urlscan.io logo urlscan.io
SecurityTrails logo

imf.qal3a.online Open in urlscan Pro
2a00:1450:4001:80b::2013  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://imf.qal3a.online/2022/06/2022.html
Effective URL: https://imf.qal3a.online/2022/06/2022.html
Submission: On January 10 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 8 domains to perform 36 HTTP transactions. The main IP is 2a00:1450:4001:80b::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is imf.qal3a.online.
TLS certificate: Issued by WR3 on December 7th 2024. Valid for: 3 months.
This is the only time imf.qal3a.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2a00:1450:400... 15169 (GOOGLE)
11 172.217.18.2 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 172.66.47.36 13335 (CLOUDFLAR...)
2 9 199.232.192.193 54113 (FASTLY)
3 157.240.253.35 32934 (FACEBOOK)
2 172.217.16.195 15169 (GOOGLE)
1 216.58.206.34 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
36 10
2    2a00:1450:4001:80b::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imf.qal3a.online
11    172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net
pagead2.googlesyndication.com
4    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
blogger.googleusercontent.com
3    172.66.47.36 (United States)

ASN13335 (CLOUDFLARENET, US)
od-jsc.pages.dev
9    199.232.192.193 (United States)

ASN54113 (FASTLY, US)
i.imgur.com
3    157.240.253.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra5.facebook.com
www.facebook.com
2    172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f195.1e100.net
fonts.gstatic.com
1    216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net
ep1.adtrafficquality.google
2    2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google
Apex Domain
Subdomains		 Transfer
11 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
256 KB
9 imgur.com
i.imgur.com — Cisco Umbrella Rank: 8961
4 MB
4 googleusercontent.com
blogger.googleusercontent.com — Cisco Umbrella Rank: 10221
207 KB
3 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 389
ep2.adtrafficquality.google — Cisco Umbrella Rank: 403
20 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
3 KB
3 pages.dev
od-jsc.pages.dev
37 KB
2 gstatic.com
fonts.gstatic.com
48 KB
2 qal3a.online
imf.qal3a.online
16 KB
36 8
Domain Requested by
11 pagead2.googlesyndication.com imf.qal3a.online
pagead2.googlesyndication.com
9 i.imgur.com 2 redirects imf.qal3a.online
4 blogger.googleusercontent.com imf.qal3a.online
3 www.facebook.com imf.qal3a.online
3 od-jsc.pages.dev client
imf.qal3a.online
2 ep2.adtrafficquality.google pagead2.googlesyndication.com
ep2.adtrafficquality.google
2 fonts.gstatic.com od-jsc.pages.dev
2 imf.qal3a.online imf.qal3a.online
1 ep1.adtrafficquality.google pagead2.googlesyndication.com
36 9

This site contains links to these domains. Also see Links.

Domain
www.blogger.com
Subject Issuer Validity Valid
imf.qal3a.online
WR3		 2024-12-07 -
2025-03-07		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-12-09 -
2025-03-03		 3 months crt.sh
*.googleusercontent.com
WR2		 2024-12-09 -
2025-03-03		 3 months crt.sh
od-jsc.pages.dev
WE1		 2024-12-04 -
2025-03-04		 3 months crt.sh
*.imgur.com
Sectigo RSA Domain Validation Secure Server CA		 2024-02-15 -
2025-02-14		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-10-19 -
2025-01-17		 3 months crt.sh
*.gstatic.com
WR2		 2024-12-09 -
2025-03-03		 3 months crt.sh
adtrafficquality.google
WR2		 2024-12-09 -
2025-03-03		 3 months crt.sh

This page contains 9 frames:

