jordan.hatla2ee.com Open in urlscan Pro
2606:4700:20::681a:7c0 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://jordan.hatla2ee.com/
Effective URL:
https://jordan.hatla2ee.com/
Submission: On May 24 via manual (May 24th 2021, 12:43:03 pm UTC) from JP

Summary HTTP 103 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 10 domains to perform 103 HTTP transactions. The main IP is 2606:4700:20::681a:7c0, located in United States and belongs to CLOUDFLARENET, US. The main domain is jordan.hatla2ee.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 18th 2020. Valid for: a year.

This is the only time jordan.hatla2ee.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	2606:4700:20:... 2606:4700:20::681a:7c0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
23	2606:4700:303... 2606:4700:3032::6815:495e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
3 8	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
3 6	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
103	15

4 2606:4700:20::681a:7c0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

jordan.hatla2ee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2606:4700:3032::6815:495e (United States)

ASN13335 (CLOUDFLARENET, US)

media.hatla2eestatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.70 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	436 KB
23	hatla2eestatic.com media.hatla2eestatic.com	731 KB
22	doubleclick.net 3 redirects googleads.g.doubleclick.net stats.g.doubleclick.net ad.doubleclick.net	103 KB
9	google.com 3 redirects adservice.google.com www.google.com	1 KB
4	googletagservices.com www.googletagservices.com	136 KB
4	hatla2ee.com 1 redirects jordan.hatla2ee.com	137 KB
3	google.de adservice.google.de www.google.de	1013 B
3	google-analytics.com www.google-analytics.com	19 KB
1	googleadservices.com partner.googleadservices.com	638 B
1	facebook.com www.facebook.com	297 B
103	10

	Domain	Requested by
26	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
23	media.hatla2eestatic.com	jordan.hatla2ee.com media.hatla2eestatic.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
14	pagead2.googlesyndication.com	jordan.hatla2ee.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
8	www.google.com	3 redirects jordan.hatla2ee.com googleads.g.doubleclick.net tpc.googlesyndication.com
6	ad.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	jordan.hatla2ee.com	1 redirects jordan.hatla2ee.com
3	www.google-analytics.com	jordan.hatla2ee.com www.google-analytics.com
2	www.google.de	jordan.hatla2ee.com
2	stats.g.doubleclick.net	www.google-analytics.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.facebook.com	jordan.hatla2ee.com
103	15

This site contains links to these domains. Also see Links.

Domain
play.google.com
apps.apple.com
eg.hatla2ee.com
ksa.hatla2ee.com
uae.hatla2ee.com
qatar.hatla2ee.com
lebanon.hatla2ee.com
oman.hatla2ee.com
kuwait.hatla2ee.com
libya.hatla2ee.com
iraq.hatla2ee.com
yemen.hatla2ee.com
www.facebook.com
itunes.apple.com
appgallery1.huawei.com
www.hatla2ee.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-18` - `2021-07-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://jordan.hatla2ee.com/
Frame ID: AE4DB44BC10E185C9E9FCE2D918C5D31
Requests: 46 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html
Frame ID: A8F93B30EAF1A81D9AE655C483C679FB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&adk=1812271804&adf=3025194257&lmt=1621860164&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164678&bpp=23&bdt=143&idt=230&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1983849134907&frm=20&pv=2&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=276
Frame ID: 5F0D2AF4394C5A2773F8A0CE46EDED8B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=3556837215&adf=2742494965&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164761&bpp=3&bdt=226&idt=313&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=574&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6vPTLmFF5G&p=https%3A//jordan.hatla2ee.com&dtd=326
Frame ID: F831E6634C6E35E366561CAC8C7E0633
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342
Frame ID: C448F7C1EF3A9DDAFC204541CD49980E
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=600&slotname=8666046263&adk=1061136711&adf=3649827849&pi=t.ma~as.8666046263&w=300&lmt=1621860165&psa=0&format=300x600&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164855&bpp=26&bdt=320&idt=316&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=317&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H2VpqfXcvK&p=https%3A//jordan.hatla2ee.com&dtd=321
Frame ID: 085612D74224B63FCC2314640995AE26
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html
Frame ID: FFF8CB1317105746178F9387696C1708
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: CAA997093734CC3B9EEEEA2012AB5136
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html
Frame ID: E4C3330B0198440A6EAA99E1878B7E1E
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DCB0B72050DCF0C700A0B7CCFA540C83
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html
Frame ID: 6927FD788AE807D54DA8174B7BF77499
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 48887FED858DC62FBEF3D2D2978BC59D
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 974386CCE8988AE7397898ADEF06B5A4
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EADDDF75C78953148E89237A68E83646
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://jordan.hatla2ee.com/ HTTP 301
https://jordan.hatla2ee.com/ Page URL

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

103
Requests

100 %
HTTPS

86 %
IPv6

10
Domains

15
Subdomains

15
IPs

3
Countries

1564 kB
Transfer

4531 kB
Size

8
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://play.google.com/store/apps/details?id=com.hatla2ee.hatla2ee_egypt&referrer=utm_source%3Dhatla2ee%26utm_medium%3Dbanner%26utm_content%3Dbanner%26utm_campaign%3Dbanner
Title: احصل على ابلكيشن هتلاقى تنزيل من المتجر

Search URL Search Domain Scan URL

URL: https://apps.apple.com/app/apple-store/id1272125275?pt=118766861&ct=banner&mt=8
Title: احصل على ابلكيشن هتلاقى تنزيل من المتجر

Search URL Search Domain Scan URL

URL: https://eg.hatla2ee.com/
Title: مصر

Search URL Search Domain Scan URL

URL: https://ksa.hatla2ee.com/
Title: السعوديه

Search URL Search Domain Scan URL

URL: https://uae.hatla2ee.com/
Title: الامارات

Search URL Search Domain Scan URL

URL: https://qatar.hatla2ee.com/
Title: قطر

Search URL Search Domain Scan URL

URL: https://lebanon.hatla2ee.com/
Title: لبنان

Search URL Search Domain Scan URL

URL: https://oman.hatla2ee.com/
Title: عمان

Search URL Search Domain Scan URL

URL: https://kuwait.hatla2ee.com/
Title: الكويت

Search URL Search Domain Scan URL

URL: https://libya.hatla2ee.com/
Title: ليبا

Search URL Search Domain Scan URL

URL: https://iraq.hatla2ee.com/
Title: العراق

Search URL Search Domain Scan URL

URL: https://yemen.hatla2ee.com/
Title: اليمن

Search URL Search Domain Scan URL

URL: http://www.facebook.com/pages/Hatla2ee-jordan/141513002614304

Search URL Search Domain Scan URL

URL: https://apps.apple.com/app/apple-store/id1272125275?pt=118766861&ct=sticky&mt=8
Title:

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.hatla2ee.hatla2ee_egypt&referrer=utm_source%3Dhatla2ee%26utm_medium%3Dsticky%26utm_content%3Dsticky%26utm_campaign%3Dsticky
Title:

Search URL Search Domain Scan URL

URL: https://eg.hatla2ee.com/ar/car
Title: سيارات مستعملة للبيع في مصر

Search URL Search Domain Scan URL

URL: https://uae.hatla2ee.com/ar/car
Title: سيارات مستعملة للبيع في الإمارات

Search URL Search Domain Scan URL

URL: https://ksa.hatla2ee.com/ar/car
Title: سيارات مستعملة للبيع في السعودية

Search URL Search Domain Scan URL

URL: https://oman.hatla2ee.com/ar/car
Title: سيارات مستعملة للبيع في عمان

Search URL Search Domain Scan URL

URL: https://yemen.hatla2ee.com/ar/car
Title: سيارات مستعملة للبيع في اليمن

Search URL Search Domain Scan URL

URL: https://kuwait.hatla2ee.com/ar/car
Title: سيارات المستعملة في الكويت

Search URL Search Domain Scan URL

URL: https://qatar.hatla2ee.com/ar/car
Title: سيارات المستعملة في قطر

Search URL Search Domain Scan URL

URL: https://lebanon.hatla2ee.com/ar/car
Title: سيارات مستعملة للبيع في لبنان

Search URL Search Domain Scan URL

URL: https://libya.hatla2ee.com/ar/car
Title: سيارات مستعملة للبيع في ليبيا

Search URL Search Domain Scan URL

URL: https://iraq.hatla2ee.com/ar/car
Title: سيارات مستعملة للبيع في العراق

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.hatla2ee.hatla2ee_egypt&referrer=utm_source%3Dhatla2ee%26utm_medium%3Dbanner%26utm_campaign%3Dfooter
Title:

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/apple-store/id1272125275?pt=118766861&ct=hatla2ee_banner_footer&mt=8
Title:

Search URL Search Domain Scan URL

URL: https://appgallery1.huawei.com/#/app/C100213777
Title:

Search URL Search Domain Scan URL

URL: https://www.hatla2ee.com/
Title: Hatla2ee.com

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.hatla2ee.hatla2ee_egypt&referrer=utm_source=hatla2ee&utm_medium=takeover&utm_content=takeover&utm_campaign=takeover
Title: هتلاقي أسرع على تطبيق الهاتف search شراء add_circle_outline بيع local_offer الأسعار notifications_active تنبيهات والكثير .. نزل التطبيق الأن

Search URL Search Domain Scan URL

URL: https://apps.apple.com/app/apple-store/id1272125275?pt=118766861&ct=takeover&mt=8
Title: هتلاقي أسرع على تطبيق الهاتف search شراء add_circle_outline بيع local_offer الأسعار notifications_active تنبيهات والكثير .. نزل التطبيق الأن

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://jordan.hatla2ee.com/ HTTP 301
https://jordan.hatla2ee.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=1962479197;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=CL-crvir4vACFc2GdwodoNoJIw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=1962479197;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 60

