www.hazem-cf.cf Open in urlscan Pro
216.58.207.243  Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.hazem-cf.cf/	147 KB 38 KB	402ms 207ms	Document text/html	216.58.207.243
General Check archive.org Show headers Download Go to Full URL https://www.hazem-cf.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.207.243 Mountain View, United States, ASN (), Reverse DNS Software GSE / Resource Hash bc88c5f528170884e11eed3c77207ba0c9850c53317049e70346c306399aa083 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.hazem-cf.cf :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 expires Sat, 11 Sep 2021 13:04:55 GMT date Sat, 11 Sep 2021 13:04:55 GMT cache-control private, max-age=0 last-modified Sun, 22 Aug 2021 19:18:04 GMT etag W/"b6171467f8dfde00fa5cd41c40cb002c112e713377123002f2ad04ae0f6644c7" content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 38433 server GSE
GET H2	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/	138 KB 49 KB	87ms 32ms	Script text/javascript	74.125.133.157
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4935360701123575 Requested by Host: www.hazem-cf.cf URL: https://www.hazem-cf.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.133.157 , United States, ASN (), Reverse DNS Software cafe / Resource Hash 919a34024fb3cdd165a351cbc087d5698a39525a803f9ce96b149883c29b1773 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.hazem-cf.cf/ Origin https://www.hazem-cf.cf Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Sat, 11 Sep 2021 13:04:56 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 49445 x-xss-protection 0 server cafe etag 6681020038580806422 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600 timing-allow-origin * expires Sat, 11 Sep 2021 13:04:56 GMT
GET H2	200	css2 fonts.googleapis.com/	10 KB 1 KB	190ms 64ms	Stylesheet text/css	142.250.74.74
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?display=swap&family=Katibeh&family=Mirza&family=Lalezar&family=Jomhuria&family=Rakkas&family=Lemonada&family=Cairo&family=Tajawal&family=El+Messiri Requested by Host: www.hazem-cf.cf URL: https://www.hazem-cf.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.74.74 , United States, ASN (), Reverse DNS Software ESF / Resource Hash a20a351a8a9377e05c1a7fbc5d227aeef60202018bbea1884cf00b610824203c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Sat, 11 Sep 2021 13:04:56 GMT server ESF date Sat, 11 Sep 2021 13:04:56 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 11 Sep 2021 13:04:56 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.2.1/	85 KB 30 KB	73ms 23ms	Script text/javascript	74.125.133.95
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js Requested by Host: www.hazem-cf.cf URL: https://www.hazem-cf.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.133.95 , United States, ASN (), Reverse DNS Software sffe / Resource Hash 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Thu, 09 Sep 2021 15:16:31 GMT content-encoding gzip x-content-type-options nosniff age 164905 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30306 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 09 Sep 2022 15:16:31 GMT
GET H3	200	show_ads_impl_with_ama_fy2019.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/	251 KB 93 KB	64ms 42ms	Script text/javascript	74.125.133.157
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4935360701123575&plah=www.hazem-cf.cf Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4935360701123575 Protocol H3 Security QUIC, , AES_128_GCM Server 74.125.133.157 , United States, ASN (), Reverse DNS Software cafe / Resource Hash 3439f40df7ad4714cdd5695d237ce23f6d17b56cf1600a7c8fe4c6616b5353e3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Sat, 11 Sep 2021 13:04:56 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 95416 x-xss-protection 0 server cafe etag 8941794579414213630 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Sat, 11 Sep 2021 13:04:56 GMT