Primary Page: https://imf.qal3a.online/2022/06/2022.html
Frame ID: CCCC391B79EBE636478F7322AEE452A9
Requests: 28 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Frame ID: FA146767FDF46FE7CCF8E348D8BABA91
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-2457458440571846&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1736082806&plat=3%3A16%2C4%3A16%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&itsi=-1&aiapm=0.3221&aiapmi=0.33938&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736488592618&bpp=2&bdt=63&idt=68&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=6119808925149&frm=20&pv=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089540%2C95349404%2C31089638&oid=2&pvsid=3330784985828515&tmod=522727471&uas=0&nvt=1&fsapi=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=1&uci=a!1&fsb=1&dtd=78
Frame ID: 3714951C6F5AC2D90514B299A29C7745
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=3175363789&pi=t.aa~a.3911002853~rp.4&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736488593140&bpp=1&bdt=584&idt=-M&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0&nras=2&correlator=6119808925149&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1338&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089540%2C95349404%2C31089638&oid=2&pvsid=3330784985828515&tmod=522727471&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Frame ID: 458D154B42C2786B2A06F48819840FE1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=2973209031&pi=t.aa~a.3299938725~rp.4&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736488593140&bpp=1&bdt=585&idt=0&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=6119808925149&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2080&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089540%2C95349404%2C31089638&oid=2&pvsid=3330784985828515&tmod=522727471&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=5
Frame ID: 25D645784BAB7CB2E8E8A23EA3904413
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3809598800&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736488593140&bpp=1&bdt=584&idt=1&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=6119808925149&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3003&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089540%2C95349404%2C31089638&oid=2&pvsid=3330784985828515&tmod=522727471&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Frame ID: D75D6CBCCD7E360C549BE00D34B79187
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Frame ID: 7A8AE8B346107B4664611734E08858CA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Frame ID: 576BAFC4D2D2ADB2CE0C64598A700653
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 5D34FB58D08061862AD115BE1A9D70D1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

برنامج الأغذية العالمي (WPF)

Page URL History Show full URLs

  1. http://imf.qal3a.online/2022/06/2022.html HTTP 307
    https://imf.qal3a.online/2022/06/2022.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

36
Requests

92 %
HTTPS

33 %
IPv6

8
Domains

9
Subdomains

10
IPs

2
Countries

4433 kB
Transfer

5230 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://imf.qal3a.online/2022/06/2022.html HTTP 307
    https://imf.qal3a.online/2022/06/2022.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://i.imgur.com/dik62Au.jpg HTTP 302
  • https://i.imgur.com/removed.png
Request Chain 12
  • https://i.imgur.com/hDBSzIL.jpg HTTP 302
  • https://i.imgur.com/removed.png