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 62

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=3767225136;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=COqltPir4vACFYn2dwodgRQIQw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=3767225136;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 72

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=700776768;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=CPnnufir4vACFTTauwgdWQ4LPg;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=700776768;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 92

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 95

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

103 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
jordan.hatla2ee.com/
Redirect Chain

http://jordan.hatla2ee.com/
https://jordan.hatla2ee.com/

107 KB
22 KB

206ms
189ms

Document
text/html

2606:4700:20::681a:7c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jordan.hatla2ee.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7c0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ddb4272221cf2006df714a0db7ab3de969005e4795869fde575fbfd8637deb4

Request headers

:method: GET
:authority: jordan.hatla2ee.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
content-type: text/html; charset=utf-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
vary: Accept-Encoding
x-backendfr: opswsws2
cache-control: public, max-age=1800
x-varnish: 956618370
age: 0
via: 1.1 varnish (Varnish/6.0)
x-cachefr: MISS
cf-cache-status: DYNAMIC
cf-request-id: 0a3fff3afa00004dca1fb12000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zeENMh6Yk%2BQFdrXcDpKnwljfXg1B%2BHhmfkU8M7lJUUlCcWO8nDr3tcRMYxRhmzxZLxxSSL%2F%2F1GkkUJcz2pIn8tPVjAUPnw945FpHo3HRr7A1Xr1hFsHLXWcWbqaeURjK"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65469b0b2a024dca-FRA
content-encoding: br

Redirect headers

Date: Mon, 24 May 2021 12:42:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 24 May 2021 13:42:44 GMT
Location: https://jordan.hatla2ee.com/
cf-request-id: 0a3fff3aca00004a8c0eb25000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yjT6LwaeRnPI5Y7qfEPnndGOEwdw0QdzUtAxKlYGhMHi0a%2FW2oy8Bf%2BaY9RKkF9a3bOT3QO0In5HN9nxC0enMP6iv%2FauP3hPajYLblqq2eV4qSscZ8Mq5sRuLFzd1cYf"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 65469b0adc644a8c-FRA

GET
H2 200 out_ar.css
media.hatla2eestatic.com/css/ 1 MB
155 KB 61ms
37ms Stylesheet
text/css 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://media.hatla2eestatic.com/css/out_ar.css?1621765085
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0914c77d032035a0105a531e360d613d75ad57af45e994269f56eae00215b70

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 94167
cf-polished: origSize=1098068
cf-ray: 65469b0c8f152488-FRA
x-backendfr: opswsws4
cf-bgj: minify
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3bd60000248852352000000001
last-modified: Sun, 23 May 2021 10:18:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xUIrI73dN9ikxEXra9qIDvOMIljdk7vblxbxFc7GN32IRN6UtvXf%2BxkUdEbeV8vc5rk55CQUuggRtlMRwSuP483fBx88zcThrDUb4JLKFalFaW0MjrhkZRCFu1azokRmUNq2XyY%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 871901012
cache-control: max-age=31536000
x-cachefr: MISS
content-type: text/css
expires: Mon, 23 May 2022 10:33:17 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 132 KB
47 KB 43ms
23ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66692834201188242d64623d532248275efe2ba80101490c96bdce4160b78188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47950
x-xss-protection: 0
server: cafe
etag: 4501822382306722350
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 24 May 2021 12:42:44 GMT

GET
H3-29 200 hatla2ee_logo_new.png
media.hatla2eestatic.com/images/general/ 2 KB
3 KB 29ms
16ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/hatla2ee_logo_new.png
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c893d1464c078f6fd76c6ab0b140105d2fe3cad26cb0371a95cce15e9dfe9ab4

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2705176
content-type: image/png
x-backendfr: opswsws1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c290000323c661f8000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qOBAP9D6Xdvrix0XDoVgTPnhqTwiucm2fArWg7Mbwp%2Fb9iVlPht3ZxRH%2BxDWMBEIJbnfUlu25NwYBmNhLI5aszRImACCYIn1SQJvHWozipPGujoR63eNw4efGR%2BEGUHpXYOknA4%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 272994134
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d0bec323c-FRA
expires: Sat, 23 Apr 2022 05:16:28 GMT

GET
H3-29 200 appshcts.png
media.hatla2eestatic.com/images/general/ 6 KB
6 KB 15ms
15ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/appshcts.png
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8cd5b63aa619f2b5c65fb5bf3ac58ab2a64fdd000482330e2d9cc8c97e1eff0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3253637
content-type: image/png
x-backendfr: opswsws3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c450000323cb40aa000000001
last-modified: Thu, 15 Apr 2021 14:22:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=USOsCvW4EZfTjDaH4Qn0fw9DU6IcbK6Ib1l4Y%2BS8aaXyIwLPEC4p0nDRzi6AzOlNsJF9M5FTCb%2FXNa1H0JwkjZ3sIoOi1z%2ByzXKjRhxg2ZvENbJtIOauBxJCxsSQGqHrmeBCtXU%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 891398542
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d3c4a323c-FRA
expires: Sat, 16 Apr 2022 20:55:27 GMT

GET
H3-29 200 AddCar.png
media.hatla2eestatic.com/images/general/ 594 B
1 KB 15ms
13ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/AddCar.png
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b31489e407f77af62c73a1cb492d84cbd95a289e4e72c94f124ccce997578fe7

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2705176
content-type: image/png
x-backendfr: opswsws4
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c4a0000323c4f1ba000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=t1lrC581Z7nLB3LY%2FUw2tQF%2BkAeyHdTwMCsu4t5KzD5HspUdqbqgU1R5M8fgPMyiLyY8IutZMB2lYhRbr3PSc6XKtwd7MNyGhJ3exbA6OlY%2BqgtIuEMF%2Bu3sR4BKC5vgaU%2F9UKY%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 259756377
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d4c5e323c-FRA
expires: Sat, 23 Apr 2022 05:16:28 GMT

GET
H3-29 200 ico_waiting-320.gif
media.hatla2eestatic.com/images/general/ 137 KB
138 KB 36ms
33ms Image
image/gif 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/ico_waiting-320.gif
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f12327afa859ebc6fb70b0676454a3655998e8c7d5c06da7afc8925e8d5ff61

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2840083
content-type: image/gif
x-backendfr: opswsws4
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c4a0000323c8f093000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AJYatxX8hgx%2BCfnDaWQZkb8anUmbjriQl92Vz6%2BR6VrJ0iEOU6adKwhVmgusZazEvO81nRU9Vhz1yF350cmuhJ%2BKbt7F9207n71OlMxVSltpEB82sGgK7E7pkbXagGFOXiIzoVs%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 188764228
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d4c5f323c-FRA
expires: Thu, 21 Apr 2022 15:48:01 GMT

GET
H3-29 200 footer-logo.png
media.hatla2eestatic.com/images/general/ 9 KB
10 KB 15ms
13ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/footer-logo.png
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfc14db642406238470b1dc09aac2cb8affa315c4ee5d5d56de567b718fdfb72

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2732801
content-type: image/png
x-backendfr: opswsws2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c4a0000323c79061000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hxeNFEABWwVWklxYmgkZxG8qMLVDH6dEDy2XpQO%2F7UJh8Epv3uCUPmtW0uBDleSnspcpgokbehn3AlC4z2yvUCkSCyrEtpgqsv4iqoDUsXfbRlvW0WFPuiOwMkHP2Jcuvqx2330%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 246513779
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d4c61323c-FRA
expires: Fri, 22 Apr 2022 21:36:03 GMT

GET
H3-29 200 google_play_link_rtl.png
media.hatla2eestatic.com/images/general/ 15 KB
16 KB 20ms
18ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/google_play_link_rtl.png
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29e74ca0db2b79c6a6d70ab3c63c8c1bf7a0574a0f91058d5743c9072ace7383

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2705176
content-type: image/png
x-backendfr: opswsws3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c4d0000323c431eb000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3j4Te%2BphaVIUGFt9a0ekKkNpbuoFqu%2BEz4K3Rr4id6cULHAP3Xh3D%2FTum9fFq%2FvT6gsXggcH7qBOXfA1rBKtvf%2FCssaqLibDfdDBArTjXD5FKI1pCGR7o3p7LKk2%2FpaaamgAzdg%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 251080418
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d4c63323c-FRA
expires: Sat, 23 Apr 2022 05:16:28 GMT

GET
H3-29 200 Download_on_the_App_Store_Badge_AR_135x40.svg
media.hatla2eestatic.com/images/svg/icons/ 10 KB
4 KB 23ms
21ms Image
image/svg+xml 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/svg/icons/Download_on_the_App_Store_Badge_AR_135x40.svg
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 336252920e85f1b6a227ad42a6a99ea5748982f78446b1a84bd80553096486eb

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2705177
content-type: image/svg+xml
x-backendfr: opswsws3
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c4b0000323c8a247000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=F4N1h3tOn1M8Q1varna%2FQpuJzj66MxrlJ5cfUAPWfiI7fYU3uWFxssuaN6bjwH6AI0ayqbZWlaln7%2FIdtZPfHTV8BVyn7tEMx9Rr0U1DYjmmx5%2FvfktZq3t7WBfHFPbHhS68gNI%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 267949030
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d4c64323c-FRA
expires: Sat, 23 Apr 2022 05:16:27 GMT

GET
H3-29 200 huawei_icon.png
media.hatla2eestatic.com/images/general/ 17 KB
18 KB 24ms
21ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/huawei_icon.png
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 808105670d70867704543e748cb1a19f041926c2aedad67b3e81df7a56af52d8

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2705176
content-type: image/png
x-backendfr: opswsws2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c4b0000323ca5973000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oBMwLLcm3xNNRJCOGBF3mHmaSG7j3eD3BF3HUuBPgZVc5v475v7jgS52zmNUXiw%2B%2BS54YrZbR9Q4kVl6ksoDOUwuPYchOWMeSJX7BvJM3mKTmnWUiS9GQk1beXqK08WjwbvMqy0%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 250031329
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d4c66323c-FRA
expires: Sat, 23 Apr 2022 05:16:28 GMT

