-api.criteo.com
pixel.rubiconproject.com
psb.taboola.com
r.casalemedia.com
region1.analytics.google.com
region1.google-analytics.com
reporting.hangikredi.com
rpdn.relateddigital.com
rum-collector-2.pingdom.net
rum-static.pingdom.net
simage2.pubmatic.com
sslwidget.criteo.com
static.ads-twitter.com
static.criteo.net
stats.g.doubleclick.net
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.1rx.io
sync.outbrain.com
sync.targeting.unrulymedia.com
t.co
tags.creativecdn.com
trc-events.taboola.com
trc.taboola.com
u.clarity.ms
visitor.omnitagjs.com
waust.at
whos.amung.us
wps.relateddigital.com
www.clarity.ms
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
x.bidswitch.net
dist-klasor.hangikredi.com
104.244.42.131
141.226.228.48
142.250.185.66
142.250.185.98
142.250.186.100
142.250.186.99
146.75.120.157
151.101.129.44
151.101.193.44
157.240.0.6
162.19.138.117
162.247.243.29
172.217.18.2
172.64.151.101
172.66.0.227
172.67.179.115
172.67.71.57
172.67.8.141
176.235.128.34
176.235.128.37
178.250.1.9
18.194.226.218
18.195.234.25
184.30.20.22
185.184.8.90
185.255.84.152
185.89.211.116
198.47.127.205
2001:4860:4802:34::36
23.35.237.75
23.52.181.90
2600:1f18:612b:4216:15c:6f8b:c2c7:4e11
2602:816:5001::39
2606:4700:10::6816:3668
2606:4700:20::681a:ee
2606:4700:3037::ac43:b373
2620:1ec:33:1::10
2620:1ec:bdf::44
2a00:1450:4001:81c::2008
2a00:1450:4001:829::2003
2a00:1450:400c:c0b::9a
2a02:2638:3::15
2a02:2638:3::19
2a02:2638:3::3
2a02:2638:3::c
2a02:6ea0:c700::19
2a03:2880:f177:185:face:b00c:0:25de
3.120.103.239
31.3.2.88
34.117.157.22
34.246.169.171
34.253.43.0
35.214.136.108
35.80.135.250
4.227.249.197
46.228.174.117
54.194.169.106
54.228.154.232
69.173.144.139
70.42.32.191
76.223.111.18
85.215.5.31
91.235.64.232
040b7f39fee2bbf0048192cec4b229ce9e8ec5ef3721d92f366938d043a1f6b4
0974a2a9ee0905ddf7534083b520f05da02839d46c085a5bc231ac3e193fcfdf
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0dc47839877ba28b9635b0e9568a70a37111c8b67a837c5f80328f6c9f9cf72b
10fdf8279552f7460c844b2d30abc65120b368dfd75e486ad326612e456329e7
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc
14c847e283cde4999e0d4ba2b30bc61e64217110eb8f08f24751d0fdeb3ba8e2
1a2e991b47d65ed1d05a56781dcd0d31cadc033f6d837eee8df35d8da0659255
1a9b390d05acee00c923434c219dabdf5e0b74763d2357408e83749c2991d8ec
1e10348a61157f330720723b41b9b2617ed96a2a2db5e9cb196ef6964c2d4b2d
1eead9d70e9b2ca9a45fdab0216267796e8d1659740a2ba273548c3479971f8f
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
264532af47b2cfb6620970592478c442a0cd429beccead9d062ff5a91284dc15
28e9420a6d03a70b837b51c9fbe1bb1f819a3d4aa71bffa07f7c3e79d7dcf878
2e704f6ed14d9241b7b231338d07ae0f5472d50a47cf3c903172ca194a921d7a
2fdb3bc7fa950d90a3487b805e336ecdba2b18232847bd404b80c0ffae8a81e7
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33e2835ded4e5115ebb4887dd38eb83ff6857af771f54fafacb068aaffd43071
3633e632ceff475b1d2770b021fc6921cac1e437aec3ad22c81b52150e0c23f0
36897dbbc9ba81d2ffcbb28625085e56b8297527a3a334ed4847a2f080df81b9
392fa277419aeda194405d4580953251b5e3d899ff9934a2dfede49f91e2404c
3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1
3d7c527b7ea76fb8e20427ee88a32f752a195097d344dc96a0065b2f36495efa
3dcd58ead509fc4a00c01de7910bcf6b8453f2b1934210b832b676fcf4549cbc
40cd26b705f3f15768b84a576a42e0262c80a95c6d037838ee1881e17b7c1fc5
4696f810213cd2334086b5ccb7f70d622533bc31b8295dabecfef0a7ddda8cfc
4b1a7328c60b61139822918071186d93b67799d9bbe660adbabcb22a9c3e71a9
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f810cade896a6215ef3b0ec000031890c444e1f7ced1fbb2872a5920dbc157c
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
568ecb37a3e047d96c60a489a7339fea2adf532ff9315f53ada0368c425363c5
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
5cb17e134764e46e029d700a8b6b60bb8c2ae3a9499c3a49fa0245fd912c73fc
67c0d7838ea3eb2e6cbfe0da12c2f73b5c8c11e190cd72dcc19373a940e2ad4f
70c360a1275959ee89a74601f814bc77196ccfa4b6cc70b4c4b572c6d0708dee
70da82f9d401292acc9c2ed28d6f3bb3d7d07737b4cc4f47a1264559730f05bd
7163a7d63c1de2bf1e674242587e99a21a9456c5b009b92e99f73b333e45427e