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 2022.html
imf.qal3a.online/2022/06/
Redirect Chain
  • http://imf.qal3a.online/2022/06/2022.html
  • https://imf.qal3a.online/2022/06/2022.html
53 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2a508122371aaaa6e0893260e9f71f665192a55b5bd532aec6ef6da848d3c5e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
private, max-age=0
content-encoding
gzip
content-length
13741
content-type
text/html; charset=UTF-8
date
Fri, 10 Jan 2025 05:56:32 GMT
etag
W/"b68a350a1967c4fa4ac959ee779c6381b6377d788f841bc5eb6178d0aff56b91"
expires
Fri, 10 Jan 2025 05:56:32 GMT
last-modified
Sun, 05 Jan 2025 13:13:26 GMT
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Location
https://imf.qal3a.online/2022/06/2022.html
Non-Authoritative-Reason
HttpsUpgrades
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		158 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2457458440571846
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
1f0af91df03d9fc9fa4726b873962891b6ac30213c459d6b8644743ebe3269f1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://imf.qal3a.online
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
10198136533923689252
x-content-type-options
nosniff
expires
Fri, 10 Jan 2025 05:56:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
53758
x-xss-protection
0
server
cafe
img_1716506430580.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvU_VtsfMmR6a5_dNihGM9dhyphenhyphen_TAU99odQNzGSHopfDLpqZ7XMWDfKO_1cpTYU_Q3RSRAx_5n3rs2KhYywsFFX91d5scpWfD8lwlqZHllgh_7_GSL6cZeAX_FWfdX6MuWeHT_qWy... 		170 KB
171 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvU_VtsfMmR6a5_dNihGM9dhyphenhyphen_TAU99odQNzGSHopfDLpqZ7XMWDfKO_1cpTYU_Q3RSRAx_5n3rs2KhYywsFFX91d5scpWfD8lwlqZHllgh_7_GSL6cZeAX_FWfdX6MuWeHT_qWy-jJ4_uUGzUKaoS6AhQJgg3T9AmbEY3yEBAfmS7y5ZMnJ-4pdI74kQG/s1080/img_1716506430580.png
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8163c139f394d10a920245789492fd2cc36aeac9e1c1b0690ff10fa3ea0ee148
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
etag
"vb0"
x-content-type-options
nosniff
expires
Sat, 11 Jan 2025 05:56:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
174549
date
Fri, 10 Jan 2025 05:56:32 GMT
x-xss-protection
0
content-type
image/png
vary
Origin
server
fife
content-disposition
inline;filename="img_1716506430580.png"
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/ 		434 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2457458440571846
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
d7d53656e2412f07140f30dd53b74f234a0b4db081621e8ff54199cbc6ce4897
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
10512349217571734107
x-content-type-options
nosniff
expires
Fri, 10 Jan 2025 05:56:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
148115
x-xss-protection
0
server
cafe
css2.css
od-jsc.pages.dev/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://od-jsc.pages.dev/css2.css?family=Poppins:wght@500;700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.47.36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
842be935d39dcb195e58cafdaf280ac1088b22e48538b4946fe4fb18e9852706
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
W/"ea2f2b6f152177bb4346aa8b89e3c5d9"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xh1Rh7nlmMh9pIa3fc4uVFIS9aqASfgXL87tysu2TfULKcvhzqh1RYNOtdbw6nC6MBFimmwqVzKVVwgA%2B02vrkCgykJpoCyOK4bFq%2FQzGOB6D%2Bq3xrYxP80DhUSqXmqX%2FS57"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6966&min_rtt=6816&rtt_var=1574&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4166&recv_bytes=4993&delivery_rate=85375&cwnd=12000&unsent_bytes=0&cid=19759eb5909b2fbe&ts=28&x=1", cfExtPri, cfHdrFlush;dur=0
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8ffa6ca84c3f65be-FRA
access-control-allow-origin
*
server
cloudflare
droidarabicnaskh.css
od-jsc.pages.dev/ 		1 KB
994 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://od-jsc.pages.dev/droidarabicnaskh.css
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.47.36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
W/"4c47ee2aa08d75c53fbb400d0a2bd286"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qxbHMzny%2Bxvzawlzfi%2Bg%2B11Ne8YRZXaJf0XjkZ01jaxnDfD5%2FvQxHp8g%2FhIsHy%2BLVlFKZ5C0OzyAdSKJ94PxQ70lckTMAOQHpmN4HRSGyXRdxU5j2cZxf1%2BC76V02J1rwT4J"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6966&min_rtt=6816&rtt_var=1574&sent=13&recv=11&lost=0&retrans=0&sent_bytes=5361&recv_bytes=4993&delivery_rate=85375&cwnd=12000&unsent_bytes=0&cid=19759eb5909b2fbe&ts=30&x=1", cfExtPri, cfHdrFlush;dur=0
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8ffa6ca84c4065be-FRA
access-control-allow-origin
*
server
cloudflare
umdRtdF.gif
i.imgur.com/ 		4 MB
4 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/umdRtdF.gif
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
983163f971593bcd09b71971f8cee6905a2bb8bfc104c68e1c8dacf69b308b08
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"7a05593d9b060d27822658a98327b755"
age
2611359
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
5oEywluwBaXSbcqQ-EGK9vyP9kOcu-hI63UoPamDqRqg4rcjokbUmg==
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
image/gif
last-modified
Tue, 18 Jul 2023 19:34:49 GMT
x-cache-hits
12, 1