GET
H2 200 out.js Show response
media.hatla2eestatic.com/js/ 389 KB
101 KB 35ms
35ms Script
text/javascript 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://media.hatla2eestatic.com/js/out.js?1621765085
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01e4322a2c60aab057c90bd9d961051b1df09b4e691e6488f5ab1db18f8cd324

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 94167
cf-polished: origSize=398707
cf-ray: 65469b0ccf8a2488-FRA
x-backendfr: opswsws2
cf-bgj: minify
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3bf80000248805229000000001
last-modified: Sun, 23 May 2021 10:18:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NzWYTw3I7mJ7Sioq%2BsYR2FtPUAEMtO7OIiC1vcT%2BlXohtOq6gSXJGRcjwGj9BEKNrG2rcAvMbzBnFYQffnZOgrwZvW8mJFkCsrBL0IcQ5pZJo%2FQrz4eQGoU%2Frb88QFDAf0Nxqy0%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 869862656
cache-control: max-age=31536000
x-cachefr: MISS
content-type: text/javascript
expires: Mon, 23 May 2022 10:33:17 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 9ms
5ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4368
date: Mon, 24 May 2021 11:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 24 May 2021 13:29:56 GMT

GET
H2 200 tr
www.facebook.com/ 44 B
297 B 21ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=1923228841246505&ev=PageView%20%20%20%20%20&noscript=1

Requested by

Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 24 May 2021 12:42:44 GMT

GET
H3-29 200 ndownloadappblock_appscht-android.png
media.hatla2eestatic.com/images/general/ 12 KB
13 KB 16ms
14ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/ndownloadappblock_appscht-android.png?v=1
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8938b2d12b8b2f1bc194d0d1fc0d6a5cbeec9462bb4c6db9c759d8b83a09e759

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2705176
content-type: image/png
x-backendfr: opswsws1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c4c0000323c9e8ae000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2Q6a6lO%2B8OhhKK1Cl%2FNMfN1bkBGQI0pm5fjcHV4prapbTFwQLd%2FOw39QEBlBE5dm55Aj5UwHWVKBnL%2Fw0i5lWJSzQeqvU4h0Oe%2FbkKQLK1qYHeedBD7hXLrQz8M9gHTPXywP%2B0Y%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 259756380
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d4c67323c-FRA
expires: Sat, 23 Apr 2022 05:16:28 GMT

GET
H3-29 200 ndownloadappblock_appscht-ios.png
media.hatla2eestatic.com/images/general/ 12 KB
12 KB 25ms
22ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/ndownloadappblock_appscht-ios.png?v=1
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ba511c6405506a889996aca748e3b0985624caca660a1f16385fbf5778f52e

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3253637
content-type: image/png
x-backendfr: opswsws1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c4c0000323c5d9d6000000001
last-modified: Thu, 15 Apr 2021 14:22:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=A5elYo%2BlcTtYesV%2Bt5lhDQAKqqG%2FT9CTLVbIEq7UI%2BrTJP64MYmjkIaXVmCi6Bdi%2FM8LokwCCKmkCj3%2FJol%2FnSas6UIEE2Ls8tmzmDTrmiY7P9Nif8cmDu0m32cZPFUaeHxdk88%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 891398545
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d4c68323c-FRA
expires: Sat, 16 Apr 2022 20:55:27 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/ Frame A8F9 10 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210517/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jordan.hatla2ee.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jordan.hatla2ee.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 23 May 2021 22:33:52 GMT
expires: Sun, 06 Jun 2021 22:33:52 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 50932
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/ 231 KB
85 KB 44ms
30ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9989282997341991&plah=jordan.hatla2ee.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87252
x-xss-protection: 0
server: cafe
etag: 5322897297824761394
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 24 May 2021 12:42:44 GMT

GET
H3-29 200 icons.png
media.hatla2eestatic.com/images/general/all/ 41 KB
42 KB 35ms
34ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/all/icons.png?v=10
Requested by: Host: media.hatla2eestatic.com
URL: https://media.hatla2eestatic.com/css/out_ar.css?1621765085
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b084eafce4212b77b0f96c440a310283a17dd9638d741c31edbe11efb46e3e0a

Request headers

Referer: https://media.hatla2eestatic.com/css/out_ar.css?1621765085
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2705176
content-type: image/png
x-backendfr: opswsws4
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3c5a0000323c943e2000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nfaw2rogqLuLdb4jBZW0mEYi6qlE%2BagQPvrEFZdm6BP7fckI2MNKZTxkFQBmRgDRp5eBjCN6ZitdZy27UAaufoPN8PM9zID4cLJliuXwYA9H084jdmy1xK3unrwtNXd8dP70tys%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 270640428
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0d5c89323c-FRA
expires: Sat, 23 Apr 2022 05:16:28 GMT

GET
H2 200 material_icons.woff2
jordan.hatla2ee.com/css/font/ 47 KB
47 KB 16ms
15ms Font
application/octet-stream 2606:4700:20::681a:7c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jordan.hatla2ee.com/css/font/material_icons.woff2
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7c0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8048179a9e6d2a88bffa8f7feef5e078c9959376218c622b6d0f14a8628d3f80

Request headers

:path: /css/font/material_icons.woff2
pragma: no-cache
origin: https://jordan.hatla2ee.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: jordan.hatla2ee.com
referer: https://jordan.hatla2ee.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://jordan.hatla2ee.com
Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 53
content-type: text/plain; charset=UTF-8
x-backendfr: opswsws1
content-encoding: br
cf-request-id: 0a3fff3c5a00004dca059d5000000001
last-modified: Sun, 23 May 2021 10:18:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DxbZeadv06O1FRkemXC0Jl3l7d%2Fe4WB4hoRQ4uVUV%2FW9PY7lU9a%2BVoaKzTd3P7t9OhJzdpQjOto0ltfJqymJywKSxW94qW7kKvKNjI0AmyY%2B2vgLwxzNYHx1Iylmure8"}],"group":"cf-nel","max_age":604800}
x-varnish: 873598856 871912204
cache-control: public, max-age=1800
x-cachefr: HIT
cf-ray: 65469b0d5f934dca-FRA

GET
H2 200 NotoSansArabic-Regular.woff
jordan.hatla2ee.com/css/font/ 69 KB
67 KB 20ms
19ms Font
application/octet-stream 2606:4700:20::681a:7c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jordan.hatla2ee.com/css/font/NotoSansArabic-Regular.woff
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7c0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 772ebfd6a8738568e21ae7c711289fb9eace128113df0047455559eed11b358c

Request headers

:path: /css/font/NotoSansArabic-Regular.woff
pragma: no-cache
origin: https://jordan.hatla2ee.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: jordan.hatla2ee.com
referer: https://jordan.hatla2ee.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://jordan.hatla2ee.com
Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 53
content-type: text/plain; charset=UTF-8
x-backendfr: opswsws2
content-encoding: br
cf-request-id: 0a3fff3c5c00004dcaf120b000000001
last-modified: Sun, 23 May 2021 10:18:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wsCFkmXeWzyhNGvGIAlRgU6ml3pi%2BG5DqzyqqI0ijS0AsdWZ9UTguYWkkWu4v%2BI0uSygKZC%2Byl7SVzqmjq47prrs%2FgzInup%2F%2BTDzypE5W9UGViqwRZasqWpYZDxWDqh2"}],"group":"cf-nel","max_age":604800}
x-varnish: 864308443
cache-control: public, max-age=1800
x-cachefr: MISS
cf-ray: 65469b0d5f974dca-FRA

GET
H3-29 200 freeservicestie_rtl.png
media.hatla2eestatic.com/images/general/ 865 B
1 KB 25ms
25ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/general/freeservicestie_rtl.png
Requested by: Host: media.hatla2eestatic.com
URL: https://media.hatla2eestatic.com/css/out_ar.css?1621765085
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 387c7986eadb0774f80cb5bcd9da38819b42d322de52acb9ef909fb43ef7c6eb

Request headers

Referer: https://media.hatla2eestatic.com/css/out_ar.css?1621765085
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2704867
content-type: image/png
x-backendfr: opswsws4
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3cb80000323c40983000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BZyQJEfds1QxdoL7p21hv%2Bust8M1BhvY2Ourq4MN%2B9B3B%2Bnia%2Fi4CvbfA2hVW0hCEAawTtHGULeBOkm2htewMD9uQCY3cAF%2FPiIqoQdvwfL3jcnNIYzVV8fj6qy5uYLGb5JrYBo%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 265920463
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0dfdc7323c-FRA
expires: Sat, 23 Apr 2022 05:21:37 GMT

GET
H3-29 200 all-55x55.png
media.hatla2eestatic.com/images/car/make/ 121 KB
121 KB 14ms
13ms Image
image/png 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/images/car/make/all-55x55.png?v=51
Requested by: Host: media.hatla2eestatic.com
URL: https://media.hatla2eestatic.com/css/out_ar.css?1621765085
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da5ead8666f2903035431dcb4df84fcd6eca21c4c13507d4e8699c34017f4966

Request headers

Referer: https://media.hatla2eestatic.com/css/out_ar.css?1621765085
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2704715
content-type: image/png
x-backendfr: opswsws1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3cba0000323c49134000000001
last-modified: Wed, 21 Apr 2021 12:30:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AtFTerq3neGAf0A320xV%2BeF2Mwk399OHrhxV0CjZ0GSrwa51sE0A8qH%2BEjMiZxphQgSg6SNZCwLmzuBXXSRqkUAt3SFMLs0pIQD0QDUMijuaFnDL0824OA2zcl3QyZlW%2Bu6SyUY%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 272965196
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0dfdcf323c-FRA
expires: Sat, 23 Apr 2022 05:24:09 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 202 B
638 B 166ms
71ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=jordan.hatla2ee.com&callback=_gfp_s_&client=ca-pub-9989282997341991