GET H2	200	/ www.hazem-cf.cf/	11 KB 11 KB	216ms 216ms	Image text/html	216.58.207.243
General Check archive.org Show headers Download Go to Show image Full URL https://www.hazem-cf.cf/ Requested by Host: www.hazem-cf.cf URL: https://www.hazem-cf.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.207.243 Mountain View, United States, ASN (), Reverse DNS Software GSE / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :path / pragma no-cache accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority www.hazem-cf.cf referer https://www.hazem-cf.cf/ :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests content-encoding gzip x-content-type-options nosniff last-modified Sun, 22 Aug 2021 19:18:04 GMT server GSE etag W/"b6171467f8dfde00fa5cd41c40cb002c112e713377123002f2ad04ae0f6644c7" content-security-policy-report-only default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport content-type text/html; charset=UTF-8 cache-control private, max-age=0 date Sat, 11 Sep 2021 13:04:56 GMT content-length 38433 x-xss-protection 1; mode=block expires Sat, 11 Sep 2021 13:04:56 GMT
GET H2	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20210908/r20190131/ Frame 8117	10 KB 5 KB	80ms 26ms	Document text/html	142.250.110.156
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20210908/r20190131/zrt_lookup.html Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4935360701123575 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.110.156 , United States, ASN (), Reverse DNS Software cafe / Resource Hash bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /pagead/html/r20210908/r20190131/zrt_lookup.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.hazem-cf.cf/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Fri, 10 Sep 2021 19:25:24 GMT expires Fri, 24 Sep 2021 19:25:24 GMT content-type text/html; charset=UTF-8 etag 13836150016441684253 x-content-type-options nosniff content-encoding gzip server cafe content-length 4591 x-xss-protection 0 age 63572 cache-control public, max-age=1209600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated /	627 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6a217480aa6975d5cca42e735655916610429fe4c60dc7f1a21c75badff47d33 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 22df6f5eb095e7178122e3fa56cfd1dfd360b11991fff2e55fb4d7606c682141 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
GET DATA	200 OK	truncated /	378 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 71bf013a6ac6ce6828da23e6fc0d9b279f2265bf2b9b8e853861441898aa97c0 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
GET H2	200	256-256.png 3.bp.blogspot.com/-T-V-PJOU4v0/XZYzHfq1dYI/AAAAAAAABOw/obz8rMcwKgEvPkHP1ahM2tyAqm8fRYZYwCK4BGAYYCw/w27-h27-p-k-nu/	1 KB 2 KB	94ms 23ms	Image image/png	74.125.71.132
General Check archive.org Show headers Download Go to Show image Full URL https://3.bp.blogspot.com/-T-V-PJOU4v0/XZYzHfq1dYI/AAAAAAAABOw/obz8rMcwKgEvPkHP1ahM2tyAqm8fRYZYwCK4BGAYYCw/w27-h27-p-k-nu/256-256.png Requested by Host: www.hazem-cf.cf URL: https://www.hazem-cf.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.71.132 , United States, ASN (), Reverse DNS Software fife / Resource Hash fdc94d53d1796c028c474c2f2fa236f730b1f0869a42108d706c307422329e21 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Sat, 11 Sep 2021 10:03:50 GMT x-content-type-options nosniff age 10866 content-disposition inline;filename="256-256.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1286 x-xss-protection 0 server fife etag "v4ed" vary Origin content-type image/png access-control-allow-origin * access-control-expose-headers Content-Length cache-control public, max-age=86400, no-transform timing-allow-origin * expires Mon, 06 Sep 2021 01:51:07 GMT
GET H2	200	cookie.js Show response partner.googleadservices.com/gampad/	201 B 656 B	234ms 61ms	Script text/javascript	142.250.74.98