769c0c15b0505b178f3a245cd21b058c38f1bb0a091ccdfb83ea159bf9da10a9
7a0f69b88e342930581723071d96b2f1fa6045e717827ff49918fe454acd18f7
7b8b14d91ce8ffdd1ff0016669568af10f5204a9d751b8813cea04a6a8951740
82b35ca5b7fad192706e05fc786774be20fac78d1df15f4c7171ee02e1f4e0be
834b6c224c95e067edc6d2aa781225d215154147b197f480d7fdb1914173c22d
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8608a528a1475a7ecd5a9d97bab2c8b6e9fae5165cb00e6d7e5eca6f87860fb0
8680e113f3a9571f96b1ca862416553889e5db4b5734585117f319cfb4887ecf
875056d8b18edfbd0911abb8642b9588b2c6dff06a6494be4d22d34a9f8ff9a6
882d06191f84d5be3fb1a016c7a29f3c8070296633d51928363383dc239cdfa1
8881b242713e6baafba7834d038a03fc24bda4b8a004a52d53ea7999269bce12
897bdfb38ac86bcd978f4fc40c545ad90010cdc8f76f13ea0cde939e8c180dc9
8bc22b4f2896b0980cd85cd7c8411c5e49a9c698b3c8c5ba7098d0791ffee89c
8dc2962102d46856515ee2afda7fde57c4cc0822917b941f9aecd8704aa07e6f
8fc84be20bc9551a223e82ffbdb302f0525f48daa2021010b10ebdd9e65e6f22
98e86e8f16f39b0597b55bf6de26795e811c1b898520e2d9bbdac288b4c0e44d
991291da5d2ba1cc957841e19485b3705cfc59164db6edd4b6f6ee255ce94932
9a7667a7182356a9adabca185979c2ddfa38636b6dfe52005017844b9a94a293
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a18ebd731b20d7404e2eed45ad15a0e9068ec7c4eb6d95da6727c086e366227d
a278632968026b09d8147fcafc6d1c2d3622ad74ac27e9fd33d27d8c5a40d030
a30193619d26f9641cf93737d73f3053101409e3685a859ca9aaa6f49a413d58
a401bf42b76acb849a8a0852f293b536d7b0fc6433aa5bf3c74afe1576203878
a507ce33356780fdcf262ac008237301f39c0d358d314270f322a3e3cc24b434
a5d06301506088b59508e8e33e093ac271940f2d540068e60169c9f9fa01ba4a
a8fab85b0f39cfe895e2410d94692dfc14926334cc35b369b61b2afbf49bca1a
a974fe46929964e7412266b8e9875d6bde9a2ea653f4575545816411ebbf1d3c
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b46257f718712c2dea44129a43b3adccb92a3a3f6325809c31b85e97c6ae2545
b556be9e42bf854834c317dff1fec496208c0d439264f320b7d7b350fc44c56c
b5ff812dad227556704ffc292079890a68483cdcd76ac169b6cc077a1cb81790
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
b997d146d3cd6d70573d6ef2c33d054f7fee9e1605c5794fffcaaf98a086d401
b9d8ea031a330add9781fc795e3eb65238b4f3501647ea40558035d5d5fad268
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb81beddec7b4e8eb0613a8d5e8482c33e5cd58f3fe7462e689dd57eddc97ed7
c0121ed610fe1f41cad64cf0bc48fb5e566ab11e37ec1dd2f1c4894d929c6f3e
c23c1d0706a3d447b666c50a727ea1d47ee4b5ca60e153ca4e64a29ed5e910e5
c5d05896b5cd1e482f60774cfae4214dfc366355d1a175b20a73d9fbadcdcb06
cdd5ba06ab8aba4acf943b6772bb0d7d89f96af30de6640f0348f4e8f0c22ce2
ce30419afdc9cccf6c91e449fa419527591baca0d7fb76213b15da04bdd7bced
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d2c691345beb60be6c2b8c60de29573a76651b9fb54a75dec7d02c71b0f7e8cb
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e0ac09a5a5a7c5bc380ed976d13a1211653ee8368f5bc9297f5c4c9f44d7d1a4
e1ac9e4670f962dd56d3219bb5d8dab3694c821c1065fca8d330da6176ffeea5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e612bbb5cea5c672daa11cbd0f03b6025c2e020401b3a89d0488613b28b1b61b
e7112b70eed95d42b178135728e6153e34f07001827870748de87cd7dec3538e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f39a8eead81d355d137c8639c646639f11cb03022a2df46ffdc45555e906d1ab
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
ff1e0799d9b462718726f5b01aac1bc7c146ae6bb69e527100cfb7396dbabd9e
ffe8da8b5f6348be8280e7f950393611c7f0b57d245989aab8bb78785a7177e8

firsatkimden3401.site Open in urlscan Pro 2606:4700:3037::ac43:b373 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

146 Requests

93 %HTTPS

27 %IPv6

52 Domains

70 Subdomains

61 IPs

8 Countries

918 kBTransfer

2731 kBSize

55 Cookies

52 Outgoing links

Page URL History

Redirected requests

146 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

firsatkimden3401.site Open in urlscan Pro
2606:4700:3037::ac43:b373 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

146
Requests

93 %
HTTPS

27 %
IPv6

52
Domains

70
Subdomains

61
IPs

8
Countries

918 kB
Transfer

2731 kB
Size

55
Cookies

146 HTTP transactions
1 data transactions