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9989282997341991&plah=jordan.hatla2ee.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

28804d5aa131078efa477c9d9392e9861473de3d6e370aca21472fd2adbd3d1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 190
x-xss-protection: 0

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&tn=DIV&cls=navbar%20navbar-fixed-top&ign=false

Requested by

Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 38ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=jordan.hatla2ee.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 24 May 2021 12:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 37ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=jordan.hatla2ee.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 24 May 2021 12:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5F0D 0
19 B 79ms
76ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&adk=1812271804&adf=3025194257&lmt=1621860164&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164678&bpp=23&bdt=143&idt=230&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1983849134907&frm=20&pv=2&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=276

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9989282997341991&output=html&adk=1812271804&adf=3025194257&lmt=1621860164&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164678&bpp=23&bdt=143&idt=230&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1983849134907&frm=20&pv=2&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=276
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jordan.hatla2ee.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jordan.hatla2ee.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 May 2021 12:42:45 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 24-May-2021 12:57:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 24 May 2021 12:42:45 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4df2fd5c8b3681147087fa7506cef9c982c18edf99729a4412e41af2f98fe0b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621597303326658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Mon, 24 May 2021 12:42:44 GMT

GET
H3-29 200 medium_up_161c9ff14c6ddc12d224ceb39ec7bf8e.jpg
media.hatla2eestatic.com/uploads/car/2021/05/04/3948526/ 12 KB
12 KB 15ms
15ms Image
image/jpeg 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/uploads/car/2021/05/04/3948526/medium_up_161c9ff14c6ddc12d224ceb39ec7bf8e.jpg
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37aacaa89a818eeb028f488389049a8ba00b54552a4be07dd5ed881878ae1e41

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1496537
content-type: image/jpeg
x-backendfr: opswsws2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3dc80000323cb40cb000000001
last-modified: Tue, 04 May 2021 18:18:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tl5v3KC5fGDEHLIvCgeHXxKkDaIzJX9pITKFonnqz8RS5zzI4nUfasM1yT6myGRa2GEKxrxW5kfcFzO6ySZEvVjQBI%2Bh9y7u0JMszPUz8NZjwFAtNjsrEWQIkDrGkC8EzL9UVtc%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 896991471
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0fa969323c-FRA
expires: Sat, 07 May 2022 05:00:28 GMT

GET
H3-29 200 medium_up_1be56a01eabf3977ad740e0474369daf.jpg
media.hatla2eestatic.com/uploads/car/2021/05/03/3945808/ 14 KB
15 KB 16ms
14ms Image
image/jpeg 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/uploads/car/2021/05/03/3945808/medium_up_1be56a01eabf3977ad740e0474369daf.jpg
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d599136539566d0801790945c8df454b2d10a7f2178a75b4143f579d3e30d10

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1713300
content-type: image/jpeg
x-backendfr: opswsws2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3dcb0000323c4320d000000001
last-modified: Mon, 03 May 2021 01:16:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a%2FYL9%2BWj6M3UltnB%2BdV%2BKqQHlEy1OX8%2Bo5dY3EOz%2B%2FF0m7ZyHHK%2BdtUdIPbfLe1QBsUuoDMCE7dzpb2GYqiQlm8pLIr0slXmfGWpjxMLmk6lJ%2BOZsAelPwD9vd2UTitIcwnaV10%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 607996375
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0fa977323c-FRA
expires: Wed, 04 May 2022 16:47:45 GMT

GET
H3-29 200 medium_up_8bb579e3914fbb5087fb0bebe4b1ad71.jpg
media.hatla2eestatic.com/uploads/car/2021/04/23/3926688/ 5 KB
5 KB 31ms
29ms Image
image/jpeg 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/uploads/car/2021/04/23/3926688/medium_up_8bb579e3914fbb5087fb0bebe4b1ad71.jpg
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b98c6e443c6230ab396b0f11a2ce8c9c2f829b6c489961254073daa6514fdaa3

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 417152
content-type: image/jpeg
x-backendfr: opswsws4
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3dd00000323c5617b000000001
last-modified: Fri, 23 Apr 2021 14:51:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=udzk2QmtMnF64D8EOvFmM0QzydzILLbRr7THiJkqZZ9FDcSc7cAnY3v%2BDrKuPt4aPtb650E7%2BeNusSyUKnkvOjOgRnaUwLgqU4raOBi2E6rNpIewoam3Bq4%2FuBsoO40j4Ijp48U%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 537359238
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0fa97c323c-FRA
expires: Thu, 19 May 2022 16:50:13 GMT

GET
H3-29 200 medium_up_6ce1e50ff7b1cffda0f1076ca92b4c28.jpg
media.hatla2eestatic.com/uploads/car/2021/04/20/3921850/ 13 KB
14 KB 18ms
16ms Image
image/jpeg 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/uploads/car/2021/04/20/3921850/medium_up_6ce1e50ff7b1cffda0f1076ca92b4c28.jpg
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a41ce82cee83126196309ba5385d63341dbf3579d478f2ad40fc737242b98e70

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1496537
content-type: image/jpeg
x-backendfr: opswsws3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3dcb0000323c4099b000000001
last-modified: Tue, 20 Apr 2021 21:30:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FhCcv6cTYwACQt4kqBBhQkO5sw%2Fkyr0MyzVJdrTz14PZWdZbs%2FB6b9Pne5jj%2BMHnRt%2FodlimkFCiTKcOhb6S4knOTF2edxyKOg%2BzupCof358%2FhibKBrQnLEOnDV0OiywJ7XxYZo%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 895030688
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0fa97f323c-FRA
expires: Sat, 07 May 2022 05:00:28 GMT

GET
H3-29 200 medium_up_a88eb0037d4ba53012f829ddb1a86eab.jpg
media.hatla2eestatic.com/uploads/car/2021/04/01/3883575/ 15 KB
15 KB 81ms
79ms Image
image/jpeg 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/uploads/car/2021/04/01/3883575/medium_up_a88eb0037d4ba53012f829ddb1a86eab.jpg
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d86fbd49bf83799f9c3d05a3b5d9e6525013818eb41c4cfb146d29ba5903f5f

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
content-type: image/jpeg
x-backendfr: opswsws1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3dcc0000323c79083000000001
last-modified: Thu, 01 Apr 2021 19:43:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=V1LHo0k4WdTbcdtZeTXlkH8y2oEa1k0qU7Ak5gKPA%2FeTO0duO%2BEdhq5T3vsTGCSVr6kxqu227t4DNAf4KNu3fyXhbc5YqCHGOFJEm%2FLOzSjrpU65xpFvdclpLQNUlgtMae5eX7c%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 954099094
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0fa981323c-FRA
expires: Tue, 24 May 2022 12:42:45 GMT

GET
H3-29 200 medium_up_d753e15dcb507c44fe8af60294d1aeab.jpg
media.hatla2eestatic.com/uploads/car/2021/03/31/3881056/ 16 KB
17 KB 86ms
84ms Image
image/jpeg 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/uploads/car/2021/03/31/3881056/medium_up_d753e15dcb507c44fe8af60294d1aeab.jpg
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 548b944f77f329463ad40b725bfeede8a771bb7c91dd845aae4d55d2ebdd3121

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
content-type: image/jpeg
x-backendfr: opswsws4
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3dcc0000323c86ad9000000001
last-modified: Wed, 31 Mar 2021 16:34:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UxiOvbKOABXMym3IzTXxDQ6SIupvSslozWzGkvAEAqTL8vdGdLRWJJo%2BaBAwD%2B0CRVMROvLHaIXZwPZ3r6eOqWugt6hGr8eriG9Hrb4XMPBZir2%2B7tCbMIklqMGQZxQcmsXLZEg%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 964143217
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0fa983323c-FRA
expires: Tue, 24 May 2022 12:42:45 GMT

GET
H3-29 200 medium_up_c95f3f6b510c8a0a8204d5168e2c0d7d.jpg
media.hatla2eestatic.com/uploads/car/2021/03/22/3860788/ 4 KB
4 KB 16ms
14ms Image
image/jpeg 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/uploads/car/2021/03/22/3860788/medium_up_c95f3f6b510c8a0a8204d5168e2c0d7d.jpg
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d702a03675502feb41143b3750d107051e95f433baf447e098365031e1f1b3c0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 251306
content-type: image/jpeg
x-backendfr: opswsws1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3dcc0000323c5d9fc000000001
last-modified: Mon, 22 Mar 2021 19:17:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a8odqAg%2FIi6Gjq3yIxmD6bdUzcXQnCEPT0ao6DV549Gs%2F1rnqHuEkaPTRYg3bH342DysXnw0okqWOu4g6RLouvkD2VueRdcrLXM%2BhSuqzkkg4Efn4uku%2B%2B3cRvQ3%2B%2FEKKV3GPbM%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 736543295
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0fa987323c-FRA
expires: Sat, 21 May 2022 14:54:19 GMT

GET
H3-29 200 medium_up_3dace99b56f54a3b32224405d34154ff.jpg
media.hatla2eestatic.com/uploads/car/2021/03/21/3856624/ 5 KB
5 KB 17ms
15ms Image
image/jpeg 2606:4700:3032::6815:495e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.hatla2eestatic.com/uploads/car/2021/03/21/3856624/medium_up_3dace99b56f54a3b32224405d34154ff.jpg
Requested by: Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:495e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb35835e7687ec9981e94f6ad53e38c18810d413ed0d88bc3f111e4130744c53