General Check archive.org Show headers Download Go to Full URL https://partner.googleadservices.com/gampad/cookie.js?domain=www.hazem-cf.cf&callback=_gfp_s_&client=ca-pub-4935360701123575 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4935360701123575&plah=www.hazem-cf.cf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.74.98 , United States, ASN (), Reverse DNS Software cafe / Resource Hash 62e7e54df62ce0fdc263756cb3eedb41cb76e0fe3b618fc6158ce987a7eceae1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Sat, 11 Sep 2021 13:04:56 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type text/javascript; charset=UTF-8 cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 191 x-xss-protection 0
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	22ms 21ms	Image image/gif	74.125.133.157
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.hazem-cf.cf%2F&tn=DIV&cls=par-tp&ign=false&pw=1600&ph=1200&x=0&y=0 Requested by Host: www.hazem-cf.cf URL: https://www.hazem-cf.cf/ Protocol H3 Security QUIC, , AES_128_GCM Server 74.125.133.157 , United States, ASN (), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers pragma no-cache date Sat, 11 Sep 2021 13:04:56 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 853 B	81ms 25ms	Script application/javascript	64.233.167.155
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=www.hazem-cf.cf Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4935360701123575&plah=www.hazem-cf.cf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 64.233.167.155 , United States, ASN (), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers timing-allow-origin * date Sat, 11 Sep 2021 13:04:56 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 570 B	79ms 23ms	Script application/javascript	64.233.184.157
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.hazem-cf.cf Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4935360701123575&plah=www.hazem-cf.cf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 64.233.184.157 , United States, ASN (), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers timing-allow-origin * date Sat, 11 Sep 2021 13:04:56 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	403	ads Show response googleads.g.doubleclick.net/pagead/ Frame 0CED	603 B 67 B	56ms 35ms	Document text/html	142.250.110.156
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-4935360701123575&output=html&adk=1812271804&adf=3025194257&lmt=1629659884&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.hazem-cf.cf%2F&ea=0&flash=0&host=ca-host-pub-1556223355139109&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631365496156&bpp=4&bdt=165&idt=171&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3197616490964&frm=20&pv=2&ga_vid=810346998.1631365496&ga_sid=1631365496&ga_hid=533490220&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066431%2C44750533%2C44749371%2C31062297%2C31062312&oid=3&pvsid=1934937084943137&pem=474&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=194 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4935360701123575&plah=www.hazem-cf.cf Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.110.156 , United States, ASN (), Reverse DNS Software cafe / Resource Hash 00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /pagead/ads?npa=1&client=ca-pub-4935360701123575&output=html&adk=1812271804&adf=3025194257&lmt=1629659884&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.hazem-cf.cf%2F&ea=0&flash=0&host=ca-host-pub-1556223355139109&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631365496156&bpp=4&bdt=165&idt=171&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3197616490964&frm=20&pv=2&ga_vid=810346998.1631365496&ga_sid=1631365496&ga_hid=533490220&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066431%2C44750533%2C44749371%2C31062297%2C31062312&oid=3&pvsid=1934937084943137&pem=474&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=194 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.hazem-cf.cf/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Sat, 11 Sep 2021 13:04:56 GMT server cafe content-length 46 x-xss-protection 0 set-cookie test_cookie=CheckForPermission; expires=Sat, 11-Sep-2021 13:19:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	couple-1375125_1920.jpg 1.bp.blogspot.com/-4oWgcoetgH0/YRqp_2DP9QI/AAAAAAAAF7U/Jw5S07oMDsg8haqz_OfwJ2sEnwGjl1IxQCLcBGAsYHQ/s350/	21 KB 21 KB	289ms 281ms	Image image/jpeg	74.125.71.132