x-served-by
cache-iad-kjyo7100054-IAD, cache-fra-etou8220067-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736488593.683973,VS0,VE7
accept-ranges
bytes
access-control-allow-origin
*
content-length
3697349
x-amz-cf-pop
IAD89-C1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
/
www.facebook.com/reaction/image/1635855486666999/ 		815 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/reaction/image/1635855486666999/?size=20&scale=1
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra5.facebook.com
Software
/
Resource Hash
39d8ba5c57b637434d21319acfa9fe2029cc88839cab8a4767b8854c60339921
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Thu, 23 Jan 2025 05:42:45 +0000
date
Thu, 09 Jan 2025 05:42:45 GMT
content-type
image/png
x-fb-debug
rRNTt/0nfi/edLzm5pTmFZ8yWPi/IMkflz9/A4EWrIm5/RJ0AB0pGB0JA0CTXcJcdgQoSwXqdcKIF7hFGbPlwg==
priority
u=2,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
public, max-age=1209600
cross-origin-opener-policy
same-origin-allow-popups
pragma
public
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
content-length
815
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/reaction/image/1678524932434102/ 		816 B
931 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/reaction/image/1678524932434102/?size=20&scale=1
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra5.facebook.com
Software
/
Resource Hash
81d62c74016d8779cb91019934882095ad606798f3f32327fa4dadf9d023a4d5
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"network-errors"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Thu, 23 Jan 2025 04:52:23 +0000
date
Thu, 09 Jan 2025 04:52:23 GMT
content-type
image/png
x-fb-debug
BKIqy/cJcodG6vK85idCV7XgxEK8QtQ6mAhPp0pXMg5eSFBND1wPbap79SdVSIRGqdFSZMeaRG3FZJsB7B6WPw==
priority
u=2,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control
public, max-age=1209600
nel
{"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
pragma
public
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
content-length
816
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/reaction/image/613557422527858/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/reaction/image/613557422527858/?size=20&scale=1
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra5.facebook.com
Software
/
Resource Hash
7b7cc49ed4945a43ca361ca9e327cd907f5520cec87858b820e02a6db6d55779
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 00:58:32 +0000
date
Sun, 29 Dec 2024 00:58:32 GMT
content-type
image/png
x-fb-debug
hVuCx+iHyZqzj16dEkcyF0s2UYE8CLZR9lju8Ek6TzSOFIJsm/TMIeBQw39ZfVZaWdTp7mejMqs73MsUnDz+wQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=2,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
public, max-age=1209600
cross-origin-opener-policy
same-origin-allow-popups
pragma
public
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
content-length
1179
x-xss-protection
0
origin-agent-cluster
?1
g4G5Sz2.jpeg
i.imgur.com/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/g4G5Sz2.jpeg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
e262f9cf00a1e067dde773a8983ca37650a3d608fd429cddc620b18ecd06e321
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"2265c45c5849a701de7f63246a0d7060"
age
2074848
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
jJUlFoIOg-3vXVjtLTWcXWqijfNK0LN_VhaYN9QvXjTgOIY5gmgvBg==
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
image/jpeg
last-modified
Fri, 23 Feb 2024 00:37:47 GMT
x-cache-hits
7, 1
x-served-by
cache-iad-kjyo7100172-IAD, cache-fra-etou8220067-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736488593.684442,VS0,VE2
accept-ranges
bytes
access-control-allow-origin
*
content-length
29466
x-amz-cf-pop
PHL51-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
2Z343cB.jpeg
i.imgur.com/ 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/2Z343cB.jpeg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
6ae105772fd284edf68de7fa2853104045f08850327d5e0c0637ff4a4151b356
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"621c38f3d1f9722327cc83114740c824"
age
832585
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
vfThfXW_SDia5OKtMapZ7DZZtjfkULI34emPgaazSAG2L037SrEyjg==
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
image/jpeg
last-modified
Fri, 23 Feb 2024 00:39:25 GMT
x-cache-hits
7, 1
x-served-by
cache-iad-kiad7000110-IAD, cache-fra-etou8220067-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736488593.684470,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
63098
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
removed.png
i.imgur.com/
Redirect Chain
  • https://i.imgur.com/dik62Au.jpg
  • https://i.imgur.com/removed.png
503 B
781 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/removed.png
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"d835884373f4d6c8f24742ceabe74946"
age
1461452
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
HIT, HIT
date
Fri, 10 Jan 2025 05:56:32 GMT
last-modified
Wed, 14 May 2014 05:44:36 GMT
content-type
image/png
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-etou8220067-FRA
x-cache-hits
23848, 17321
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736488593.706786,VS0,VE0
accept-ranges
bytes
access-control-allow-origin
*
content-length
503
server
cat factory 1.0