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 52271
content-type: image/jpeg
x-backendfr: opswsws2
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a3fff3dce0000323ca80fc000000001
last-modified: Sun, 21 Mar 2021 08:22:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=h1ljdeM%2FAqHBMh6qNOhcNrkmCRXMjYOn8euJFBNOEUS6IbGB0g7CK4Z9wiLjKqN5%2BdtuBM%2F0s%2BiotXi%2FsHtvuhKxRn4aUBM1%2F83x67l8Juf412DXEf94dL%2Bp%2FfF7D1ZRrueGMiU%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 891492967
cache-control: max-age=31536000
x-cachefr: MISS
cf-ray: 65469b0fa988323c-FRA
expires: Mon, 23 May 2022 22:11:34 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F831 87 KB
32 KB 331ms
331ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=3556837215&adf=2742494965&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164761&bpp=3&bdt=226&idt=313&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=574&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6vPTLmFF5G&p=https%3A//jordan.hatla2ee.com&dtd=326

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e680ba4c82c6e83cf324c7347fe833abf00dbb9f70a722e17f57b31e78431a98

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM-mkfir4vACFS1lFQgdefMMuA&gqi=RZ-rYM28BtHwtwfgtbKICA&layout=/sadbundle/%24csp%253Der3%24/3120411795171369841/728x90/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=3556837215&adf=2742494965&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164761&bpp=3&bdt=226&idt=313&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=574&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6vPTLmFF5G&p=https%3A//jordan.hatla2ee.com&dtd=326
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jordan.hatla2ee.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jordan.hatla2ee.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM-mkfir4vACFS1lFQgdefMMuA&gqi=RZ-rYM28BtHwtwfgtbKICA&layout=/sadbundle/%24csp%253Der3%24/3120411795171369841/728x90/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 24 May 2021 12:42:45 GMT
server: cafe
content-length: 32963
x-xss-protection: 0
set-cookie: IDE=AHWqTUnwZPRBtsap7PajdM-84QeIMc9ak5Dh2b-QG1lzDoDOtFNfIApK-hN-3QhYYtw; expires=Sat, 18-Jun-2022 12:42:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 24 May 2021 12:42:45 GMT
cache-control: private

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 31ms
16ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=299322574&t=pageview&_s=1&dl=https%3A%2F%2Fjordan.hatla2ee.com%2F&ul=en-us&de=UTF-8&dt=%D8%B3%D9%88%D9%82%20%D8%A7%D9%84%D8%B3%D9%8A%D8%A7%D8%B1%D8%A7%D8%AA%20%D8%A7%D9%84%D9%85%D8%B3%D8%AA%D8%B9%D9%85%D9%84%D8%A9%20%D9%88%20%D8%A7%D9%84%D8%B3%D9%8A%D8%A7%D8%B1%D8%A7%D8%AA%20%D8%A7%D9%84%D8%AC%D8%AF%D9%8A%D8%AF%D8%A9%20%D9%81%D9%8A%20%D8%A7%D9%84%D8%A3%D8%B1%D8%AF%D9%86%20%3A%20%D9%87%D8%AA%D9%84%D8%A7%D9%82%D9%89&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAEABAAAAAC~&jid=1191129060&gjid=1719647661&cid=1878881232.1621860165&tid=UA-5741484-11&_gid=2021375033.1621860165&_r=1&_slc=1&z=2022506236

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://jordan.hatla2ee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 22ms
16ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=299322574&t=pageview&_s=1&dl=https%3A%2F%2Fjordan.hatla2ee.com%2F&ul=en-us&de=UTF-8&dt=%D8%B3%D9%88%D9%82%20%D8%A7%D9%84%D8%B3%D9%8A%D8%A7%D8%B1%D8%A7%D8%AA%20%D8%A7%D9%84%D9%85%D8%B3%D8%AA%D8%B9%D9%85%D9%84%D8%A9%20%D9%88%20%D8%A7%D9%84%D8%B3%D9%8A%D8%A7%D8%B1%D8%A7%D8%AA%20%D8%A7%D9%84%D8%AC%D8%AF%D9%8A%D8%AF%D8%A9%20%D9%81%D9%8A%20%D8%A7%D9%84%D8%A3%D8%B1%D8%AF%D9%86%20%3A%20%D9%87%D8%AA%D9%84%D8%A7%D9%82%D9%89&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAjAAEABAAAAAC~&jid=2105501145&gjid=1412171753&cid=1878881232.1621860165&tid=UA-5741484-18&_gid=2021375033.1621860165&_r=1&_slc=1&z=1910750700

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://jordan.hatla2ee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C448 88 KB
32 KB 434ms
433ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91b79a7fd36bcf4a81916ed899f696de50da8eddefc238ddc5774e784d45b3a6

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKrOlfir4vACFW1IFQgd2bIE3w&gqi=RZ-rYKXZCprZtgf4u4fgCw&layout=/sadbundle/%24csp%253Der3%24/3120411795171369841/728x90/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jordan.hatla2ee.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jordan.hatla2ee.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKrOlfir4vACFW1IFQgd2bIE3w&gqi=RZ-rYKXZCprZtgf4u4fgCw&layout=/sadbundle/%24csp%253Der3%24/3120411795171369841/728x90/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 24 May 2021 12:42:45 GMT
server: cafe
content-length: 33243
x-xss-protection: 0
set-cookie: IDE=AHWqTUnvQQzneswwdgs42V5IvDEB0XsFbrX4_80ljjiWn837GvJa8avtuK6C6UOjrAQ; expires=Sat, 18-Jun-2022 12:42:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 24 May 2021 12:42:45 GMT
cache-control: private

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 24ms
24ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-5741484-11&cid=1878881232.1621860165&jid=1191129060&gjid=1719647661&_gid=2021375033.1621860165&_u=IAhAAEAAAAAAAC~&z=1308259802

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 24 May 2021 12:42:45 GMT
content-type: text/plain
access-control-allow-origin: https://jordan.hatla2ee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 25ms
24ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-5741484-18&cid=1878881232.1621860165&jid=2105501145&gjid=1412171753&_gid=2021375033.1621860165&_u=IAjAAEABAAAAAC~&z=1325465548

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 24 May 2021 12:42:45 GMT
content-type: text/plain
access-control-allow-origin: https://jordan.hatla2ee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0856 87 KB
32 KB 430ms
430ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=600&slotname=8666046263&adk=1061136711&adf=3649827849&pi=t.ma~as.8666046263&w=300&lmt=1621860165&psa=0&format=300x600&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164855&bpp=26&bdt=320&idt=316&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=317&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H2VpqfXcvK&p=https%3A//jordan.hatla2ee.com&dtd=321

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9b3fef2bf386d6962fedcb338670ab4310ca1925d08d024eeb4d5cb9b650db3

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJjIlvir4vACFYOncQodQHQFpw&gqi=RZ-rYKfVC5rhtweDmJPIBQ&layout=/sadbundle/%24csp%253Der3%24/15360962201801046162/300x600/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9989282997341991&output=html&h=600&slotname=8666046263&adk=1061136711&adf=3649827849&pi=t.ma~as.8666046263&w=300&lmt=1621860165&psa=0&format=300x600&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164855&bpp=26&bdt=320&idt=316&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=317&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H2VpqfXcvK&p=https%3A//jordan.hatla2ee.com&dtd=321
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jordan.hatla2ee.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jordan.hatla2ee.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJjIlvir4vACFYOncQodQHQFpw&gqi=RZ-rYKfVC5rhtweDmJPIBQ&layout=/sadbundle/%24csp%253Der3%24/15360962201801046162/300x600/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 24 May 2021 12:42:45 GMT
server: cafe
content-length: 33055
x-xss-protection: 0
set-cookie: IDE=AHWqTUmtbNk5VWlwlaDfv9KPdUlYYnmcQ6JeZ3eEV_e5oGdeY1_atnWqMLUFwHjgzHo; expires=Sat, 18-Jun-2022 12:42:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 24 May 2021 12:42:45 GMT
cache-control: private

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
119 B 38ms
36ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-5741484-11&cid=1878881232.1621860165&jid=1191129060&_u=IAhAAEAAAAAAAC~&z=1570867948

Requested by

Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 36ms
35ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-5741484-11&cid=1878881232.1621860165&jid=1191129060&_u=IAhAAEAAAAAAAC~&z=1570867948

Requested by

Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
119 B 38ms
37ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-5741484-18&cid=1878881232.1621860165&jid=2105501145&_u=IAjAAEABAAAAAC~&z=1587860362

Requested by

Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 35ms
34ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-5741484-18&cid=1878881232.1621860165&jid=2105501145&_u=IAjAAEABAAAAAC~&z=1587860362

Requested by

Host: jordan.hatla2ee.com
URL: https://jordan.hatla2ee.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/ Frame FFF8 2 KB
2 KB 43ms
17ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=3556837215&adf=2742494965&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164761&bpp=3&bdt=226&idt=313&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=574&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6vPTLmFF5G&p=https%3A//jordan.hatla2ee.com&dtd=326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e91f88e994950c9deb8f29695ac34a7e45e7ab83c492e2b5fe5430325783b873

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 870
date: Thu, 20 May 2021 23:06:05 GMT
expires: Fri, 20 May 2022 23:06:05 GMT
last-modified: Thu, 18 Feb 2021 08:51:11 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 308200
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

B25368779.296294406;dc_pre=CL-crvir4vACFc2GdwodoNoJIw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=1962479197;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/ Frame F831
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=1962479197;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfu...
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=CL-crvir4vACFc2GdwodoNoJIw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=1962479197;dc_lat=;dc_rdid=;tag...