General Check archive.org Show headers Download Go to Show image Full URL https://1.bp.blogspot.com/-4oWgcoetgH0/YRqp_2DP9QI/AAAAAAAAF7U/Jw5S07oMDsg8haqz_OfwJ2sEnwGjl1IxQCLcBGAsYHQ/s350/couple-1375125_1920.jpg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.71.132 , United States, ASN (), Reverse DNS Software fife / Resource Hash 4531da6d193667d4cc861939fe38094ec25d9c3a1b3855f854cae32c7ac75f17 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Sat, 11 Sep 2021 13:04:56 GMT x-content-type-options nosniff server fife etag "v17b6" vary Origin content-type image/jpeg access-control-allow-origin * access-control-expose-headers Content-Length cache-control public, max-age=86400, no-transform content-disposition inline;filename="couple-1375125_1920.jpg" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21711 x-xss-protection 0 expires Sun, 12 Sep 2021 13:04:56 GMT
GET H2	200	hand-1549399_1920.jpg 1.bp.blogspot.com/-2PyG8IJphrs/YRqnIVmr8cI/AAAAAAAAF7M/YVXL3AONqaE45YLNVcK5GN2q9JdfovREQCLcBGAsYHQ/s350/	28 KB 28 KB	185ms 178ms	Image image/jpeg	74.125.71.132
General Check archive.org Show headers Download Go to Show image Full URL https://1.bp.blogspot.com/-2PyG8IJphrs/YRqnIVmr8cI/AAAAAAAAF7M/YVXL3AONqaE45YLNVcK5GN2q9JdfovREQCLcBGAsYHQ/s350/hand-1549399_1920.jpg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.71.132 , United States, ASN (), Reverse DNS Software fife / Resource Hash 93b99d9e840c12970a2eecd7a6c2601e8e33d60df1f052c89082b4776603cb18 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Sat, 11 Sep 2021 13:04:56 GMT x-content-type-options nosniff server fife etag "v17b4" vary Origin content-type image/jpeg access-control-allow-origin * access-control-expose-headers Content-Length cache-control public, max-age=86400, no-transform content-disposition inline;filename="hand-1549399_1920.jpg" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28460 x-xss-protection 0 expires Sun, 12 Sep 2021 13:04:56 GMT
GET H2	200	wedding-2595862_1920.jpg 1.bp.blogspot.com/-bAsV_72fqWg/YRd9uBU-mXI/AAAAAAAAF40/XxdDOXJFRVI57CCSSf0n0Pb8wOHm5bzOwCLcBGAsYHQ/s320/	22 KB 22 KB	43ms 35ms	Image image/jpeg	74.125.71.132
General Check archive.org Show headers Download Go to Show image Full URL https://1.bp.blogspot.com/-bAsV_72fqWg/YRd9uBU-mXI/AAAAAAAAF40/XxdDOXJFRVI57CCSSf0n0Pb8wOHm5bzOwCLcBGAsYHQ/s320/wedding-2595862_1920.jpg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.71.132 , United States, ASN (), Reverse DNS Software fife / Resource Hash f2b6585d52efbbdf7bebda608e562d537c9c8bfa6fc3a6010de3c8520fcab263 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Sat, 11 Sep 2021 13:04:56 GMT x-content-type-options nosniff server fife etag "v178e" vary Origin content-type image/jpeg access-control-allow-origin * access-control-expose-headers Content-Length cache-control public, max-age=86400, no-transform content-disposition inline;filename="wedding-2595862_1920.jpg" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 22420 x-xss-protection 0 expires Sun, 12 Sep 2021 13:04:56 GMT
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/	11 KB 8 KB	68ms 37ms	XHR application/json	74.125.133.157
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210908&st=env Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4935360701123575&plah=www.hazem-cf.cf Protocol H3 Security QUIC, , AES_128_GCM Server 74.125.133.157 , United States, ASN (), Reverse DNS Software cafe / Resource Hash e8ffe02a151c1c1673855240ffc51bade07c9d41d78ae913e6c563003999b74b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers timing-allow-origin * date Sat, 11 Sep 2021 13:04:56 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8400 x-xss-protection 0