Redirect headers

strict-transport-security
max-age=300
retry-after
0
location
https://i.imgur.com/removed.png
x-timer
S1736488593.683931,VS0,VE1
age
376
access-control-allow-methods
GET, OPTIONS
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT, HIT
content-length
0
date
Fri, 10 Jan 2025 05:56:32 GMT
x-served-by
cache-iad-kiad7000154-IAD, cache-fra-etou8220067-FRA
x-cache-hits
0, 1
server
cat factory 1.0
removed.png
i.imgur.com/
Redirect Chain
  • https://i.imgur.com/hDBSzIL.jpg
  • https://i.imgur.com/removed.png
503 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/removed.png
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"d835884373f4d6c8f24742ceabe74946"
age
1461452
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
HIT, HIT
date
Fri, 10 Jan 2025 05:56:32 GMT
last-modified
Wed, 14 May 2014 05:44:36 GMT
content-type
image/png
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-etou8220067-FRA
x-cache-hits
23848, 17321
cache-control
public, max-age=31536000
x-timer
S1736488593.706786,VS0,VE0
accept-ranges
bytes
access-control-allow-origin
*
content-length
503
server
cat factory 1.0

Redirect headers

strict-transport-security
max-age=300
retry-after
0
location
https://i.imgur.com/removed.png
x-timer
S1736488593.684661,VS0,VE1
age
376
access-control-allow-methods
GET, OPTIONS
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT, HIT
content-length
0
date
Fri, 10 Jan 2025 05:56:32 GMT
x-served-by
cache-iad-kiad7000128-IAD, cache-fra-etou8220067-FRA
x-cache-hits
0, 1
server
cat factory 1.0
Gk1iXHp.jpeg
i.imgur.com/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/Gk1iXHp.jpeg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
37be356d7131cbadfb089eb648cb3c1bd828b7a304e7d2563065e054b26a565a
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"f03522658088c24758933bbd48a2bbe4"
age
2053756
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
yklN0zWaurLJw1w2s0-_pv-C71rIKpMaMtqi_fZEhuP3HMHoaOzxZw==
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
image/jpeg
last-modified
Fri, 23 Feb 2024 00:38:33 GMT
x-cache-hits
2081, 1
x-served-by
cache-iad-kjyo7100064-IAD, cache-fra-etou8220067-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736488593.684482,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
28734
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
WX71CLj.jpeg
i.imgur.com/ 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/WX71CLj.jpeg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
8190eebd2e6b09698957abd28747eb1debddf8afcd2f40e69c31d25f07a02a7d
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"971e373299f5be7559d78446d30faca2"
age
1458752
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
Z2ubc7lzxwHzBcYQrDfgjSZq3EzSVM62sqfjYYy7amFB4pGgq0yIEA==
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
image/jpeg
last-modified
Fri, 23 Feb 2024 00:40:14 GMT
x-cache-hits
7, 1
x-served-by
cache-iad-kiad7000053-IAD, cache-fra-etou8220067-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736488593.684887,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
115356
x-amz-cf-pop
MIA3-C5
server
cat factory 1.0
x-amz-server-side-encryption
AES256
3.jpg
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiF7e5qCDQ2MhWyKaPPGw_zplGhx6hwkrVdA39B7XvJxDI9BLlghoTnwy7RmNlxI4qTHXPnKc611Hrw02csi5bpENKHxy3fg6DyX8VW0Z2sp9MEM0UGHvSrS3us-ywNjgZ67RgIDIs42UaSD-Dm... 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiF7e5qCDQ2MhWyKaPPGw_zplGhx6hwkrVdA39B7XvJxDI9BLlghoTnwy7RmNlxI4qTHXPnKc611Hrw02csi5bpENKHxy3fg6DyX8VW0Z2sp9MEM0UGHvSrS3us-ywNjgZ67RgIDIs42UaSD-DmEo58xytYF9hBU3iQ5vbK_sN0nHv7eeqeG36NMFQz11c/s1600/3.jpg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5ec73cf4d42170b4a8d173b35f0f1b9e2c73a5959fd4c905d0836a6a0612dcd8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
etag
"v51"
x-content-type-options
nosniff
expires
Sat, 11 Jan 2025 05:56:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10315
date
Fri, 10 Jan 2025 05:56:32 GMT
x-xss-protection
0
content-type
image/jpeg
vary
Origin
server
fife
content-disposition
inline;filename="3.jpg"
AVvXsEjT4eUm-2rj5zOJp4t0qinB8klLc9O3IS3esNRuAwjiDn0d6WYvAiXm_uupgYOx__4zXv-Eb-_naXSEGQOL2cFWX2spboihLYvschTuM4yjp39XahK3OM4cQpooFPVt=s0-d
blogger.googleusercontent.com/img/proxy/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogger.googleusercontent.com/img/proxy/AVvXsEjT4eUm-2rj5zOJp4t0qinB8klLc9O3IS3esNRuAwjiDn0d6WYvAiXm_uupgYOx__4zXv-Eb-_naXSEGQOL2cFWX2spboihLYvschTuM4yjp39XahK3OM4cQpooFPVt=s0-d
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
50ff52e0b7c92330ec9b5cb0b1431540aadbbb22f02829d0411a28faa4d5db61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
x-content-type-options
nosniff
expires
Sat, 11 Jan 2025 05:56:32 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26293
date
Fri, 10 Jan 2025 05:56:32 GMT
x-xss-protection
0
content-type
image/jpeg
vary
Origin
server
fife
content-disposition
attachment;filename="unnamed.jpg"
jquery-latest.min.js
od-jsc.pages.dev/ 		94 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://od-jsc.pages.dev/jquery-latest.min.js
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.47.36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
W/"5e50651694cfe452faefafe2bf2e7b3a"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iHsxPO4UEa4cAcUIFP9EEIW2bKFiAE5KLekDAH%2BbeOdgRNG0Y%2FmVhZOfIG5gR3hqu19j9LMkvtlQ4O5KyblXVreroPtbJWjCSD112YDS5m%2B5H%2FWkKMPRMsGkB20Us57f41vo"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6966&min_rtt=6816&rtt_var=1574&sent=15&recv=11&lost=0&retrans=0&sent_bytes=6402&recv_bytes=4993&delivery_rate=85375&cwnd=12000&unsent_bytes=0&cid=19759eb5909b2fbe&ts=33&x=1", cfExtPri, cfHdrFlush;dur=0
date
Fri, 10 Jan 2025 05:56:32 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
priority
u=2,i=?0
cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8ffa6ca84c3e65be-FRA
access-control-allow-origin
*
server
cloudflare
cookienotice.js
imf.qal3a.online/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imf.qal3a.online/js/cookienotice.js
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/2022/06/2022.html