42 B
63 B

79ms
50ms

Fetch
image/gif

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=CL-crvir4vACFc2GdwodoNoJIw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=1962479197;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=CL-crvir4vACFc2GdwodoNoJIw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=1962479197;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame F831 17 KB
7 KB 35ms
12ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:38:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 259
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 12:38:26 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame F831 2 KB
1 KB 37ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:41:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 12:41:29 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F831 119 KB
36 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a4e15e0a382cdbfe1d63cbd77a59ce2f67660b54e926fbebc97fe0b7cebf869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621597309435250"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37145
x-xss-protection: 0
expires: Mon, 24 May 2021 12:42:45 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame F831 13 KB
6 KB 35ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:41:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 12:41:09 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame F831 0
0 18ms
17ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C-7HyRZ-rYI_wBq3K1fAP-eazwAuYwaHlYYfotsTmDdrZHhABIN-Y-h9glQKgAfS4v8UDyAEJqAMByANIqgTWAU_Qoo3GoOWYFNKrW6KXLoE1NUugHFY1UO8mhZxUFVHmXUOot95xeY6ZdDu5tR4W8bMj9pPzyer07KOa3T8Ftkdcmfa2z2nHQulgPiEUaVnUQgX5iZv9S4f4U0CTQBUQO4vLGqFWqjhQBzbNMIJIBRt0Q8YwRbrVBz8e6l2UkAsIdOkR0YZaPMUKeX-qrh-iclhDedUC3xtZ9Mr_UcyvAAgGnj7x164i6CnbH0DnR8XFO8-DutO0hNw0aBfEOnV5EXraYeoBNO1pIIEgUkxtTOzdw91hyszABN-xhrO0A5IFBAgEGAGSBQQIBRgEoAYugAfsoaimAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBC--wXSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItOTk4OTI4Mjk5NzM0MTk5MQ&sigh=ddLrCyMuw2s&template_id=419

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=3556837215&adf=2742494965&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164761&bpp=3&bdt=226&idt=313&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=574&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6vPTLmFF5G&p=https%3A//jordan.hatla2ee.com&dtd=326
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 24 May 2021 12:42:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CAA9 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=3556837215&adf=2742494965&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164761&bpp=3&bdt=226&idt=313&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=574&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6vPTLmFF5G&p=https%3A//jordan.hatla2ee.com&dtd=326
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnwZPRBtsap7PajdM-84QeIMc9ak5Dh2b-QG1lzDoDOtFNfIApK-hN-3QhYYtw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=3556837215&adf=2742494965&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164761&bpp=3&bdt=226&idt=313&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=574&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6vPTLmFF5G&p=https%3A//jordan.hatla2ee.com&dtd=326

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 24 May 2021 12:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 806
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F831 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cfbd9b5d2bf2d7b8d2b2c5fbab883d5e9d663cac26d78e9e0d8b57fa42b1e62

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame F831 0
20 B 54ms
40ms Other
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM-mkfir4vACFS1lFQgdefMMuA&gqi=RZ-rYM28BtHwtwfgtbKICA&layout=/sadbundle/%24csp%253Der3%24/3120411795171369841/728x90/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame FFF8 9 KB
3 KB 23ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 23:34:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 24 May 2021 23:34:05 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame FFF8 26 KB
10 KB 22ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 23:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48704
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 24 May 2021 23:11:01 GMT

GET
H3-29 200 lottie_light.min.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/ Frame FFF8 140 KB
39 KB 26ms
10ms Script
application/x-javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/lottie_light.min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6d09da0c3245664a4a6b03f0e4d6b132db88ce994750d8324640403f93814d6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 478697
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40127
x-xss-protection: 0
last-modified: Thu, 18 Feb 2021 08:51:11 GMT
server: sffe
date: Tue, 18 May 2021 23:44:28 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 May 2022 23:44:28 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CAA9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmtbNk5VWlwlaDfv9KPdUlYYnmcQ6JeZ3eEV_e5oGdeY1_atnWqMLUFwHjgzHo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 May 2021 12:42:45 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 24-May-2021 13:42:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 24 May 2021 12:42:45 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 May 2021 12:42:45 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/ Frame E4C3 2 KB
898 B 10ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e91f88e994950c9deb8f29695ac34a7e45e7ab83c492e2b5fe5430325783b873

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 870
date: Thu, 20 May 2021 23:06:05 GMT
expires: Fri, 20 May 2022 23:06:05 GMT
last-modified: Thu, 18 Feb 2021 08:51:11 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 308200
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

B25368779.296294406;dc_pre=COqltPir4vACFYn2dwodgRQIQw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=3767225136;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/ Frame C448
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=3767225136;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfu...
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=COqltPir4vACFYn2dwodgRQIQw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=3767225136;dc_lat=;dc_rdid=;tag...

42 B
63 B

58ms
55ms

Fetch
image/gif

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=COqltPir4vACFYn2dwodgRQIQw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=3767225136;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=COqltPir4vACFYn2dwodgRQIQw;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=3767225136;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame C448 17 KB
7 KB 13ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:38:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 259
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 12:38:26 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame C448 2 KB
1 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:41:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 12:41:29 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C448 119 KB
36 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a4e15e0a382cdbfe1d63cbd77a59ce2f67660b54e926fbebc97fe0b7cebf869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621597309435250"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37145
x-xss-protection: 0
expires: Mon, 24 May 2021 12:42:45 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame C448 13 KB
6 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:41:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 12:41:09 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame C448 0
0 18ms
14ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRkLZg4aOW8DTq_GnWgkaviGevLdRYX6QW2PQp7evknCTpM32dT2qty2zKmZUiChfuy5l_O_ItsRIBHDc0ayoKLEigHpQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame C448 0
0 16ms
16ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CEMtwRZ-rYOqXC-2Q1fAP2eWS-A2YwaHlYYfotsTmDdrZHhABIN-Y-h9glQKgAfS4v8UDyAEJqAMByANIqgTQAU_Q5UVgl_JhyfU_7WUYQ6-3yJpHlSzWQYybsmIYaS2lSRCBJVvWXNF3AQ-uCYJqtyNebK62FlEuy0ysJPls9pKsKyJFNmaF103LRAMc8FIEa7fy-TMjhw8ZHlatLuyp2vzXa90g6ooKvU9WdUSH5itzcdQEpu8KdVhJUKKhzqhTUxRG4iLC9zzPMUoRUPnsDNPSd0foveduNu-Cz9LQmCgPqNrm0wrP0BmI_1LQSh5ok93Az0SHIROduszLvi8_7-m8FlYUtto-Q0FWwjT5ZYPABN-xhrO0A5IFBAgEGAGSBQQIBRgEoAYugAfsoaimAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCo-ATSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItOTk4OTI4Mjk5NzM0MTk5MQ&sigh=tNmF9xtdK2I&template_id=419

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 24 May 2021 12:42:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 data.json Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/ Frame FFF8 182 KB
19 KB 24ms
9ms XHR
application/json 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/data.json

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/lottie_light.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd472e3bbd68f2babe5d5c95bea791b576e3cb6f55c85078137c60124cb06543

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 224003
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19828
x-xss-protection: 0
last-modified: Thu, 18 Feb 2021 08:51:11 GMT
server: sffe
date: Fri, 21 May 2021 22:29:22 GMT
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 22:29:22 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DCB0 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmtbNk5VWlwlaDfv9KPdUlYYnmcQ6JeZ3eEV_e5oGdeY1_atnWqMLUFwHjgzHo; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 24 May 2021 12:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 806
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/ Frame 6927 2 KB
898 B 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=600&slotname=8666046263&adk=1061136711&adf=3649827849&pi=t.ma~as.8666046263&w=300&lmt=1621860165&psa=0&format=300x600&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164855&bpp=26&bdt=320&idt=316&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=317&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H2VpqfXcvK&p=https%3A//jordan.hatla2ee.com&dtd=321

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55dc2914fd50d5b9f175631c27d961fd30cde8fd56a6550bcdc37f4626a73ead

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 870
date: Tue, 18 May 2021 22:28:54 GMT
expires: Wed, 18 May 2022 22:28:54 GMT
last-modified: Thu, 18 Feb 2021 08:51:08 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 483231
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

B25368779.296294406;dc_pre=CPnnufir4vACFTTauwgdWQ4LPg;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=700776768;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/ Frame 0856
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=700776768;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua...
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=CPnnufir4vACFTTauwgdWQ4LPg;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=700776768;dc_lat=;dc_rdid=;tag_...

42 B
63 B

55ms
55ms

Fetch
image/gif

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=CPnnufir4vACFTTauwgdWQ4LPg;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=700776768;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25368779.296294406;dc_pre=CPnnufir4vACFTTauwgdWQ4LPg;dc_trk_aid=489585069;dc_trk_cid=146350521;ord=700776768;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 0856 17 KB
7 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:38:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 259
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 12:38:26 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 0856 2 KB
1 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:41:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 12:41:29 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0856 119 KB
36 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a4e15e0a382cdbfe1d63cbd77a59ce2f67660b54e926fbebc97fe0b7cebf869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621597309435250"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37145
x-xss-protection: 0
expires: Mon, 24 May 2021 12:42:45 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 0856 13 KB
6 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:41:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 12:41:09 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 0856 0
0 19ms
15ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTN6WEHu3MS2sSmTce9N8jwlxT7tQbjZ9XZa5qF84WPzz5wMkKjMiUY4InAmkXMX9h4Scis9vECSHF0P3rTGd1RzQzuRA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=600&slotname=8666046263&adk=1061136711&adf=3649827849&pi=t.ma~as.8666046263&w=300&lmt=1621860165&psa=0&format=300x600&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164855&bpp=26&bdt=320&idt=316&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=317&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H2VpqfXcvK&p=https%3A//jordan.hatla2ee.com&dtd=321
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame C448 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4781e06d15be5a26f774d467120dc78564c2433c47b371a8d6dd364e25c1a117