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 7 KB	183ms 70ms	Script text/javascript	216.58.207.193
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4935360701123575&plah=www.hazem-cf.cf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.207.193 Mountain View, United States, ASN (), Reverse DNS Software sffe / Resource Hash a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Sat, 11 Sep 2021 13:04:56 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1624308425655142" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6467 x-xss-protection 0 expires Sat, 11 Sep 2021 13:04:56 GMT
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/224/ Frame 2B52	12 KB 5 KB	103ms 46ms	Document text/html	216.58.207.193
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 216.58.207.193 Mountain View, United States, ASN (), Reverse DNS Software sffe / Resource Hash 4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/224/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.hazem-cf.cf/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin content-length 5029 date Sat, 11 Sep 2021 09:03:37 GMT expires Sun, 11 Sep 2022 09:03:37 GMT last-modified Wed, 02 Jun 2021 17:09:45 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 14479 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	aframe Show response www.google.com/recaptcha/api2/ Frame C697	783 B 1 KB	88ms 35ms	Document text/html	142.250.110.103
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.110.103 , United States, ASN (), Reverse DNS Software GSE / Resource Hash ebab0dddde1c40e7e14369d458d4c31ea7ecf0ebb1a695f0ed732a67b04d19c1 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-tO0JCrkeOwB1/5cRDv6ucg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/aframe pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.hazem-cf.cf/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy-report-only require-corp; report-to="recaptcha" report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Sat, 11 Sep 2021 13:04:56 GMT date Sat, 11 Sep 2021 13:04:56 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-tO0JCrkeOwB1/5cRDv6ucg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 512 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame C697	0 0	40ms 40ms	Image text/html	74.125.133.157
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210908&jk=1934937084943137&rc= Protocol H3 Security QUIC, , AES_128_GCM Server 74.125.133.157 , United States, ASN (), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers
GET H3	200	N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js Show response pagead2.googlesyndication.com/bg/ Frame 2B52	35 KB 13 KB	21ms 21ms	Script text/javascript	74.125.133.157
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 74.125.133.157 , United States, ASN (), Reverse DNS Software sffe / Resource Hash 379786ba7efd28c3688079772572e32e8ec2f95812bbaaad547fb3650878cfdf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Tue, 07 Sep 2021 20:47:01 GMT content-encoding br x-content-type-options nosniff age 317875 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13196 x-xss-protection 0 last-modified Mon, 06 Sep 2021 10:38:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 07 Sep 2022 20:47:01 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	26ms 25ms	Image image/gif	74.125.133.157