Response headers

cache-control
public, max-age=604800
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
x-content-type-options
nosniff
expires
Fri, 17 Jan 2025 05:56:32 GMT
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
content-length
2026
date
Fri, 10 Jan 2025 05:56:32 GMT
x-xss-protection
0
content-type
text/javascript
vary
Accept-Encoding
server
sffe
last-modified
Thu, 09 Jan 2025 14:56:22 GMT
zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/ Frame FA14 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
77434
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4144
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 09 Jan 2025 08:25:58 GMT
etag
7793694970870604198
expires
Thu, 23 Jan 2025 08:25:58 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
pagead2.googlesyndication.com/pagead/ Frame 3714 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-2457458440571846&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1736082806&plat=3%3A16%2C4%3A16%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&itsi=-1&aiapm=0.3221&aiapmi=0.33938&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736488592618&bpp=2&bdt=63&idt=68&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=6119808925149&frm=20&pv=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089540%2C95349404%2C31089638&oid=2&pvsid=3330784985828515&tmod=522727471&uas=0&nvt=1&fsapi=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=1&uci=a!1&fsb=1&dtd=78
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
87616
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 10 Jan 2025 05:56:33 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: od-jsc.pages.dev
URL: https://od-jsc.pages.dev/css2.css?family=Poppins:wght@500;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f195.1e100.net
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://imf.qal3a.online
Referer
https://od-jsc.pages.dev/

Response headers

age
248642
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 07 Jan 2026 08:52:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 07 Jan 2025 08:52:30 GMT
last-modified
Wed, 27 Apr 2022 16:11:40 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
7816
x-xss-protection
0
server
sffe
DroidNaskh-Bold.woff2
fonts.gstatic.com/ea/droidarabicnaskh/v7/ 		40 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/ea/droidarabicnaskh/v7/DroidNaskh-Bold.woff2
Requested by
Host: od-jsc.pages.dev
URL: https://od-jsc.pages.dev/droidarabicnaskh.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f195.1e100.net
Software
sffe /
Resource Hash
0a6b3b2583f0b9ea7da829409bcde3dc1641adb9092100bf2e1415d61cde46d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://imf.qal3a.online
Referer
https://od-jsc.pages.dev/

Response headers

content-encoding
gzip
age
65181
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 09 Jan 2026 11:50:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 09 Jan 2025 11:50:11 GMT
last-modified
Wed, 13 Aug 2014 16:50:04 GMT
content-type
font/woff2
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
41271
x-xss-protection
0
server
sffe
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/ 		177 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/reactive_library_fy2021.js?bust=31089638
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
d7971b3c5158ec54a3c2fbd6454ded2ef01c8921dc0467b0a1b138ac4bfe8a0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
13646921704917397377
age
25628
x-content-type-options
nosniff
expires
Thu, 23 Jan 2025 22:49:25 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 09 Jan 2025 22:49:25 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
60488
x-xss-protection
0
server
cafe
ads
pagead2.googlesyndication.com/pagead/ Frame 458D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=3175363789&pi=t.aa~a.3911002853~rp.4&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736488593140&bpp=1&bdt=584&idt=-M&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0&nras=2&correlator=6119808925149&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1338&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089540%2C95349404%2C31089638&oid=2&pvsid=3330784985828515&tmod=522727471&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
306
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 10 Jan 2025 05:56:33 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
pagead2.googlesyndication.com/pagead/ Frame 25D6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=2973209031&pi=t.aa~a.3299938725~rp.4&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736488593140&bpp=1&bdt=585&idt=0&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=6119808925149&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2080&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089540%2C95349404%2C31089638&oid=2&pvsid=3330784985828515&tmod=522727471&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=5
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
303
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 10 Jan 2025 05:56:33 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
pagead2.googlesyndication.com/pagead/ Frame D75D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3809598800&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736488593140&bpp=1&bdt=584&idt=1&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=6119808925149&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3003&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089540%2C95349404%2C31089638&oid=2&pvsid=3330784985828515&tmod=522727471&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
305
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 10 Jan 2025 05:56:33 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/ Frame 7A8A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
77434
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4144
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 09 Jan 2025 08:25:58 GMT
etag
7793694970870604198
expires
Thu, 23 Jan 2025 08:25:58 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/ Frame 576B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
77434
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4144
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 09 Jan 2025 08:25:58 GMT
etag
7793694970870604198
expires
Thu, 23 Jan 2025 08:25:58 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ping
pagead2.googlesyndication.com/pagead/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://imf.qal3a.online/