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame C448 0
20 B 41ms
41ms Other
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKrOlfir4vACFW1IFQgd2bIE3w&gqi=RZ-rYKXZCprZtgf4u4fgCw&layout=/sadbundle/%24csp%253Der3%24/3120411795171369841/728x90/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0856 0
0 20ms
20ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CCuW5RZ-rYNiRDIPPxgPA6JW4CpjBoeVhl-a2xOYN2tkeEAEg35j6H2CVAqAB9Li_xQPIAQmoAwHIA0iqBNEBT9Bwg2ZyEDPpBrrgOXkcrZiGuPlbDD7zLT0NmjSnoV-V6lYkxcM5keov1dTqgmnzVitjE6yBtIa3zJpzKyflzGBopJgK1bqjEGgRNoJ2QwwR5EdpzfTfUX8YGsKFdlGOsfTt5Q-IUjmWgRKa3mOnzJT-rtCORySy5t21f6MsnOjUseB-YmScXfQ-oX0LwXEQ9nyWvmR8i7qEXEzIMIOuQGMfDNBAlI-yC58pjBlFfkCDItHqI5JWa8Jns3rO584tauhIN30iy9jgR6tHNTcRqP_ABN-xhrO0A5IFBAgEGAGSBQQIBRgEoAYugAfsoaimAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDOrxbSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItOTk4OTI4Mjk5NzM0MTk5MQ&sigh=KX_DlcxRNuQ&template_id=419

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=600&slotname=8666046263&adk=1061136711&adf=3649827849&pi=t.ma~as.8666046263&w=300&lmt=1621860165&psa=0&format=300x600&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164855&bpp=26&bdt=320&idt=316&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=317&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H2VpqfXcvK&p=https%3A//jordan.hatla2ee.com&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 24 May 2021 12:42:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame E4C3 9 KB
3 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 23:34:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 24 May 2021 23:34:05 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E4C3 26 KB
10 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 23:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48704
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 24 May 2021 23:11:01 GMT

GET
H3-29 200 lottie_light.min.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/ Frame E4C3 140 KB
39 KB 13ms
10ms Script
application/x-javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/lottie_light.min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6d09da0c3245664a4a6b03f0e4d6b132db88ce994750d8324640403f93814d6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 478697
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40127
x-xss-protection: 0
last-modified: Thu, 18 Feb 2021 08:51:11 GMT
server: sffe
date: Tue, 18 May 2021 23:44:28 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 May 2022 23:44:28 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4888 143 B
163 B 9ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=600&slotname=8666046263&adk=1061136711&adf=3649827849&pi=t.ma~as.8666046263&w=300&lmt=1621860165&psa=0&format=300x600&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164855&bpp=26&bdt=320&idt=316&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=317&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H2VpqfXcvK&p=https%3A//jordan.hatla2ee.com&dtd=321
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmtbNk5VWlwlaDfv9KPdUlYYnmcQ6JeZ3eEV_e5oGdeY1_atnWqMLUFwHjgzHo; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=600&slotname=8666046263&adk=1061136711&adf=3649827849&pi=t.ma~as.8666046263&w=300&lmt=1621860165&psa=0&format=300x600&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164855&bpp=26&bdt=320&idt=316&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=317&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H2VpqfXcvK&p=https%3A//jordan.hatla2ee.com&dtd=321

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 24 May 2021 12:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 806
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0856 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7cf58ede3f6b7b0502ba954c35a8c46e92e7367e6e73df556afb90a97aa008b0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 0856 0
20 B 40ms
40ms Other
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJjIlvir4vACFYOncQodQHQFpw&gqi=RZ-rYKfVC5rhtweDmJPIBQ&layout=/sadbundle/%24csp%253Der3%24/15360962201801046162/300x600/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js Show response
pagead2.googlesyndication.com/bg/ Frame FFF8 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1e591b3dbf6a3062e13ac83cbcf2eb65821ef63b5c838241e60596fbfe11e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 18:33:32 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 65353
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5773
x-xss-protection: 0
expires: Mon, 23 May 2022 18:33:32 GMT

GET
H3-29 200 data.json Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/ Frame E4C3 182 KB
19 KB 7ms
6ms XHR
application/json 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/data.json

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3120411795171369841/728x90/lottie_light.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd472e3bbd68f2babe5d5c95bea791b576e3cb6f55c85078137c60124cb06543

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 224003
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19828
x-xss-protection: 0
last-modified: Thu, 18 Feb 2021 08:51:11 GMT
server: sffe
date: Fri, 21 May 2021 22:29:22 GMT
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 22:29:22 GMT

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 6927 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 23:34:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 24 May 2021 23:34:05 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 6927 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 23:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48704
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 24 May 2021 23:11:01 GMT

GET
H3-29 200 lottie_light.min.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/ Frame 6927 140 KB
39 KB 10ms
9ms Script
application/x-javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/lottie_light.min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6d09da0c3245664a4a6b03f0e4d6b132db88ce994750d8324640403f93814d6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 310147
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40127
x-xss-protection: 0
last-modified: Thu, 18 Feb 2021 08:51:08 GMT
server: sffe
date: Thu, 20 May 2021 22:33:38 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 May 2022 22:33:38 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DCB0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

20ms
15ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9989282997341991&output=html&h=90&slotname=7189313066&adk=4036842139&adf=2307585780&pi=t.ma~as.7189313066&w=728&lmt=1621860165&rafmt=12&psa=0&format=728x90&url=https%3A%2F%2Fjordan.hatla2ee.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621860164815&bpp=2&bdt=279&idt=324&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=1983849134907&frm=20&pv=1&ga_vid=1878881232.1621860165&ga_sid=1621860165&ga_hid=299322574&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2314&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060930&oid=3&pvsid=469162302824513&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=zjh2IZy8E5&p=https%3A//jordan.hatla2ee.com&dtd=342

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si?st=NO_DATA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmtbNk5VWlwlaDfv9KPdUlYYnmcQ6JeZ3eEV_e5oGdeY1_atnWqMLUFwHjgzHo; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 May 2021 12:42:46 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 24-May-2021 13:42:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 24 May 2021 12:42:46 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 May 2021 12:42:46 GMT
server: safe
content-length: 257
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 data.json Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/ Frame 6927 182 KB
19 KB 7ms
7ms XHR
application/json 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/data.json

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15360962201801046162/300x600/lottie_light.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40964e79d54951af5b73f4d2cd080bb2b50623f127f1be0e8819f3ebd4b2a13d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 310148
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19810
x-xss-protection: 0
last-modified: Thu, 18 Feb 2021 08:51:08 GMT
server: sffe
date: Thu, 20 May 2021 22:33:38 GMT
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 May 2022 22:33:38 GMT

GET
H3-29 200 0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js Show response
pagead2.googlesyndication.com/bg/ Frame E4C3 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1e591b3dbf6a3062e13ac83cbcf2eb65821ef63b5c838241e60596fbfe11e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 18:33:32 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 65354
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5773
x-xss-protection: 0
expires: Mon, 23 May 2022 18:33:32 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4888
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
15ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmtbNk5VWlwlaDfv9KPdUlYYnmcQ6JeZ3eEV_e5oGdeY1_atnWqMLUFwHjgzHo; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 May 2021 12:42:46 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 24-May-2021 13:42:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 24 May 2021 12:42:46 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 May 2021 12:42:46 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js Show response
pagead2.googlesyndication.com/bg/ Frame 6927 14 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1e591b3dbf6a3062e13ac83cbcf2eb65821ef63b5c838241e60596fbfe11e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 18:33:32 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 65354
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5773
x-xss-protection: 0
expires: Mon, 23 May 2022 18:33:32 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210517&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab4a74b556cdbc68559e68fdd8d608e5075f1c1b2ad5a979a6267145d406c078

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 24 May 2021 12:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7662
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 12:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 24 May 2021 12:42:46 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F831 42 B
64 B 44ms
43ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuOJqe79NAfA5OBWvclNhq_y1194PaXMDwpsu1Xjp1p9bGO2EaoSzu9H7FUBvMvwJvK6iEP1Niqq3sSoVpBvLJgd63_Q725fVJr5-Pe5lX3Q_OLcwqX0n-i9dCNTw&sai=AMfl-YRcF9UbYRf9Sdo-Z3KtAAdbRjbgax7RQbXdDXvb5gwCyoB510HNkkiiXPYAyCy7FM5s2CJjMT0g9J-JO5Dxjj9c-g3IbMgFfp0&sig=Cg0ArKJSzBcg_hoqTRJjEAE&cid=CAASF-RovULz1V40aSCuHhw43VvpeiAwHZwu&id=lidar2&mcvt=1061&p=100,574,190,1302&mtos=1061,1061,1061,1061,1061&tos=1061,0,0,0,0&v=20210521&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3556837215&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621860165091&dlt=339&rpt=114&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 9743 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jordan.hatla2ee.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jordan.hatla2ee.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 24 May 2021 12:41:26 GMT
expires: Tue, 24 May 2022 12:41:26 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 80
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EADD 783 B
533 B 15ms
15ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e502a3bb3886946f24f43047660edbe6a7cd7dfbd710848a3fd54460b45c0825

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XJaxX3P2RoHwIQS40QFEsA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jordan.hatla2ee.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jordan.hatla2ee.com/