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210908&jk=1934937084943137&bg=!BAelB0PNAAYT0U73E9E7ACkAdvg8WijS1TguR_whsNI28ojkfDjt62W0gSYxX_GWg7My7V6O6QL7kQIAAABtUgAAAAxoAQeZAnvJjNT3vjpIvC9qaeXS7DYMEtLaFiV9j-254KZq7tUqPFpigR59kfGo1-BqXolzO3M-053AmuqgQTQhaQubR_a9WBlWAYmSKqz3rC0qkSWJ3zG-9PavMnoi3UMS_DBBM4lQz-7ONnY9QX8UhpVt9mg7QLxXFcFWmuwKDckbmkthPrKt_jIUotCKmsF_aoAk5FCnnVCUm0jnL-pBBWsvkjKc-FubUEiEeLdRGruyh8VV3nEEywclOi2IVix_qtF05A9ecBw4QrTbaPIAXDzLqpNDGxL1Q9do6m4P7kKVeAFnXLak9n1oydaKxT5g3Hdew0ncGOhhpRUJtWpeLK-P57R_CmPmy_cj535k7SMHy26DP_kpjA4FT-E_Hx4VnbEIVt0DH3E_oK20v5CH1S7Cw7XRyfYerBNFma842OiCZFu_nnTMk44_9dW6be_x8o-s-79TGbOtzQjA1evDEpDpa50FlUfYBQGt4QqnGsovFyLrEWzbz8ARLRWW1GKDOu-C_XVjhXptE7BjpzMhzvwtvHAy0mWKvlljcsJExnpbMePpa0zdF1wuOLzGlNU5Gm__nq-aE3LPmnE6cPSpPqASreGR7zAoGIKu52iRnIT7A-25ToOaMu3fYTk_0f0Wl7IOStzTIyZyW4DKBPWeKHUBGnYM7hBnVyZv1iuja1j_6xlIz95DNCUHbG4Rq3MkDNilATuADjXndQkEjS__O4a_R_wKPiJDV9Qo7TEmBucnZ-EX3SkRxdy2JCv1AkgVkc0b0FosDujNA4PNj_oA6U_RLdeEvb_rgIUw-Y_b1tugS2Wdjn8imnO4A8KeFfNiI_ONjICT-pjC15vLL3RlJA Protocol H3 Security QUIC, , AES_128_GCM Server 74.125.133.157 , United States, ASN (), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.hazem-cf.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers pragma no-cache date Sat, 11 Sep 2021 13:04:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforexrselect boolean| originAgentCluster object| _0x205f function| _0x53b8 function| prst object| adsbygoogle object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_persistent_state_async boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map string| google_user_agent_client_hint object| blogLabels function| $ function| jQuery string| ArrowIcon string| BlogID object| _0x1ec6 function| _0x33fe string| olderLink string| $my_menu string| $my_icon string| $my_tre function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken object| google_prev_clients object| gaGlobal object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-19 21:09:26	Name: test_cookie Value: CheckForPermission
			.hazem-cf.cf/	1970-01-20 06:31:01	Name: __gads Value: ID=235381441860802f-22bdc70d0cc900b9:T=1631365496:RT=1631365496:S=ALNI_MbsmGSHojdf0h8Rnajp_8xHAJByeA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-4935360701123575&output=html&adk=1812271804&adf=3025194257&lmt=1629659884&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.hazem-cf.cf%2F&ea=0&flash=0&host=ca-host-pub-1556223355139109&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631365496156&bpp=4&bdt=165&idt=171&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3197616490964&frm=20&pv=2&ga_vid=810346998.1631365496&ga_sid=1631365496&ga_hid=533490220&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066431%2C44750533%2C44749371%2C31062297%2C31062312&oid=3&pvsid=1934937084943137&pem=474&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=194 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
3.bp.blogspot.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
fonts.googleapis.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
www.google.com
www.hazem-cf.cf
142.250.110.103
142.250.110.156
142.250.74.74
142.250.74.98
216.58.207.193
216.58.207.243
64.233.167.155
64.233.184.157
74.125.133.157
74.125.133.95
74.125.71.132
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
22df6f5eb095e7178122e3fa56cfd1dfd360b11991fff2e55fb4d7606c682141
3439f40df7ad4714cdd5695d237ce23f6d17b56cf1600a7c8fe4c6616b5353e3
379786ba7efd28c3688079772572e32e8ec2f95812bbaaad547fb3650878cfdf
4531da6d193667d4cc861939fe38094ec25d9c3a1b3855f854cae32c7ac75f17
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
62e7e54df62ce0fdc263756cb3eedb41cb76e0fe3b618fc6158ce987a7eceae1
6a217480aa6975d5cca42e735655916610429fe4c60dc7f1a21c75badff47d33
71bf013a6ac6ce6828da23e6fc0d9b279f2265bf2b9b8e853861441898aa97c0
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
919a34024fb3cdd165a351cbc087d5698a39525a803f9ce96b149883c29b1773
93b99d9e840c12970a2eecd7a6c2601e8e33d60df1f052c89082b4776603cb18
a20a351a8a9377e05c1a7fbc5d227aeef60202018bbea1884cf00b610824203c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
bc88c5f528170884e11eed3c77207ba0c9850c53317049e70346c306399aa083
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8ffe02a151c1c1673855240ffc51bade07c9d41d78ae913e6c563003999b74b
ebab0dddde1c40e7e14369d458d4c31ea7ecf0ebb1a695f0ed732a67b04d19c1
f2b6585d52efbbdf7bebda608e562d537c9c8bfa6fc3a6010de3c8520fcab263
fdc94d53d1796c028c474c2f2fa236f730b1f0869a42108d706c307422329e21