Response headers
sodar
ep1.adtrafficquality.google/getconfig/ 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250108&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-aa-in-f2.1e100.net
Software
cafe /
Resource Hash
51feaaea725fee90dcf7d00e581b6076192c5245ded7c4ea3cf8bc8aa41a47fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13201
date
Fri, 10 Jan 2025 05:56:33 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
img_1716506430580.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvU_VtsfMmR6a5_dNihGM9dhyphenhyphen_TAU99odQNzGSHopfDLpqZ7XMWDfKO_1cpTYU_Q3RSRAx_5n3rs2KhYywsFFX91d5scpWfD8lwlqZHllgh_7_GSL6cZeAX_FWfdX6MuWeHT_qWy... 		170 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvU_VtsfMmR6a5_dNihGM9dhyphenhyphen_TAU99odQNzGSHopfDLpqZ7XMWDfKO_1cpTYU_Q3RSRAx_5n3rs2KhYywsFFX91d5scpWfD8lwlqZHllgh_7_GSL6cZeAX_FWfdX6MuWeHT_qWy-jJ4_uUGzUKaoS6AhQJgg3T9AmbEY3yEBAfmS7y5ZMnJ-4pdI74kQG/s1080/img_1716506430580.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8163c139f394d10a920245789492fd2cc36aeac9e1c1b0690ff10fa3ea0ee148
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
etag
"vb0"
x-content-type-options
nosniff
expires
Sat, 11 Jan 2025 05:56:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
174549
date
Fri, 10 Jan 2025 05:56:32 GMT
x-xss-protection
0
content-type
image/png
vary
Origin
server
fife
content-disposition
inline;filename="img_1716506430580.png"
sodar2.js
ep2.adtrafficquality.google/sodar/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Fri, 10 Jan 2025 05:56:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 10 Jan 2025 05:56:33 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 5D34 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1565
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 10 Jan 2025 05:30:28 GMT
expires
Fri, 10 Jan 2025 06:20:28 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/pagead/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20250108&jk=3330784985828515&bg=!3d6l3pHNAAYsEuUeDBI7ADQBe5WfOOkSlcUGIxs04JwEEV14SUVp6Dd-aboedYpDZKFxTiYpYiJjVof4g5ShYd_memXKAgAAACFSAAAAAmgBB34ANsIE629KZB2eAfiEa7mY3syUs2F3_Oom7CgKvZMpU8g4UaA0FBdZTUiyDSvRVcX7R3JAa5qOgwoAsQKCAactgdUV27XhxTZ5dD_pSwO-Xzav0F8XCMjda_0hUVWY-whL6trDrkXAAwLM31iCjWwVXbGVPtK6TYe11XvvqeZTYeSjgq9yAO8pGyVT9r-lFP2UfrJlEG5KSMRXvDRXT8t5Vo0GX-5Km-qN9yyWZ8ifz8ag0m5uVJEFbbQgXCGlS2PPL4jExXZO-Jmyd9MuOfNL8Uvj7BwVSmtWJnUlRiIKT5dwv15JaQY3JEfh1pkCkvlevmLH9oudL9nf07G2aYgMPJGkuti6_Bo50ok8HO_esZAaHjQRwnDvVplX712Yr_aT04kk2nUljltXG3hvarWLaAlAvdiefXaHC15nCnXFHq_uEjUPWTa8yY17UqFofVtvlrbO9G9seFan6LyHA5z3BK3voQMAVul0OpxyFIy_pttYC1ktKpPc3_MaxEG8lkgMzAn0sgQP6R1wJNO3S06JWMBuH2ceeTOYyDF4FiahA559wQpAGl5iFONlYzsn3piklI9m3GBaAEz9U3zfAc73qLBfI3nFv8gGm82UQMvtsIojOdS-JRpJzblq0qQbeS9MUBfay-ScF3YbYqnG4vco2lluocSKFdZDz3QSv6Jzln7WCfcNKyGXa6GyG3EOtrMIn7fwN56v68JNpNoHe_FMrYPKKZqjBfIzaH9KdziHvjcumN_xcqmSld7ytXa6rAcAWBf0r9Npdfkx8sdjyXW6xUY18KLRPg3Zj3JPlLZQZN3uiUfP45214DkvymueNtwYvSgck_tWwo8fVr_14g1qgVLw_fogOJL1pF1qEyPShPBbsBTmS3-imuqlsnusI2uo5cLN3XT0cXsp0Zujb--PuSwM-Ve2OpKny7KJj2gXmmxQboL-_fV7cZ445c3wgw6DpGK5Tqu56cVSSShvMwAZ2rBxqMQ86C_I9RYPak8vARpDzZIOwClFOg-aGR5oXYdmTfPDmvjoD_XKCyfQWTWx4qsq46cU80yokkzMLLj5lVXyumJB5ZB4C0XiPUnJLY3_mvccuGvKC00qxp5vtm4VuOu-nU24dAOOW-qS3Fyr-bWwJVI4n2PaYvZw7f8Hn5Y1EIalxYPITOJiULfTXlkYPgbIgMOPPlGNxnI9BgW72ZE