Response headers

expires: Mon, 24 May 2021 12:42:46 GMT
date: Mon, 24 May 2021 12:42:46 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-XJaxX3P2RoHwIQS40QFEsA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js Show response
pagead2.googlesyndication.com/bg/ Frame 9743 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1e591b3dbf6a3062e13ac83cbcf2eb65821ef63b5c838241e60596fbfe11e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 18:33:32 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 65354
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5773
x-xss-protection: 0
expires: Mon, 23 May 2022 18:33:32 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210517&jk=469162302824513&bg=!09Cl0JTNAAZ7hX_Ue4U7ACkAdvg8Wry7oSWHklR-YJBFUieOr1JTkiWoAMdlHTPYCfGs95s5X_sswQIAAAB1UgAAAA5oAQcKASAtJXxH1_PjSFIS7g0c50ICydIVQIgSi7sR4rXoDVED29iMMveJ9duKMhoZzUcLZwoDtD5_i7Ps7JjF1boJ5sZUt_cS-PCWWDugSKx3lbL9Uce5C-bwOW6vwYMsHehtFdMEcInrhXk4x3O0DV12UiyfwVn2qt69sAQn51wT-g7VHqxE4kE-LEmT-orH141oIlF-5Qw5n2EXY-d3l-ldrAx38TKZkGnSUNMDOibCCFX-LX5lYEMZhLbhD99rCswWDIFuFCMULmLkgSAOoeL0d91sEkUFuY_DoEAHw3pbDYhN-EMVKaXfK9P0CAxWQPoe_h0OGA3R-TYXAbg3kSYCLaAo3BOfHB1mmIVQuBFV82uF6jbY0Sj7rbF3c8fDglALI-2ZAkpPzbVmD_3muM5JZK5WlMwC0nJdop_4hiddVBJOyGkif-3q2tH6Sig6JR9H16QOQcFQgQQJwLe0dklKtMYcWJ_6NkWTmQse1EYk5R9j7HFMNvsNIMWGkkW5zVd-hxxaGMDr1VqnG_fY1YdwVH10TYnUlGR0mpHrS-ldubZ6wud47lIGQGl6AHl7rZh0ZVFJDyZngljch5O2ekN79JSYzdqMAqPGU1Mx78XlpVBOQ27qFO4sS2lA_Yogcg3G3T3coaLqDhWpX0EMLIaNms2B5ZgTypVcexgNzHBWO06RJFshq4qLtwOwoQjHmsbYnwJqIrVdGXUFto4kQSO0JkX7kTgiSJDL970KX6eXbnm1TlhkGRCAQjZKQ2_4aKzhX1EXMj5L2j0Gj40aPAj-nK8DiRTt7GyLuJfKV8lfE7AQLF0DurmBG4oOLimXX_qJkyG-LOsAQK0Lkc4iDdsNXOFmHObk20_tyuGVl_TkEpBsVnJ_DWcV2qbdJT1ohKs0gmgZHtbpPkV0-VWaP0vWlFBT2fD-bopBFW4L-ILerUF58aRDAecjQ4Q0-WlcSrhtJh0oo6Te1F-gRU0fXPO-qL203fffM6NW8DHFKvM9TDU1uFQ6REQasU_fA4EFi-qfly0uQRjx7JUpXItQ6LJaaqNA_2Y644LYKIHEwLvnvZA6FWJPNgrtknXSp05UJJOaLS77RihNOBa_z5GUiGh4REjRTHRlaDExmeyLx-SjzNj5OPA206M-iLXbuV74nCcubJakzCyTsDpjk1SdR05h

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jordan.hatla2ee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E4C3 0
20 B 39ms
39ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=617.0000&a1=https&f1=layout_html&s1=0&d1=21.0000&i=499314061623&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F3120411795171369841%2F728x90%2Findex.html&gqi=RZ-rYKXZCprZtgf4u4fgCw&qqi=CKrOlfir4vACFW1IFQgd2bIE3w

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 May 2021 12:42:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

265 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 18:31:03	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 03:52:36	Name: IDE Value: AHWqTUmtbNk5VWlwlaDfv9KPdUlYYnmcQ6JeZ3eEV_e5oGdeY1_atnWqMLUFwHjgzHo
.hatla2ee.com/	1970-01-19 18:31:00	Name: _gat_domaine Value: 1
.hatla2ee.com/	1970-01-19 18:31:00	Name: _gat Value: 1
.hatla2ee.com/	1970-01-19 18:32:26	Name: _gid Value: GA1.2.2021375033.1621860165
.hatla2ee.com/	1970-01-20 12:02:12	Name: _ga Value: GA1.2.1878881232.1621860165
.hatla2ee.com/	1970-01-20 03:52:36	Name: __gads Value: ID=ef690550ccfa1484-22c1fa731bc80053:T=1621860165:RT=1621860165:S=ALNI_MakJnDdeaP2rMdiNpFOFIl5vO1-nA
jordan.hatla2ee.com/	1970-01-19 20:40:36	Name: open-counter Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
adservice.google.de
googleads.g.doubleclick.net
jordan.hatla2ee.com
media.hatla2eestatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
142.250.185.70
172.217.18.98
2606:4700:20::681a:7c0
2606:4700:3032::6815:495e
2a00:1450:4001:800::2002
2a00:1450:4001:802::2004
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200e
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2001
2a00:1450:400c:c07::9c
2a03:2880:f12d:83:face:b00c:0:25de
01e4322a2c60aab057c90bd9d961051b1df09b4e691e6488f5ab1db18f8cd324
0a4e15e0a382cdbfe1d63cbd77a59ce2f67660b54e926fbebc97fe0b7cebf869
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
1ddb4272221cf2006df714a0db7ab3de969005e4795869fde575fbfd8637deb4
28804d5aa131078efa477c9d9392e9861473de3d6e370aca21472fd2adbd3d1b
29e74ca0db2b79c6a6d70ab3c63c8c1bf7a0574a0f91058d5743c9072ace7383
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
336252920e85f1b6a227ad42a6a99ea5748982f78446b1a84bd80553096486eb
37aacaa89a818eeb028f488389049a8ba00b54552a4be07dd5ed881878ae1e41
387c7986eadb0774f80cb5bcd9da38819b42d322de52acb9ef909fb43ef7c6eb
3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782
3d86fbd49bf83799f9c3d05a3b5d9e6525013818eb41c4cfb146d29ba5903f5f
40964e79d54951af5b73f4d2cd080bb2b50623f127f1be0e8819f3ebd4b2a13d
4781e06d15be5a26f774d467120dc78564c2433c47b371a8d6dd364e25c1a117
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
4df2fd5c8b3681147087fa7506cef9c982c18edf99729a4412e41af2f98fe0b3
548b944f77f329463ad40b725bfeede8a771bb7c91dd845aae4d55d2ebdd3121
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55dc2914fd50d5b9f175631c27d961fd30cde8fd56a6550bcdc37f4626a73ead
66692834201188242d64623d532248275efe2ba80101490c96bdce4160b78188
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6cfbd9b5d2bf2d7b8d2b2c5fbab883d5e9d663cac26d78e9e0d8b57fa42b1e62
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
772ebfd6a8738568e21ae7c711289fb9eace128113df0047455559eed11b358c
7cf58ede3f6b7b0502ba954c35a8c46e92e7367e6e73df556afb90a97aa008b0
8048179a9e6d2a88bffa8f7feef5e078c9959376218c622b6d0f14a8628d3f80
808105670d70867704543e748cb1a19f041926c2aedad67b3e81df7a56af52d8
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8938b2d12b8b2f1bc194d0d1fc0d6a5cbeec9462bb4c6db9c759d8b83a09e759
91b79a7fd36bcf4a81916ed899f696de50da8eddefc238ddc5774e784d45b3a6
93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668
9d599136539566d0801790945c8df454b2d10a7f2178a75b4143f579d3e30d10
9f12327afa859ebc6fb70b0676454a3655998e8c7d5c06da7afc8925e8d5ff61
a41ce82cee83126196309ba5385d63341dbf3579d478f2ad40fc737242b98e70
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a9b3fef2bf386d6962fedcb338670ab4310ca1925d08d024eeb4d5cb9b650db3
ab4a74b556cdbc68559e68fdd8d608e5075f1c1b2ad5a979a6267145d406c078
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b084eafce4212b77b0f96c440a310283a17dd9638d741c31edbe11efb46e3e0a
b31489e407f77af62c73a1cb492d84cbd95a289e4e72c94f124ccce997578fe7
b6d09da0c3245664a4a6b03f0e4d6b132db88ce994750d8324640403f93814d6
b8cd5b63aa619f2b5c65fb5bf3ac58ab2a64fdd000482330e2d9cc8c97e1eff0
b98c6e443c6230ab396b0f11a2ce8c9c2f829b6c489961254073daa6514fdaa3
bb35835e7687ec9981e94f6ad53e38c18810d413ed0d88bc3f111e4130744c53
c0914c77d032035a0105a531e360d613d75ad57af45e994269f56eae00215b70
c2ba511c6405506a889996aca748e3b0985624caca660a1f16385fbf5778f52e
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c893d1464c078f6fd76c6ab0b140105d2fe3cad26cb0371a95cce15e9dfe9ab4
cd472e3bbd68f2babe5d5c95bea791b576e3cb6f55c85078137c60124cb06543
d1e591b3dbf6a3062e13ac83cbcf2eb65821ef63b5c838241e60596fbfe11e32
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d702a03675502feb41143b3750d107051e95f433baf447e098365031e1f1b3c0
da5ead8666f2903035431dcb4df84fcd6eca21c4c13507d4e8699c34017f4966
dfc14db642406238470b1dc09aac2cb8affa315c4ee5d5d56de567b718fdfb72
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e502a3bb3886946f24f43047660edbe6a7cd7dfbd710848a3fd54460b45c0825
e680ba4c82c6e83cf324c7347fe833abf00dbb9f70a722e17f57b31e78431a98
e91f88e994950c9deb8f29695ac34a7e45e7ab83c492e2b5fe5430325783b873
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

jordan.hatla2ee.com Open in urlscan Pro 2606:4700:20::681a:7c0 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

103 Requests

100 %HTTPS

86 %IPv6

10 Domains

15 Subdomains

15 IPs

3 Countries

1564 kBTransfer

4531 kBSize

8 Cookies

31 Outgoing links

Page URL History

Redirected requests

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

jordan.hatla2ee.com Open in urlscan Pro
2606:4700:20::681a:7c0 Public Scan

Screenshot
Live screenshot

Full Image

103
Requests

100 %
HTTPS

86 %
IPv6

10
Domains

15
Subdomains

15
IPs

3
Countries

1564 kB
Transfer

4531 kB
Size

8
Cookies

103 HTTP transactions
3 data transactions