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac object| google_persistent_state_async object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots object| google_ama_state function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl boolean| googFloatingToolbarManagerAsyncPositionUpdate number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages function| $ function| jQuery string| errorname string| errornumber string| text string| link string| error string| cpa string| share object| cookieChoices object| google_llp object| googletag object| GoogleGcLKhOms object| google_image_requests

1 Cookies

Domain/Path Name / Value
.qal3a.online/ Name: __eoi
Value: ID=bff254a04a480758:T=1736488592:RT=1736488592:S=AA-AfjaT0AB8QDtDStCBq7fzXpgh

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blogger.googleusercontent.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fonts.gstatic.com
i.imgur.com
imf.qal3a.online
od-jsc.pages.dev
pagead2.googlesyndication.com
www.facebook.com
ep1.adtrafficquality.google
157.240.253.35
172.217.16.195
172.217.18.2
172.66.47.36
199.232.192.193
216.58.206.34
2a00:1450:4001:80b::2013
2a00:1450:4001:813::2001
2a00:1450:4001:827::2001
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
0a6b3b2583f0b9ea7da829409bcde3dc1641adb9092100bf2e1415d61cde46d6
0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849
1f0af91df03d9fc9fa4726b873962891b6ac30213c459d6b8644743ebe3269f1
2a508122371aaaa6e0893260e9f71f665192a55b5bd532aec6ef6da848d3c5e3
37be356d7131cbadfb089eb648cb3c1bd828b7a304e7d2563065e054b26a565a
39d8ba5c57b637434d21319acfa9fe2029cc88839cab8a4767b8854c60339921
50ff52e0b7c92330ec9b5cb0b1431540aadbbb22f02829d0411a28faa4d5db61
51feaaea725fee90dcf7d00e581b6076192c5245ded7c4ea3cf8bc8aa41a47fd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5ec73cf4d42170b4a8d173b35f0f1b9e2c73a5959fd4c905d0836a6a0612dcd8
6ae105772fd284edf68de7fa2853104045f08850327d5e0c0637ff4a4151b356
7b7cc49ed4945a43ca361ca9e327cd907f5520cec87858b820e02a6db6d55779
8163c139f394d10a920245789492fd2cc36aeac9e1c1b0690ff10fa3ea0ee148
8190eebd2e6b09698957abd28747eb1debddf8afcd2f40e69c31d25f07a02a7d
81d62c74016d8779cb91019934882095ad606798f3f32327fa4dadf9d023a4d5
842be935d39dcb195e58cafdaf280ac1088b22e48538b4946fe4fb18e9852706
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
983163f971593bcd09b71971f8cee6905a2bb8bfc104c68e1c8dacf69b308b08
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
d7971b3c5158ec54a3c2fbd6454ded2ef01c8921dc0467b0a1b138ac4bfe8a0b
d7d53656e2412f07140f30dd53b74f234a0b4db081621e8ff54199cbc6ce4897
e262f9cf00a1e067dde773a8983ca37650a3d608fd429cddc620b18ecd06e321
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99